··········

No Peeking: How Confidential Computing Lets Cloud Providers Process Your Data Without Decryption

August 11, 2025
by
No Peeking: How Confidential Computing Lets Cloud Providers Process Your Data Without Decryption
How Confidential Computing Lets Cloud Providers Process Your Data Without Decryption

Imagine being able to use all the power of the cloud on your most sensitive data without ever revealing that data – not even to the cloud provider’s administrators. That’s the promise of confidential computing, a rapidly growing approach to cloud security. In this in-depth report, we’ll demystify confidential computing for a general audience, covering what it is, how it works (in plain English), why it’s so important for cloud security and compliance, and how it keeps data safe even from insider threats. We’ll look at real use cases across industries, highlight which major cloud providers offer this technology, discuss its challenges and evolving standards, and review the latest developments (as of 2024–2025). Expert insights and quotes are included along the way. Let’s unlock the secrets of processing encrypted data in the cloud without peeking!

What Is Confidential Computing?

Confidential computing is a new paradigm in cloud and data security that keeps data protected even while it’s being processed, not just when it’s stored or transmitted. In traditional computing, data has to be decrypted (exposed as plaintext) in memory for processing. Confidential computing changes that by using special hardware-based secure enclaves so that data can be computed on in an encrypted or isolated form. In essence, it’s like having a locked safe inside a computer’s processor where sensitive data can be processed out of reach from prying eyes decentriq.com. This means cloud servers can perform computations on your data without the cloud provider (or anyone else) ever seeing the raw data.

Put another way, confidential computing enables “encryption-in-use.” We’ve long had encryption for data at rest (stored on disk) and data in transit (moving over networks). Confidential computing tackles the final frontier: data in use decentriq.com. By keeping data encrypted or isolated during active processing, it closes a critical gap in the data lifecycle. According to a May 2025 industry article, “More and more of the world’s most valuable data is processed in the cloud, but keeping that data private while it’s in use remains a major challenge… That’s where confidential computing comes in.” decentriq.com. In short, confidential computing allows organizations to leverage cloud computing and shared infrastructure without sacrificing privacy or control over their data.

How Does Confidential Computing Work?

Confidential computing is made possible by advances in hardware security – specifically, by using Trusted Execution Environments (TEEs), often nicknamed secure enclaves. A TEE is a protected, isolated area of a computer’s processor (CPU) with its own secure memory. Any data or code running inside this enclave is shielded from the rest of the system – including the operating system, hypervisor, other VMs, and even cloud provider administrators decentriq.com. Even if an attacker or a rogue admin has full access to a server, they cannot peek inside the enclave or tamper with its contents. The enclave’s memory is encrypted and access is tightly controlled at the hardware level.

Several modern CPU technologies implement TEEs to enable confidential computing. For example, Intel SGX (Software Guard Extensions) and AMD SEV (Secure Encrypted Virtualization) are widely used TEE technologies that create such secure enclaves in Intel and AMD processors decentriq.com. Intel SGX allows developers to carve out private enclaves within an application process, while AMD SEV encrypts entire virtual machine memory so that a VM’s data remains confidential even from the host hypervisor. Arm Confidential Compute Architecture (CCA) is another example, bringing enclave concepts to Arm-based chips decentriq.com. Major cloud providers also have their own implementations; for instance, AWS Nitro Enclaves are isolated VM environments for sensitive workloads on Amazon’s cloud decentriq.com.

Isolation is the first key principle of how confidential computing works. When data and code run inside a TEE enclave, they are sealed off from everything else on that machine. Think of it as running your computation in a secure vault that nothing outside can access. The hardware ensures that even if malware compromises the main operating system, the enclave’s memory remains unreadable and protected decentriq.com. Any attempt by a normal process or admin to inspect the enclave’s memory will fail or retrieve only encrypted gibberish. This hardware-enforced isolation drastically reduces the attack surface – even common attack vectors like many side-channel attacks are mitigated when implemented correctly decentriq.com.

Remote attestation is the second key component. Because the enclave is sealed off, you as a user need a way to trust what’s running inside it. Attestation is a mechanism where the TEE produces a cryptographic proof of its identity and the exact code it’s executing decentriq.com. For example, before you send your sensitive data into an enclave in the cloud, you can request an attestation report signed by the hardware. This report lets you verify (using the chip manufacturer’s certificate) that this is indeed a genuine enclave (not an emulation or malware), running the expected trusted code version. Only after verification will you release your decryption key or data to the enclave. Attestation gives strong assurance that the secure environment is intact and has not been tampered with, which is crucial for trusting a cloud-based enclave.

In practical terms, when you use confidential computing in the cloud, your data is sent encrypted to a special enclave within the CPU. There, the data is decrypted only inside the enclave and processed securely. The rest of the machine only ever sees encrypted data. Once computation is done, the enclave can output results (which might be encrypted again for storage). Because the data is protected at all times in memory, we achieve “processing without plaintext exposure.” As Google Cloud describes it, confidential computing means “data will stay private and encrypted even while being processed in the cloud.” cloud.google.com In other words, the cloud provider’s servers perform the calculations, but they are essentially “blind” to the actual values they are computing on.

