If you wire together existing cloud technologies and a few conventions just right you get a kind of alchemical change.

· Bits and Bobs 7/8/24

You get something you might call Private Cloud Enclaves.

Think of a Private Cloud Enclave as your turf, in the cloud.

Completely unlike traditional cloud computing.

For a service to be considered a Private Cloud Enclave, it must be verifiably private and confidential:

Verifiable - A skeptical external party can convince themselves of the configuration.

Private - The service provider has "locked themselves out" from being able to log, persist, or transmit data.

Confidential - The cloud host has been "locked out" from being able to peek inside the enclave.

The two most important characteristics of a Private Cloud Enclave is that they are 1) verifiable and 2) private.

The biggest threat vector to end users is the service itself logging or transmitting the data elsewhere, outside of the user's sight.

Protecting the service from the cloud host's visibility is important for completeness, but relatively less important.

Cloud hosts already have a contractual expectation to not peek, which they are disincentivized from violating–if they did, fewer companies would choose to use them as hosts!

Adding on confidentiality (from the host) helps, but is less important than the other two.

Various technologies can be used to make stronger or weaker claims of being a Private Cloud Enclave.

For example, many chips used in servers support confidential compute modes in hardware that allow running VMs with fully encrypted memory.

Confidential compute modes also allow hardware-attested remote attestation about the provenance of the software, which allows a remote party to verify it matches the expected signature of an open source library.

Remote attestation can be done for a proprietary binary, but it's at its strongest for fully open source, auditable code.

For privacy, various policies are possible from more or less restrictive.

For example, you could set a policy that allows no logging or external network transmission of any kind.

Or you could set a policy that allows writing only if it is signed with the user's personal key, and only allow data to flow outside the system if it is aggregated to a certain k-anonymity threshold.

A Private Cloud Enclave is not just confidential compute.

It's not just Apple's Private Cloud Compute.

It's something bigger than either.

More on this topic

From other episodes