By: Phillip Sharpless


Securing Data in On-Prem to Cloud Migrations

When an organization decides to take the plunge and migrate from on-premise to a cloud-based architecture, there can be a certain apprehension when it comes to security.

Nobody doubts that large cloud providers take security very seriously, but there can still certainly be a hesitation to turn over all your organization’s most sensitive data to any third party.

As such, cloud providers are always seeking new and better ways to secure data and bolster trust in their platforms. Protecting data while it’s being stored (such as in a database) or in transit (such as being sent over network) has been traditionally solved with well-established encryption techniques.

Protecting data while in use, however, is a much trickier subject.

It seems all encrypted data must at some point be decrypted, and when it is, that decrypted data then becomes vulnerable. The decrypted data might exist temporarily within system memory, but is still vulnerable to a host of data observation or collection techniques.

Anything that can interact with memory could potentially be a security threat. In a cloud environment where hardware resources are potentially shared amongst numerous different actors, securing data while in use becomes extremely critical. The challenge of securing data while it is in use falls under the domain of what has been dubbed Confidential Computing.

What is Confidential Computing?

The term Confidential Computing is now used to describe a model that secures in use data using what is known as a hardware-based Trusted Execution Environment (TEE). The short and sweet of TEE is that a TEE exists to perform computation in a secure enclave of the CPU and memory space, protected from all other hardware, processes, and even the operating systems themselves.

The somewhat recently launched (2019) Confidential Computing Consortium is an industry-based organization which seeks to define and encourage the adoption of Trusted Execution Environment (TEE) technologies and standards. They have provided several whitepapers for those interested in doing a deeper dive into these concepts.

The adoption of cloud-based solutions has accelerated dramatically over the past year, particularly fueled by demand related to the COVID-19 pandemic. Microsoft’s CEO stated last year that the world saw two years worth of digital transformation occur within two months.

Cloud-related security concepts are only growing in scope and in stakes, as much of the world’s most sensitive personal and financial data is being transitioned there. Staying informed of the latest security concepts is definitely a good idea as you evaluate potential cloud-based solutions you may choose for your organization.


Thanks for reading! We hope you found this blog post useful. Feel free to let us know if you have any questions about this article by simply leaving a comment below. We will reply as quickly as we can.

Keep Your Business Intelligence Knowledge Sharp by Subscribing to our Email List

Get fresh Key2 content around Business Intelligence, Data Warehousing, Analytics, and more delivered right to your inbox!


Key2 Consulting is a data warehousing and business intelligence company located in Atlanta, Georgia. We create and deliver custom data warehouse solutions, business intelligence solutions, and custom applications.