Summary of key technologies: The industry has rallied around technologies like Intel SGX, Intel TDX (Trust Domain Extensions, for VM enclaves in newer Intel Xeon processors), AMD SEV and its latest variant SEV-SNP (Secure Encrypted Virtualization with Secure Nested Paging), and Arm CCA, among others decentriq.com. These provide the low-level isolation and memory encryption. Cloud providers build services on top of these (more on that later). It’s also worth noting that confidential computing differs from approaches like Fully Homomorphic Encryption (FHE) – with FHE one can compute on encrypted data purely via math (no decryption at all), but FHE is extremely slow for general use today. Confidential computing’s enclave model takes a more pragmatic hardware-assisted approach: data is decrypted inside the enclave for use, but thanks to the enclave’s protections, the surrounding system still can’t access it cloudsecurityalliance.org. This makes confidential computing currently far more practical for real-world workloads, while achieving a similar goal of processing data without exposing it to prying eyes.

Why Is Confidential Computing Important for Cloud Security and Compliance?

Moving sensitive data and workloads to the cloud offers huge benefits in scalability and collaboration, but it also raises a big question: Can we trust the cloud with our most sensitive information? High-profile data breaches, espionage, and even concerns about insider threats have made companies and regulators wary of simply handing over unencrypted data to cloud providers. Confidential computing directly addresses this trust gap by ensuring the cloud cannot see or alter your data during processing, which has enormous implications for security and compliance.

From a security standpoint, confidential computing significantly reduces risk in multi-tenant cloud environments. Even if an attacker somehow breaks out of their own VM or container, they still cannot access other customers’ enclave-protected data. Even if the cloud provider’s own administrators or technicians are compromised, they cannot read customer data protected by TEEs. This dramatically improves resilience against insider threats and advanced persistent threats. As one security expert put it, “Confidential computing significantly improves the security and privacy of cloud computing by ensuring that data is inaccessible and encrypted while in use.” ledidi.com.

For organizations in regulated industries – such as finance, healthcare, and government – confidential computing can be a game changer for compliance. Regulations like GDPR (in Europe) and various privacy laws require strict controls on personal data. In fact, regulators are increasingly recognizing the value of protecting data in use. In 2024, the European Union’s Digital Operational Resilience Act (DORA) explicitly mandated protection of data-in-use (for banks and financial entities) as part of its requirements anjuna.io. Similarly, updated guidelines from bodies like NIST (the U.S. National Institute of Standards and Technology) now include recommendations to safeguard data in memory and use, pointing to confidential computing as a solution anjuna.io. The Cloud Security Alliance’s latest Cloud Controls Matrix likewise recommends TEEs and confidential computing for cloud providers and users to meet security best practices anjuna.io. This momentum from policymakers means adopting confidential computing can help organizations meet emerging compliance obligations and demonstrate “privacy by design” (since even the cloud operator can’t access the plain data).

In practical terms, confidential computing lets organizations use cloud services for highly sensitive workloads that previously might have been kept on-premises. For example, banks can analyze encrypted financial data in the cloud without violating privacy laws, hospitals can use cloud AI on patient data without exposing patient records, and governments can leverage commercial clouds for classified or citizen data while maintaining sovereign control. It removes a key barrier to cloud adoption by solving the “we don’t trust the cloud provider with our unencrypted data” problem. As one industry analyst noted, confidential computing is becoming essential for sensitive AI and data workloads in the cloud, driven by the need to safeguard both the AI models and the data going into them utimaco.com.

Another reason confidential computing is important is its role in enabling new cloud collaboration scenarios. Because multiple parties can share and process data in a joint enclave without revealing their individual inputs to each other, it opens the door to things like secure data clean rooms and multi-party analytics. Companies can combine datasets to get insights (for example, for fraud detection or research) with assurance that each party’s raw data remains confidential. This ability to compute on joint data without mutual trust issues was previously very hard to do – now hardware enclaves make it feasible, unlocking valuable use cases in advertising, finance, and public research while preserving privacy decentriq.com, confidentialcomputing.io.

Finally, from a business perspective, confidential computing builds customer trust. Cloud providers that offer this can say: “Not even our own admins or the underlying cloud software can access your data – only you can.” That promise is powerful. It shifts the trust model from having to trust a whole organization (and all its people and software) to just trusting a small hardware module and verified code. Many believe this zero trust approach within the cloud will be a cornerstone of cloud security moving forward, especially as threats evolve.

Shielding Data from Insider Threats – Even Cloud Admins Can’t Peek

A major motivation for confidential computing is to defend against insider threats and curious or malicious administrators at the cloud service provider. In a traditional cloud scenario, a cloud provider’s sysadmin with sufficient privileges (or an attacker who hijacks those privileges) could potentially snoop on customer VMs or data in memory. This could be done via debugging tools, by dumping memory, or through malicious firmware. Such insider risks are not just theoretical – they’re a real concern for anyone entrusting sensitive crown-jewel data to third-party clouds.

Confidential computing provides a strong remedy: when using TEEs, even the cloud’s own admins cannot access customer data or code inside the enclave. The enclave’s memory is encrypted with keys that reside within the CPU hardware itself, and those keys are not accessible to any software or personnel. For example, an AMD EPYC processor with SEV will encrypt VM memory such that the hypervisor (managed by the cloud provider) only sees ciphertext. There is no “master decryption key” that a cloud admin can use to arbitrarily unlock the enclave – the keys are generated in hardware and never leave the secure processor boundary cloud.google.com.

As a result, using confidential computing is like putting your application in a locked strongbox that only you (via your application code) can open, not the cloud operator. One confidential computing firm analogized it this way for cloud customers: “Your entire cloud deployment is shielded from the infrastructure. Even datacenter employees or cloud admins cannot access any data.” edgeless.systems. In other words, you can use a public cloud as if it were your own private cloud inside a vault. Another source emphasizes that with confidential computing, “data is always encrypted and you stay in full control, even while using third-party infrastructure” edgeless.systems. This drastically limits insider risk.

