Gartner highlights confidential computing for 2026. The reason: as sensitive AI and analytics workloads move to shared cloud infrastructure, protecting data βin useβ β not just at rest and in transit β becomes critical.
The Encryption Gap
Traditional security encrypts data in two states:
| State | Protection | Technology |
|---|---|---|
| At rest | Encrypted on disk | AES-256, LUKS, BitLocker |
| In transit | Encrypted over network | TLS 1.3 |
| In use | β Unprotected in memory | Confidential computing fills this gap |
When data is being processed β in CPU registers and RAM β it is traditionally unencrypted and accessible to anyone with privileged access: hypervisor administrators, cloud provider staff, or attackers who gain root access.
How Confidential Computing Works
Confidential computing uses hardware-based Trusted Execution Environments (TEEs) to create isolated enclaves where data is encrypted even while being processed:
ββββββββββββββββββββββββββββββββββββββββ
β Untrusted Host OS β
β ββββββββββββββββββββββββββββββββββ β
β β Trusted Execution β β
β β Environment (TEE) β β
β β ββββββββββββββββββββββββββββ β β
β β β Encrypted Memory β β β
β β β Your Data + Code β β β
β β β (invisible to host) β β β
β β ββββββββββββββββββββββββββββ β β
β ββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββNeither the cloud provider, the hypervisor, nor a compromised OS can see what is inside the TEE.
Hardware Support in 2026
| Vendor | Technology | Availability |
|---|---|---|
| Intel | TDX (Trust Domain Extensions) | 5th Gen Xeon+ |
| AMD | SEV-SNP (Secure Encrypted Virtualization) | EPYC 4th Gen+ |
| ARM | CCA (Confidential Compute Architecture) | ARMv9+ |
| NVIDIA | H100 Confidential Computing | Hopper GPU |
Cloud Provider Support
All major cloud providers now offer confidential computing VMs:
- Azure: DCasv5, DCadsv5 (Intel TDX), and SEV-SNP VMs
- GCP: Confidential VMs (AMD SEV), Confidential GKE Nodes
- AWS: Nitro Enclaves (different approach β application-level enclaves)
Use Cases
Multi-Party Data Analysis
Multiple organizations analyze combined datasets without any party seeing the othersβ raw data. Critical for healthcare research, financial fraud detection, and supply chain optimization.
AI on Sensitive Data
Train or run inference on medical records, financial data, or classified information in the cloud β without trusting the cloud provider with your data.
Regulated Workloads
Meet data sovereignty and privacy requirements (GDPR, HIPAA, DORA) while using public cloud infrastructure.
Kubernetes Integration
# Confidential container on Azure AKS
apiVersion: v1
kind: Pod
metadata:
name: confidential-workload
spec:
runtimeClassName: kata-cc
containers:
- name: app
image: myregistry/confidential-app:latest
resources:
limits:
memory: "4Gi"
cpu: "2"My Recommendation
If you process PII, healthcare data, financial records, or any regulated data in the cloud, evaluate confidential computing now. The performance overhead is 5-15% β a small price for hardware-enforced data isolation that no software vulnerability can break.
Book a consultation to evaluate confidential computing for your workloads.
