“It’s a funny story,” says Richard Brown, chief technology officer of R3, an enterprise software firm originally set up in 2014 as a blockchain consortium backed by major banks. When the vendor started working on Conclave, its confidential computing platform, “we didn’t envisage it being a new product. It was actually intended to improve some features of Corda, our blockchain.”

Last week, R3 unveiled Conclave, almost two years after realizing that the improvements it was looking to make to Corda could pave the way for a new product line—one that underscores the growing awareness of, and urgent need for, data security and privacy among enterprises, consumers, and governments in the digital age.

Confidential computing involves two aspects. The first piece leverages what’s known as an enclave, or trusted execution environment, which is a physical piece of hardware that isolates sensitive data within a CPU. In Conclave’s case, it uses Intel’s Software Guard Extensions, or SGX, chip, and connects clients via a high-level API, which allows developers to write their own host apps on any operating system in any language that can run on a Java Virtual Machine, such as Java, Kotlin, or JavaScript.

The CPU on which the enclave is running creates a crypotgraphically secure “statement” that confirms the enclave is running the algorithm in question and specifies a public key that can be used to communicate with it. This statement, called an attestation, is then sent to anybody who wants to submit their data to the environment, Brown says. This type of computing is meant to give owners of data control over what happens to their data while it’s in use, as opposed to its two other states, which are commonly focused on and for which there already many solutions: data that’s at rest and data that’s in motion.

Brown compares this to the padlock symbol that appears in the URL bar on a webpage, which lets users know that a site or service is trusted and safe, and that their data is secure as it travels across the web to the hosting company’s servers. The padlock, though, does not indicate what will happen to that data once it reaches the other party, whether it be a social media site, a bank, or an individual.

“We know what happens here in the consumer realm. There’s all these congressional inquiries and so forth into the power of these social media firms. And in the business realm, where we’re focused, it’s the same problem,” Brown says. “You’re a bank sending your bids and offers to a marketplace, but you’ve got no way of knowing what that marketplace will do with that data. Maybe they’ll execute your orders faithfully, fairly, and transparently, but maybe they’ll front-run you, or maybe they’ll sell that data to another firm. They may promise they won’t, but you’ve got no technological way of enforcing that.”

This same uncertainty around what happens to data in another entity’s hand has colored financial institutions’ arduous journeys to the cloud. There’s concern over whether data is safe from the cloud not only from hackers and other bad actors, but the cloud providers, themselves. For every announcement that a bank has chosen Google Cloud, Amazon Web Services, or Microsoft Azure for some business function, there are more functions that remain on-premises, bogged down by legacy technologies but unable to break away due to risk and control concerns. While vendors have been able to embrace cloud offerings more freely, highly-regulated banks and buy-side shops handle highly sensitive customer and trade data, which demands a watertight ecosystem for running complex analytics and data science tasks.

Some of the major cloud providers have rolled out early-stage confidential computing solutions, such as IBM’s Hyper Protect Cloud Services, which launched in 2018. More recently, Google Cloud introduced its first confidential computing service last summer, and Microsoft Azure made its first similar solution, Attestation, “generally available” earlier this month after also first announcing it last summer. The main draw of such offerings is that the data stored by customers within the enclaves isn’t visible or accessible even by the respective cloud providers.

In an example of how the technology works, an auction house needs to prove to bidders that any auction will be fair, that their bidding strategies won’t be revealed to other entities—not even to the firm operating the exchange—and that their data will be used solely for the auction. Using confidential computing, the first thing the auction house would do is show the bidders, or their trusted auditors, how the auction would work, either via computer code or written-language rules. The second step is where the work gets harder, Brown says: The auction house would need to prove to bidders cryptographically that the code or rules they were shown are the ones actually running, then follow that by encrypting the bidders’ data using a key that the auction house can prove is only known to that algorithm.

“So even though you’ve sent your data outside your organization, and it’s gone across the Internet to a completely different firm, you’ve encrypted it in a way so that the only computer in that big datacenter that can ever unlock your data is the computer running that specific algorithm,” he says.

A potential buy-side use-case for Conclave, and confidential computing in general, is in the area of dark pools, says Brown. A dark pool operator’s pitch to the buy side is that if shops route their orders through that operator, they’ll rest on that operator’s books, invisible to other market participants, until a matching order comes through so buyers and sellers can execute their desired orders without revealing their positions or moving the market. The potential problem with that, however, is that the operator is privy to that sensitive data, and they could, in theory, use it to their advantage.