This protection also means that if law enforcement or any other third party tried to compel a cloud provider to hand over your data, the provider technically cannot* hand over plaintext data they have no access to. All they could provide is encrypted blobs (assuming you, the customer, don’t share your enclave keys). This is appealing for organizations worried about unauthorized access or espionage – it gives them technical control over data access, not just policy promises from the provider.

A real-world example of internal threat mitigation is how password managers and VPN providers have adopted confidential computing to protect sensitive info from their own infrastructure. In 2024, password manager 1Password launched an analytics feature that uses enclaves so that even their cloud backend can’t see the raw passwords or secrets being analyzed anjuna.io. Similarly, Dashlane used confidential computing to make sure even IT admins managing enterprise logins can’t spy on the credentials anjuna.io. A VPN provider, ExpressVPN, started using enclaves so that data about users’ dedicated IP addresses remains invisible to insiders anjuna.io. These moves show how companies are proactively using confidential computing to limit insider access, even when the “insider” is their own cloud-hosted service. It’s a powerful guarantee to offer to security-conscious customers.

In short, confidential computing shifts the security model to “trust no one but the enclave.” It protects against cloud provider insiders, cloud platform bugs, and even some hardware-level attacks. So even if an attacker had full root or physical access to the server, your data would remain safe if it’s inside a properly implemented TEE. This capability – to effectively outsmart root access – is what makes confidential computing a revolutionary development in cloud security.

Use Cases and Industry Adoption

Confidential computing is already being used in a variety of industries and scenarios where data sensitivity is paramount. Here are some prominent use cases and sectors adopting this technology:

  • Financial Services: Banks and financial institutions handle extremely sensitive customer data and trade secrets. They are using confidential computing to do things like secure multi-party analytics (e.g. two banks comparing fraud data without exposing customer info to each other) and to move core banking workloads to the cloud securely. For instance, confidential computing can enable credit scoring or fraud detection on encrypted datasets from multiple sources. It also helps meet strict regulations – a major European bank could use a cloud-based enclave to process EU customer data while proving compliance with data sovereignty rules. In fact, the finance sector has been an early adopter; experts note growing interest from finance to “unlock value from data without compromising privacy or compliance” decentriq.com.
  • Healthcare and Life Sciences: Hospitals, researchers, and pharmaceutical companies are beginning to leverage confidential computing to collaborate on medical data. Privacy-preserving health data analysis is a key use case – for example, multiple hospitals can pool patient data to develop better AI diagnostic models, with each hospital’s data encrypted in use so that neither the cloud nor the other hospitals ever see each other’s raw records. This helps address the sensitive nature of health records under laws like HIPAA. With confidential computing, a cloud can run genome sequencing or clinical analytics on patient data that remains encrypted, thereby accelerating medical research without violating patient privacy.
  • AI and Machine Learning: As AI models grow in importance (and size), so do concerns about the data and the models’ intellectual property. Confidential computing is increasingly seen as essential for AI in the cloud. Companies want to use powerful cloud GPUs to train or run AI models on sensitive data (e.g., personal user data or proprietary datasets) but fear leaks. Using enclaves, one can perform machine learning on encrypted or confidential data – for example, running an AI inference on a customer’s encrypted personal data so that the AI service never sees the plaintext. It also protects the AI model itself from theft when running on shared hardware. Industry trends in 2024 showed “Confidential AI” on the rise: Apple, for instance, announced privacy-preserving cloud AI for iPhones using this concept, and OpenAI prioritized confidential GPU capabilities to secure their advanced AI infrastructure anjuna.io. Even the U.S. Navy explored running large language models in enclaves to keep them secure anjuna.io. All of this points to enclaves becoming a standard part of the AI tech stack, ensuring that AI can leverage sensitive data without exposing it.
  • Cross-Company Analytics and Data Clean Rooms: In advertising, tech, and research, organizations often need to share data or jointly compute on data, but legal and privacy concerns prevent direct sharing. Confidential computing enables data clean rooms where multiple parties can contribute data that gets encrypted and analyzed collectively in an enclave. For example, an advertiser and a publisher could match and analyze user interaction data to measure an ad campaign’s performance, but thanks to the enclave, neither party sees the other’s raw data – they only see aggregated results. The advertising industry (under pressure to protect user privacy) is piloting such confidential clean rooms decentriq.com. Similarly, government agencies can combine data (e.g., tax records with welfare data) to get insights without breaching confidentiality. These scenarios were nearly impossible before; now they’re becoming reality with confidential computing.
  • Public Sector and Defense: Government bodies that want to use commercial clouds but fear foreign or external access are exploring confidential computing. For instance, a defense department could run sensitive workloads in a public cloud enclave, confident that even the cloud provider’s admins (or other nation-state actors) can’t read the data. We see early adoption in projects for secure government cloud and defense analytics. As one German public-sector case study showed, deploying confidential computing in a sovereign cloud allowed government applications to run in the public cloud while ensuring digital sovereignty – data remained encrypted at runtime “even from cloud admins,” fulfilling strict national security requirements edgeless.systems.
  • Blockchain and Cryptography Services: Some cryptocurrency and blockchain platforms use confidential computing to secure private keys and transactions. For example, confidential enclaves can protect cryptographic key management systems or enable secure multiparty computation for crypto custodial services, ensuring that keys are never exposed in memory even during use. This is useful for exchanges, wallets, or any service where the compromise of a key could be catastrophic.
  • Intellectual Property Protection: Companies with proprietary algorithms or data (think of a secret recipe or a sensitive analytics algorithm) can use enclaves to run those algorithms on a cloud or partner’s systems without revealing the algorithm’s code or the input data. This is useful in scenarios like joint ventures or outsourcing computations – the owner of the IP knows it’s executed in a black box enclave where the partner only sees approved outputs. It’s a way to monetize or utilize data and code securely. For example, a startup could allow a client to run queries on its proprietary dataset via an enclave; the client gets the insight, but never accesses the raw data itself.

