Confidential computing keeps your data private from everyone during processing in the cloud.
To understand why this matters, you need to know about the three states of data security.
The Three States of Data and Their Protection
Data at rest: Files stored on servers or drives. Without protection, anyone with access to the storage system could read your files. Encryption solved this problem.
Data in transit: Information traveling across networks. Without protection, data could be intercepted as it moves between locations. Secure transmission protocols solved this problem.
Data in use: Information being actively processed, analysed, or worked on. This is where the gap used to exist.
End-to-end encryption (E2EE) pushed the solution forward by shifting processing to the client side - your local device handles the work, ensuring data never sits unencrypted in someone else’s infrastructure.
But client-side processing has limits. When large amounts of data need to be processed or analysed - datasets too big for a laptop, real-time collaboration requiring server resources, or multimedia rendering demanding compute power - you need cloud capabilities.
That’s where confidential computing fills the gap.
Why This Problem Exists
Many organisations can't use cloud-based tools for sensitive work because processing data in the cloud means trusting the cloud provider with access to it.
Government agencies won't use Microsoft Word Online or Google Docs for classified documents. Healthcare organisations can't process patient data in traditional cloud environments. Research institutions can't collaborate on sensitive datasets if it means exposing proprietary information to cloud vendors.
The reasons are clear:
• Cloud providers could access your data (intentionally or accidentally)
• Data could be subject to legal requests or subpoenas
• Misconfigurations could expose sensitive information
• AI systems could potentially train on your proprietary content
• Sharing controls are inadequate in many systems and can expose data to wider world
This is the same trust challenge organisations faced with cloud storage a decade ago. We solved that problem with end-to-end encryption and zero-knowledge architectures. Now confidential computing provides the same protection for data processing.
How Confidential Computing Works (The Simple Version)
The basic mechanism: Encrypted CPU and RAM.
When data is being processed, it needs to be in two places:
• The CPU (processor) runs the application code
• The RAM (memory) holds the data being worked on
Confidential computing creates a hardware-based Trusted Execution Environment (called a secure enclave) that encrypts both spaces.
The secure data path: Data is encrypted before it enters the secure enclave and remains encrypted until it's inside the protected environment. Only then is it decrypted for processing - using keys that only the enclave itself can access. This means data never travels or sits in an unencrypted state where the cloud provider could access it.
The key management: The encryption keys aren't accessible to the cloud vendor or even the service provider. They're only accessible to the customer, or they're destroyed entirely. If a key is lost or compromised, a new secure environment is created.
The verification system: There's a mechanism called "attestation" that continuously verifies the virtual machine is running in secure mode. If someone tries to disable this protection, all processing halts automatically to prevent data exposure.
The result: You can use cloud infrastructure without giving the cloud provider access to your data.
What You Can Do With Confidential Computing
Confidential computing enables use cases that were previously impossible in the cloud:
Document collaboration: Multiple agencies can work on sensitive files in real-time without trusting the underlying platform provider.
Multimedia processing: Server-side rendering of massive encrypted video and audio files that are too large to download locally for playback.
Dataset collaboration: Research institutions and private companies can combine, analyse, and search proprietary research data without exposing it to cloud vendors.
Example: One university was using decommissioned supercomputer hardware for air-gapped research infrastructure. With confidential computing, they can now do the same work online, securely, with modern cloud capabilities. It's the equivalent of air-gapped systems without the drawbacks, and it works with external collaborators who would never have access to air-gapped systems.
The Multi-Party Collaboration Advantage
Multi-party computing is the fastest-growing application segment in the confidential computing market, and it unlocks a powerful capability: keeping data confidential not only from cloud vendors, but also from your collaborators themselves.
The scenario: Two pharmaceutical companies are researching the same disease. Each has spent millions gathering proprietary data. They know that combining their datasets could lead to a breakthrough, but they can't expose their research to each other.
The solution: Confidential computing allows both parties to contribute data and get the combined results without either party seeing the other's underlying information.
This same model applies to:
• Intelligence agencies working collaboratively
• Financial institutions comparing fraud patterns
• Healthcare systems analysing patient outcomes across organisations
You can collaborate to find the same answer without exposing your proprietary intelligence or intellectual property.
How This Fits Into Complete Security
Confidential computing complements existing security approaches rather than replacing them.
DekkoSecure has been building zero-knowledge architecture for more than a decade, starting with messaging, then file sharing, eSignatures, and video conferencing. All these use client-side cryptography where the cloud was never trusted.
Confidential computing extends those capabilities to server-side processing: document collaboration, multimedia rendering, and data manipulation and analysis.
A complete workflow example: A document can be authored in a confidential computing environment with multiple people collaborating. Then it's shared using encrypted file sharing, signed with secure eSignatures, and discussed over encrypted video conferencing or messaging. Supporting video or audio materials can be played back in-app with secure server-side rendering. The entire collaboration lifecycle is protected.
One Question to Identify Your Use Case
Here's the simplest way to determine if confidential computing solves a problem for you:
What are you doing on-premises today that you wish you could do in the cloud, but can't because of confidentiality and security concerns?
That's your confidential computing use case.
The technology exists now through major cloud providers (AWS, Azure, Oracle) who offer confidential computing infrastructure. Service providers like DekkoSecure deliver complete solutions built on that infrastructure.
Current limitations: Confidential computing is primarily focused on CPU-bound tasks. While GPU-accelerated confidential computing exists for AI workloads and other graphics-intensive processes, the technology remains cost-prohibitive for most organisations.
The cloud transformation journey for compute is following the same path as storage. Organisations that were once afraid to move files off-premises now routinely use cloud storage with confidence. The same shift is happening with processing.