“Conclave allows you to prove to your customers that even if you had a malicious employee, you simply could not front-run them, [and] you couldn’t sell their data. So there’s a strong competitive reason to want to adopt this technology because if you can prove to your customers that your marketplace is provably fair, then—all else being equal—buyers and sellers will want to use your venue, rather than one that cannot make that promise,” Brown says.

If confidential computing’s premise sounds similar to blockchain’s—serving as a record of activity in which data can’t be corrupted or deleted by other entities—that’s because it is. Though R3 offers an open-source and commercial version of its Corda blockchain that counts industry players like Nasdaq and Six Digital Exchange among clients, and though blockchain’s hype has reached high peaks more than once, the technology itself remains largely unused by most corners of finance outside of cryptocurrencies and know-your-customer (KYC) activities.

However, confidential computing, apart from helping banks and other institutions move to the cloud, could also be used to further blockchain’s cause, says Dave Thaler, a Microsoft software architect and technical advisory council chair of the Confidential Computing Consortium, a Linux Foundation-hosted industry group founded in 2019 with members including big names like Google Cloud, Microsoft, Red Hat, and Intel. R3 joined the consortium last year.  

“Blockchain relies on there being something fed into it that gets replicated across the distributed ledger. How do you know that the thing that’s fed into it is the correct thing [to be] fed into it? How do you know that it hasn’t been tampered with prior to being inserted into the blockchain? That’s just an example of where you can use confidential computing to protect the data and the computing of the thing that creates the blockchain entry to begin with and then distributes it,” Thaler says.

Confidential computing is already an established practice in other industries, such as gaming and retail finance. Microsoft uses it in the company’s Xbox gaming consoles, says Thaler, as do chip cards, which have largely replaced magnetic-stripe credit and debit cards in the consumer market over the last few years. This means that capital markets firms could have an easier time taking it up for their own use-cases. Thaler’s colleague, David Greene—chair of the consortium’s outreach committee and chief revenue officer at software company Fortanix—pegs the timeline for industry adoption as likely coming well before the advent of commercialized quantum devices, which would put the target for large-scale industry adoption somewhere within the next decade.

The conversation around data security, privacy, and ethics isn’t specific to just the capital markets, as many industries, activists and regulatory bodies—notably, the EU’s anticipated Gaia-X project is of the same vein—are attempting to address these concerns through a prism of different angles. This fact can help progress the field of confidential computing as different disciplines and applications can help the technology to evolve more quickly, says Gabriele Columbro, founder and executive director of the non-profit Fintech Open Source Foundation (Finos).

He says that it will take industry collaboration to achieve these lofty security goals. Columbro recalls the time before 2018, back when Finos was known as the Symphony Software Foundation. Symphony is now a standalone chat and collaboration company for financial services valued at north of $1 billion.

“A big value proposition of Symphony [Software Foundation was] that firms could exchange information without Symphony ever being able to read those messages,” he says. As Symphony has expanded beyond simple messaging to offer services such as chatbot-building tools and KYC functions, Columbro envisions confidential computing being used to facilitate cross-organization chat.

But he also takes issue with the industry potentially rallying behind the big cloud providers for these tools and other large-scale privatized, commercial projects. Columbro, a big advocate for open-source technology, open standards and transparency, believes that a technology like confidential computing—the point of which can mostly be distilled down to “proving” how one’s data gets used—is best served by open-source projects, which can be audited, tracked, and improved by the public. He’s wary that because consumers don’t have access to private providers’ source code, there will continue to be concerns around proving the efficacy of these enclaves’ security.

He likens it to the blockchain movement, which presented numerous privatized options to the industry. Some of these offerings are still doing well, but Columbro comes from the perspective that blockchain is basically a network of trust, one that customers rely on to validate transactions, identities or some other fact, but the code underpinning the system cannot be provided to them.

“Maybe I’m a little biased here, but I still think that as much as the cloud vendors have a massive capacity and inherent interest to get this done—because luckily, for what we know, cloud vendors have not been selling our data in the backend like social media companies—but in order not to get into the same situation, I think it’s important that whatever technology is actually rolled out for confidential computing is open source … I don’t think proprietary confidential computing efforts could ever be 100% safe,” he says.

Of course, he adds, you can expect any of the major cloud providers offering confidential computing services to write a contract that reflects the truth of what they’re offering. “It’s a fair assumption, but it’s still an assumption.”