These are just a few examples. Other sectors like telecommunications, media, insurance, and even cloud gaming are eyeing confidential computing where applicable. The common thread is: wherever data is highly sensitive or valuable, and trust is a barrier to using the cloud or sharing data, confidential computing can help by technically guaranteeing confidentiality during processing. This broad applicability is why forecasts predict explosive growth for this field. Analysts predict that confidential computing will grow from a nascent market into a multi-billion-dollar staple in cloud services over the next decade, as organizations in many sectors embrace the technology prnewswire.com.

To illustrate the momentum, here’s a quote from a senior product manager at a confidential computing firm about recent adoption trends: “We’re seeing growing adoption from healthcare, finance, and media partners who need to unlock value from their data without compromising privacy or compliance. The ability to prove that data stays protected throughout its entire lifecycle is a game-changer.” decentriq.com. This underscores how industries handling sensitive data view the technology as transformative – a “game-changer” enabling new projects that were previously stalled by privacy concerns.

Major Cloud Providers Offering Confidential Computing

The major cloud service providers have all embraced confidential computing in various forms, integrating TEEs into their platforms. Here’s a look at how the top cloud providers offer confidential computing solutions:

  • Microsoft Azure: Microsoft has been a pioneer in confidential computing. Azure offers Confidential VMs that run on hardware supporting SEV-SNP (for AMD-based VMs) and Intel SGX in special VM types (for enclaves on Intel hardware). For example, Azure’s DCsv2 and DCsv3 series VMs come with Intel SGX enclaves for developers who want per-application enclaves. Azure also introduced Confidential VM options (DCasv5/ECasv5 and newer) where entire VM memory is encrypted with AMD SEV by default – meaning even Azure can’t read it. Additionally, Azure provides services like Azure Confidential Ledger (a blockchain ledger running in enclaves for tamper-proof records) and is previewing Confidential Containers and Azure Confidential Clean Rooms for secure multiparty analytics. Microsoft’s investment is ongoing: in 2024 they announced the DCa v6 and ECa v6 VM series using 4th Gen AMD EPYC processors with improved confidential computing capabilities techcommunity.microsoft.com, and in 2025 Azure began previewing Intel TDX-based Confidential VMs using Intel’s 5th Gen Xeon processors (Emerald Rapids) techcommunity.microsoft.com. In short, Azure’s strategy is to make enclave technology available across VMs, containers, and even specific managed services. Azure CTO Mark Russinovich has noted that their goal is to extend confidential computing “across all Azure services” eventually, underscoring its importance.
  • Google Cloud: Google Cloud has integrated confidential computing into its infrastructure by offering Confidential VMs as a simple checkbox when launching VMs. Google’s Confidential VMs run on AMD EPYC processors with SEV, meaning all memory of the VM is encrypted with keys that even Google doesn’t control cloud.google.com. Google touts that customers can “encrypt data in use without any code changes” and with minimal performance impact cloud.google.com. Beyond VMs, Google expanded the tech to other services: Confidential GKE Nodes allow Kubernetes clusters to have encrypted-memory worker nodes cloud.google.com, Confidential Dataproc and Confidential Dataflow enable big data and pipeline processing on confidential VMs cloud.google.com, and Confidential Space is a Google Cloud solution for multi-party computation, where parties can jointly analyze data in a secure enclave with “hardened protection against cloud provider access” cloud.google.com. Google has also worked with NVIDIA to offer Confidential GPUs – for instance, Confidential VMs combined with NVIDIA H100 GPUs so that data stays encrypted even in the GPU memory during AI processing cloud.google.com. A case study highlight: fintech and healthcare companies have used Google’s confidential cloud to meet stringent data protection needs cloud.google.com, and one customer (Zonar) leveraged Confidential VMs to satisfy EU GDPR requirements for data privacy cloud.google.com. In summary, Google’s approach focuses on making confidential computing easy to use (just a setting toggle) and broadening it to as many cloud products as possible, from VMs to analytics, to foster new “confidential collaboration” scenarios cloud.google.com.
  • Amazon Web Services (AWS): AWS has implemented confidential computing primarily through its Nitro system. The AWS Nitro architecture already isolates the hypervisor on a dedicated chip, which provided a foundation for enhanced security. Building on this, AWS introduced Nitro Enclaves – a feature that allows you to carve out an isolated compute environment from an EC2 instance aws.amazon.com. A Nitro Enclave has no persistent storage, no external networking, and no operator access (even no SSH), making it highly secure for handling sensitive data d1.awsstatic.com. Customers can offload jobs like decrypting secure data, processing PII, or handling private keys into these enclaves. AWS also provides an attestation framework and even a NitroTPM (virtual TPM module) for enclaves to facilitate cryptographic attestations aws.amazon.com. In addition to enclaves, AWS offers AWS Key Management Service (KMS) integration with enclaves so that decryption keys are only released to attested enclaves. While AWS does not (yet) have a generic “Confidential VM” toggle like Azure or GCP, it uses Nitro Enclaves and Nitro-protected instances to achieve similar goals. AWS re:Invent conferences in 2023 and 2024 emphasized protecting data in use with Nitro, and AWS has received independent validation of its Nitro System’s confidential computing capabilities aws.amazon.com. In practice, companies have used Nitro Enclaves for things like processing financial transactions securely or doing machine learning inference on sensitive data (AWS has blogged about running privacy-sensitive NLP models inside enclaves aws.amazon.com). So AWS’s confidential computing model is centered on isolating sensitive tasks in hardened enclaves attached to EC2 instances.
  • IBM Cloud: IBM has a long history with secure enclaves (stemming from its mainframe and POWER architectures). In IBM Cloud, the flagship offering is IBM Cloud Hyper Protect Virtual Servers and Crypto Services, which run on IBM LinuxONE (a mainframe-based system with secure enclave technology). These allow customers to run Linux VMs where data in memory is encrypted and even IBM cannot access the keys – IBM advertises it as “Keep Your Own Key” since not even IBM’s admins can get to customer encryption keys. IBM’s approach is often slightly different (relying on IBM’s proprietary hardware security module integrated with the server), but it aligns with confidential computing goals. IBM is also a member of the Confidential Computing Consortium and contributes to open-source projects in this space. For our purposes, IBM Cloud’s offering is specialized, targeting industries like banking (to meet FIPS and financial regs). IBM’s Cloud Data Shield (beta) was another service using Intel SGX to secure container workloads. While IBM’s share of the public cloud market is smaller, it is significant that they push “fully homomorphic encryption and confidential computing” for clients needing extreme security. Enterprises that already trust IBM for secure hardware see IBM Cloud’s confidential computing as an extension of that on cloud.
  • Other Cloud Providers: Other major players include Oracle Cloud, which introduced Oracle Cloud Infrastructure (OCI) Confidential VMs using AMD SEV for memory encryption, and Alibaba Cloud, which has launched enclaves based on Intel SGX for its customers in Asia. Alibaba, for example, offers an “Enclave Service” for secure container execution. These offerings show that the trend is industry-wide. Many of these providers (Oracle, Alibaba, Tencent, etc.) are members of the industry’s Confidential Computing Consortium (CCC), indicating their commitment. The CCC has over 30 member organizations (as of mid-2025) including these cloud providers and tech firms, all collaborating on standards and adoption decentriq.com. Even smaller cloud and edge providers have started to include confidential computing options to cater to privacy-focused clients.

