As we start the new year, it’s time to recap the biggest hits and breakthrough moments in Confidential Computing in 2024. From groundbreaking products to advances in AI, from cutting-edge infrastructure innovations to evolving regulations, the last year has been nothing short of transformative.
Confidential Computing has cemented its place as a cornerstone for trust. Whether it was powering the most advanced AI models securely, scaling multi-cloud infrastructure, or adapting to stringent global data privacy rules, the ecosystem grew bolder and more sophisticated.
I’ve focused this blog post into four categories:
- New product releases
- The rise of Confidential AI
- Emerging regulation, standards, and guidance
- Predictions for 2025
Let’s get started!
2024 saw several new product releases featuring Confidential Computing as a core functionality
I was excited to see the launch of several new Confidential Computing-powered products from industry leaders. Here’s some of the highlights.
We’re seeing the proliferation of security-oriented products using Confidential Computing to protect their customers’ data and limit the risk of insider threats:
- Dashlane added Confidential SCIM to their Confidential SSO product, ensuring that IT teams can easily manage the user lifecycle without compromising their security.
- ExpressVPN launched Dedicated IP so that users can get stable IP addresses, without making that privacy-sensitive information available to insiders.
- 1Password Extended Access Management enables more powerful reporting capabilities for customers, without exposing raw data to the cloud infrastructure.
It’s not just for security SaaS providers either - every company looking to improve security and privacy for their customers can benefit:
- Google launched Confidential Matching to improve data privacy in adtech
- Portal Labs improved their digital wallet transaction times by moving a security-sensitive prime number operation into Confidential Computing secure enclaves
- Check out this conference talk at the Confidential Computing Summit to hear about it in cofounder Parsa Attari’s own words.
- At Anjuna, we shipped 23 releases of our infrastructure platform Anjuna Seaglass and launched Anjuna Northstar to enable enterprises to combine diverse datasets, apply AI/ML analytics, and unlock hidden opportunities - without compromising security, privacy, or compliance.
Anjuna Northstar was actually just one of many exciting announcements in the world of Confidential AI. What else did we see?
Confidential AI is on the rise heading into 2025
Four of the biggest names in AI confirmed the importance of Confidential Computing in their strategy this year:
- Apple’s Private Cloud Compute brings powerful cloud-based AI capabilities to mobile devices, without compromising on user privacy.
- OpenAI put Confidential GPUs first on their list of key security investments for advanced AI infrastructure.
- Gartner added Confidential Computing (trusted execution environments) to the AI Trust Risk and Security Market (AI TRiSM) architecture. Distinguished VP Analyst Avivah Litan notes that “money is being spent […] and organizations are realigning to support these important capabilities” to manage AI risks and threats.
- NVIDIA made Confidential Computing for the GPU a reality through H100 Tensor Core GPUs.
- For example, the US Navy explored Confidential LLMs, powered by NVIDIA.
These use cases are racing from the drawing board to reality. It’s a quickly-evolving space - in Anjuna’s own benchmarks of Confidential LLMs, we saw large improvements in performance over just weeks, as H100-specific optimizations were added to core AI and ML libraries. I’d expect the model performance and throughput to continue increasing in the near future.
Confidential Computing hardware is also becoming more and more available, which makes it easier than ever to deploy Confidential AI. Last year, the big three cloud providers (Microsoft Azure, Google Cloud, and AWS) doubled down on their commitment to Confidential Computing for GPUs, as well as CPUs from Intel and AMD. And in the on-prem world, we’re seeing our customers prioritize Confidential Computing for hardware refreshes.
Regulators and standards bodies are recognizing the importance of Confidential Computing and data-in-use
In 2024, the growth in Confidential Computing was not limited to just software companies and cloud service providers. Regulators, standards bodies, and industry working groups are also adding it to their guidance.
- NIST published version 2.0 of the Cybersecurity Framework (NIST CSF), adding guidance to protect data-in-use.
- The Payment Card Industry Security Standards Council (PCI SSC) published PCI DSS v4.0.1, which includes several references to protecting data-in-use, including guidance on volatile memory like RAM as well as memory dump files.
- The US Federal CISO Council and Federal CDO Council published the Federal Zero Trust Data Security Guide, which explicitly mentions Confidential Computing as a tool to preserve privacy.
- The European Supervisory Authorities published the EU Digital Operational Resiliency Act (DORA), which mandates the protection of data-in-use and a multi-cloud strategy for major financial institutions.
- Similarly, the UK’s Prudential Regulatory Authority updated PRA SS2/21, which requires robust controls for data-in-memory.
- At Anjuna, we’ve previously written about PRA SS2/21 in our whitepaper.
- The Cloud Security Alliance released the Cloud Controls Matrix v4 (CCM v4), which mentions the importance of protecting data-in-memory and explicitly recommends Confidential Computing and trusted execution environments (TEEs) for both cloud service providers and their users.
The future of Confidential Computing is bright for 2025 and beyond
2024 was already a big year. At Anjuna:
- We launched our data collaboration solution Northstar to help enterprises like JUMO and Ascendo AI freely innovate and unlock new revenue streams.
- We shipped 23 releases of our infrastructure platform Anjuna Seaglass, including support for Openshift in Google Cloud and Azure Kubernetes Service; encrypted and integrity-protected disks for Confidential Containers; and improved attestation and encryption capabilities for AWS Nitro Enclaves.
- We raised a $25 million funding round to continue empowering enterprises to securely and privately process their data. And we’re seeing indications from the industry that there is more to come.
Here’s my four predictions for Confidential Computing in 2025:
- Attackers will continue to target data-in-memory, causing major damage to enterprises and government organizations - despite increasing awareness and regulatory attention.
- Confidential AI will hit the mainstream as vendors are inspired by Apple and others, and a new class of secure and private apps will emerge.
- In the EU, we’ll see a few minor fines issued for non-compliance with EU DORA. Although DORA allows for fines up to 2% of total annual revenue, I expect to see a ramp-up period of warning fines first, like we saw for GDPR.
- You (yes, you, the reader) will personally interact with an app powered by cloud-based Confidential Computing as an end user - without even realizing it. I’m looking forward to writing next year’s roundup already.
The last year flew by in a blur and brought so much innovation. So, let’s buckle up as we start a new one!
Not sure how to get started? Contact us at Anjuna Security.
Try free for 30 days on AWS, Azure or Google Cloud, and experience the power of intrinsic cloud security.
Start Free