In summary, if you’re using a top cloud platform in 2025, you likely have the option to enable confidential computing features. Whether it’s called Confidential VMs, Nitro Enclaves, or another brand name, the concept is similar: the cloud vendor provides a hardware-isolated environment where your data stays encrypted to the outside world cloud.google.com. This technology is quickly moving from experimental to mainstream. In fact, Google noted that confidential VMs are a “breakthrough” allowing scenarios previously not possible cloud.google.com, and all major clouds are actively improving their offerings (e.g., adding GPU support, integrating with managed databases, etc.). Competition among cloud providers is helping drive more user-friendly and powerful confidential computing services across the board.

Challenges, Limitations, and Evolving Standards

Confidential computing is powerful, but it’s not a silver bullet – it comes with challenges and limitations that are important to understand, and it’s an evolving field with active development on standards and best practices.

Technical Challenges & Limitations: First, while TEEs dramatically improve security, they are not invulnerable. Researchers have demonstrated various side-channel attacks on enclave technologies (for example, inferring enclave data through observing access patterns, or exploiting speculative execution flaws). Intel SGX in particular saw a number of academic attacks (like Foreshadow, Plundervolt) that led to patches and refinements. Newer technologies like AMD SEV-SNP and Intel TDX aim to close many known vulnerabilities (e.g., by protecting memory integrity and mitigating certain side channels), but attackers are continuously looking for weaknesses cloudsecurityalliance.org. A poorly written application can also leak data inadvertently (say via its output or access patterns) even if the enclave itself is secure cloudsecurityalliance.org. So developers must still follow secure coding practices; confidential computing doesn’t automatically make an insecure app secure.

Another limitation is performance and resource constraints. Early TEEs (like Intel SGX) had very limited memory sizes for enclaves and added overhead to context switches and memory encryption. This could make heavy workloads run slower. Newer generations and approaches (encrypting entire VM memory) have reduced the overhead significantly – often the performance hit is just a few percent to perhaps 10%, which many deem acceptable for the security gain. However, some tasks that involve frequent enclave transitions or large secure memory allocations can still incur performance costs. There’s also the matter of hardware availability: not every cloud server has the latest TEE-capable CPU. Over time this is becoming moot as cloud providers upgrade infrastructure, but organizations must ensure their cloud region and instance type support the confidential features they need.

Operational complexity is a consideration too. Using confidential computing might require changes to how applications are deployed or managed. For example, standard debugging and monitoring tools might not work inside enclaves without special adaptation (since enclaves are isolated). Key management becomes crucial – you need a strategy for provisioning secrets to enclaves (often involving a key management service and attestation). Some early adopters found the development ecosystem for enclave apps to be tricky, though it’s improving with better SDKs and services. The good news is that cloud providers are trying to abstract this complexity (for instance, allowing one-click confidential VMs that don’t require code changes cloud.google.com). Still, organizations considering confidential computing should be prepared for some integration effort and learning curve for their IT teams.

Trust considerations: Confidential computing shifts trust from software to hardware, which raises the question: do you trust the CPU vendor? Using a TEE means you trust that Intel or AMD (or whoever made the chip) implemented it correctly and isn’t compromised themselves. Some skeptics point out that this creates a dependency on the silicon supply chain and the vendor’s security (for instance, if a government pressured a chip maker to include a backdoor, theoretically even enclaves could be undermined). In practice, Intel and AMD publish details on their enclave implementations and get third-party audits, and the industry consensus is that the risk is low and the benefits outweigh it. But it’s a factor to acknowledge: the root of trust in confidential computing is the hardware itself, so one must trust the hardware manufacturer and ensure proper firmware updates are applied to patch any found vulnerabilities.

Compliance and interoperability: While regulators are starting to appreciate confidential computing, there aren’t yet universal standards on how attestation should be proven for compliance audits, or how different cloud TEEs interoperate. Standards bodies and consortia are working on it. The Confidential Computing Consortium (CCC), a Linux Foundation project, is bringing together industry players to define common mechanisms and APIs so that, for example, an application could run in an enclave on any compatible hardware or cloud decentriq.com. Efforts are also underway to standardize attestation formats (so that one could use a single attestation verification service across clouds). As the tech matures, we expect clearer standards for certifying confidential computing solutions, potentially even government certifications. In 2024 there were discussions in the CCC about possibly creating a certification program for products and solutions that meet certain enclave security criteria confidentialcomputing.io.

Evolving hardware and software: On the bright side, many limitations are being addressed by next-generation technologies. For instance, Intel’s new TDX technology (available in 4th and 5th Gen Xeon processors) moves the enclave concept to entire VMs with hardware-isolated virtual machines – this greatly increases memory limits and makes lift-and-shift of legacy apps easier (they can run in a confidential VM without code mods). AMD’s SEV-SNP adds memory integrity protection to prevent even sophisticated attacks that try to replay or alter encrypted memory. Confidential GPUs are now emerging, led by NVIDIA’s Hopper H100 GPUs that support encrypted execution of GPU workloads anjuna.ioanjuna.io. This is huge for machine learning use cases. By 2025, all the “big three” cloud providers had announced support for confidential computing on GPUs to keep AI data secure in GPU memory as well anjuna.io.

The software ecosystem is also evolving: there are now easier tools and frameworks for enclave development (e.g., Microsoft Open Enclave SDK, Intel SGX SDK, runtimes like Graphene, Occlum, Enarx for running unmodified apps in TEEs, etc.). Container orchestration systems like Kubernetes are gaining features to schedule workloads into confidential containers or nodes decentriq.com. This means in the future using an enclave might be as simple as adding a flag to a Kubernetes pod spec, and everything else is handled under the hood.

Emerging Standards: The industry is actively working on standards like TEE attestations (e.g., DICE, RATS), and exploring integration with broader security architectures (for example, how confidential computing complements zero-trust networks and identity management). Confidential Computing is also intersecting with other privacy tech: we see designs combining enclaves with techniques like homomorphic encryption or secure multi-party computation to cover all bases (as noted by an ABI Research analyst, success in this market may come from solutions that blend confidential computing with other privacy-enhancing technologies to balance different aspects of input/output privacy prnewswire.com).

To sum up, while confidential computing is very promising, one should be mindful of its current limitations. It’s not magic invisibility pixie dust – you must use it correctly and stay updated on hardware improvements and patches. There is also a cost aspect: some enclave-enabled CPUs or instances cost a premium (though prices are coming down as it scales). And some use cases (especially those requiring complex sharing of data) may need careful architecture to realize the benefits. However, the trajectory is clearly towards more robust, standardized, and widely available confidential computing solutions. Industry collaboration through bodies like the CCC and support from hardware makers ensure that each generation is more secure and easier to use than the last decentriq.com.

As one expert noted, “While confidential computing is still in its early stages, the market is at a turning point due to key advancements in both hardware and software.” Innovations like GPU support and hardware-agnostic enclave frameworks are expanding its capabilities prnewswire.com. By addressing current challenges, the community is steadily pushing confidential computing into the mainstream as a standard component of secure computing infrastructure.

Recent Developments (2024–2025)

The past two years (2024–2025) have seen rapid advancements and growing momentum in confidential computing. Here are some of the notable recent developments and news:

  • Expansion to AI and GPU Workloads: A major trend has been the application of confidential computing to AI. In 2024, NVIDIA introduced support for confidential computing on GPUs (specifically in their H100 data center GPUs) anjuna.io. This allows sensitive AI model inference and even training to occur with data encrypted in the GPU’s memory. Companies like OpenAI have highlighted this as crucial for protecting AI model weights and user data anjuna.io. By mid-2025, all top cloud providers (AWS, Azure, Google) had announced or deployed offerings to support confidential AI workloads using NVIDIA GPUs in their clouds anjuna.io. For example, Google Cloud’s Confidential VMs with H100 GPUs became available, and Azure and AWS partnered with NVIDIA on similar initiatives. This development is significant because it extends confidential computing beyond CPUs to the accelerators that power modern AI – meaning even large-scale AI services can be run with data-in-use protection. As an extension of this, there’s a whole sub-field emerging called “Confidential AI,” and early benchmarks show the performance gap closing for machine learning tasks in enclaves anjuna.io.
  • New Product Launches and Services: 2024 saw numerous products launching with confidential computing as a core feature. For instance, Google launched Confidential Space for privacy-preserving data collaboration (noted earlier) and Confidential Matching for secure ad-tech data matching anjuna.io. Startups and security vendors also rolled out solutions: we mentioned Dashlane, 1Password, ExpressVPN integrating TEEs into their services anjuna.io. Big enterprise tech firms are not standing aside either – Microsoft even migrated one of its critical internal services (Windows licensing) to run on Azure Confidential Computing infrastructure as reported in 2025, showing their confidence in the tech for mission-critical workloads techcommunity.microsoft.com. Cloud providers have also been steadily improving their confidential computing portfolios: e.g., Azure released a preview of Confidential Clean Rooms for secure multi-party analytics in late 2024 techcommunity.microsoft.com, and continues to add features like support for managed HSM-backed keys for confidential VMs techcommunity.microsoft.com. The takeaway is that confidential computing is moving from niche to a default offering in many products – it’s increasingly something companies advertise to differentiate their security.
  • Regulatory and Standards Progress: There have been big moves in the policy and standards arena, essentially validating confidential computing’s importance. In addition to EU’s DORA law (mentioned earlier) which took effect in early 2025 requiring financial entities to protect data in use anjuna.io, the U.S. Federal Government included confidential computing in its official zero-trust data security guidance in late 2024 anjuna.io. We’ve also seen PCI DSS 4.0 (the Payment Card Industry data security standard) update its guidance to cover encryption of data in memory/during processing anjuna.io – a nod towards confidential computing for credit card data environments. The Confidential Computing Consortium has grown with new members (for example, in 2025 companies like the SIMI Group joined to focus on healthcare data security confidentialcomputing.io) and is driving cross-industry collaboration. NIST’s Cybersecurity Framework 2.0 in 2024 explicitly added recommendations to protect data-in-use anjuna.io. All these shifts indicate that confidential computing is no longer just “nice-to-have”; it’s being seen as a necessary component of a robust security posture, and in some cases a legal requirement. This is spurring organizations to explore deployments proactively.
  • Market Growth and Investment: Analysts and market research firms have dramatically raised their projections for confidential computing. A 2025 report from ABI Research estimated the overall confidential computing market revenue could reach $160 billion by 2032 with over 40% annual growth, fueled by adoption in both hardware and cloud services prnewswire.com. (Some other forecasts are even more bullish, projecting $250B+ by early 2030s fortunebusinessinsights.com, though definitions vary.) There has been significant venture capital investment into startups focusing on confidential computing solutions and “confidential AI.” For instance, in late 2024 and early 2025 startups like Anjuna, Edgeless Systems, and Fortanix (all key players in this space) raised new funding rounds to accelerate development anjuna.io. The Confidential Computing Summit and Open Confidential Computing Conference (OC3) have become annual gatherings, with the 2025 events drawing record attendance and showcasing new tech demos from big companies (even Apple presented their take on private AI computing) anjuna.io. All this activity underscores a consensus that this technology is poised to transform cloud computing. As one ABI Research analyst commented, “Confidential computing is approaching a turning point due to advancements in hardware and software… [It] has reignited demand, especially for AI and ML applications.” prnewswire.com.
  • Real-World Adoption Milestones: We’re also seeing the first large-scale deployments go live. By 2025, multiple Fortune 500 companies have confidential computing in production for key workloads. To give a couple of examples: BMW (the automaker) publicly shared how they use Azure Confidential VMs to protect identity data and credentials in their cloud systems techcommunity.microsoft.com. Healthcare providers have started moving patient record processing to confidential cloud environments after pilot programs proved viable, as highlighted in a Google Cloud blog where confidential computing enabled a healthcare system to confidently use cloud AI on patient data cloud.google.com. Government adoption is picking up too – the US Department of Defense has experimented with confidential computing for sensitive analytics, and as mentioned, the German government’s digital services have begun using it via providers like STACKIT edgeless.systems. These concrete use cases show that the technology isn’t just confined to labs or demos; it’s solving real problems in production.
  • Integration with Other Tech: Another 2024–2025 trend is confidential computing blending into broader solutions. For example, confidential containers became a hot topic – using enclave tech to secure entire containers. Red Hat and others have projects to support “confidential pods” in OpenShift and Kubernetes, aligning with the idea of seamless enclave use in cloud-native apps anjuna.io. Also, confidential computing is being combined with multi-party computation (MPC) and homomorphic encryption in some advanced solutions, to provide end-to-end encrypted workflows. While enclaves protect data during processing, MPC can distribute trust among multiple parties, and FHE can protect outputs; companies are exploring combining these so that even results can sometimes be kept partially confidential. These are cutting-edge experiments but illustrate the creative ways people are extending the benefits of confidential computing beyond its initial scope.

Overall, the recent developments paint a picture of accelerating adoption and maturation. In 2024, Gartner even added confidential computing (TEE technology) to its recommended toolbox for AI security and trust, noting that organizations are investing heavily here anjuna.io. Perhaps one of the most telling signs: cloud providers are beginning to enable confidential computing by default for some services. We’re not far from a future where you might use a cloud database or serverless function and behind the scenes it’s executing in a secure enclave automatically, without you even knowing. The year 2025 and beyond will likely bring more of these “invisible” deployments, fulfilling one expert’s prediction: “You… will personally interact with an app powered by cloud-based confidential computing as an end user – without even realizing it.” anjuna.io.

Expert Opinions and Quotes

To wrap up, let’s highlight a few expert insights on confidential computing and its impact:

  • Aisling Dawson, Industry Analyst at ABI Research (April 2025): “Confidential computing is poised to become essential for data protection, bolstered by other privacy technologies… GPU-based confidential computing has reignited demand, especially for AI and ML applications. The shift toward hardware-agnostic solutions that extend enclave protection across ecosystems will drive revenue opportunities beyond just processor providers. ”prnewswire.com (This underscores how recent advancements, like enclaves for GPUs and broader ecosystem support, are dramatically increasing interest and market growth in this field.)
  • Nikolaos Molyndris, Senior Product Manager at Decentriq (2025): “We’re seeing growing adoption from healthcare, finance, and media partners who need to unlock value from their data without compromising privacy or compliance. The ability to prove that data stays protected throughout its entire lifecycle is a game-changer.” decentriq.com (Here an industry practitioner notes that organizations across sectors view confidential computing as transformative, enabling them to use data that was previously off-limits for cloud analytics due to privacy concerns.)
  • Avivah Litan, Distinguished VP Analyst at Gartner (2024): Confidential computing (trusted execution environments) was added to Gartner’s AI Trust framework, noting that “money is being spent” in this area and organizations are realigning to support these capabilities to manage AI risks anjuna.io. (This highlights that big enterprises are financially committing to confidential computing, particularly as part of securing AI – it’s becoming a strategic priority.)
  • Edgeless Systems (Public Sector case study, 2025): “With confidential computing, data is always encrypted and you stay in full control, even while using third-party infrastructure… even datacenter operators and cloud providers cannot access any data.” edgeless.systems (This quote encapsulates the core value proposition in simple terms: always-encrypted data and full control, which resonates strongly with governments and anyone worried about insider threats or foreign jurisdiction issues.)
  • Utimaco (Cybersecurity firm) blog (Jan 2025): “Given [the growth of cloud AI], there will be a significant boost in confidential computing adoption, driven by the growth of AI processing in the cloud.” utimaco.com (This is an expert prediction aligning with what we’ve seen – as AI goes to the cloud en masse, the need to secure those AI processes via TEEs is expected to skyrocket.)

These voices all agree on one thing: confidential computing is a big deal for the future of cloud and data security. It’s not just hype – it’s being viewed as a fundamental shift in how we protect data during computation, with real investments and momentum behind it.

Conclusion

Confidential computing represents a paradigm shift in cloud computing – it allows data to remain protected even while it’s being used. By leveraging hardware-based secure enclaves (TEEs), this technology mitigates long-standing concerns about cloud security, insider threats, and regulatory compliance. We’ve explored how it works (isolating data in encrypted enclaves and using attestation to establish trust), why it’s crucial (enabling cloud adoption for sensitive workloads and meeting compliance needs), and how it thwarts even powerful insiders like cloud admins from accessing your information. We also looked at the flourishing ecosystem: industries from finance to healthcare are unlocking new use cases with confidential computing, and all major cloud providers now offer it in one form or another.

Like any emerging technology, there are challenges to address – from performance overhead to the need for robust standards – but the trajectory is clearly toward broader adoption and improvement. Recent developments in 2024–2025 show rapid progress, with confidential computing expanding to GPU-accelerated AI, becoming intertwined with data privacy regulations, and earning endorsement from industry leaders. The consensus among experts is that confidential computing is evolving from a niche, “nice-to-have” option to an essential pillar of cloud security in the coming years.

For businesses and the public, the appeal is straightforward: you should be able to use the cloud’s immense capabilities without forfeiting the privacy of your data. Confidential computing is the breakthrough making that possible. It effectively says you don’t have to choose between leveraging the cloud and keeping secrets – you can do both. As this technology matures, we can expect cloud services to offer stronger guarantees that “what happens in the enclave, stays in the enclave.”

In summary, confidential computing enables a future where encrypted data can be computed on directly in the cloud’s high-performance environment with zero trust in the host infrastructure. That is a profound change in the trust model of computing. It empowers organizations to collaborate and innovate on sensitive data safely, unlock value from previously untouchable datasets, and sleep a little easier knowing that even their cloud provider can’t peek under the hood. With big players backing it and standards emerging, confidential computing is quickly becoming a cornerstone of modern data privacy and cloud security strategies.

Sources: This report drew on information from cloud provider documentation, industry consortiums, and expert analyses, including Google Cloud’s description of Confidential VMs cloud.google.com, the Decentriq confidential computing overview decentriq.com, insights from the Confidential Computing Consortium and recent newsletters anjuna.io, and updates highlighted by Anjuna Security’s 2024 industry roundup anjuna.io, among others. These and additional cited sources provide further details and examples for readers interested in exploring the topic more deeply.

Confidential Computing: The Future of Cloud Security 2
Watch this video on YouTube.

Mateusz Brzeziński

Don't Miss

The New Gold Rush: How Asteroid Mining Could Create Trillionaires and Change Earth’s Future (2025 Update)

The New Gold Rush: How Asteroid Mining Could Create Trillionaires and Change Earth’s Future (2025 Update)

Imagine a rock in space worth more than the entire
The Hydrogen Storage Revolution: Unlocking Clean Energy’s Missing Link

The Hydrogen Storage Revolution: Unlocking Clean Energy’s Missing Link

Hydrogen is often touted as the “fuel of the future”