Confidential Computing
Hardware-based Trusted Execution Environments (TEEs) power Turing complete-capable secure enclaves in which applications can execute securely and protect their data from unauthorised access.
Redefining Security with Verifiable Trust
At Secretarium, we provide Confidential Computing solutions that go beyond mere trust.
Our platform ensures that data processed in Trusted Execution Environments (TEEs) remains secure from unauthorised access or tampering, even by system administrators or cloud providers.
Each application running on the Secretarium Platform is in a secure enclave, cryptographically measured, and offers remote attestation to prove that the computation environment remains untampered. This makes Secretarium ideal for organisations needing to comply with strict privacy regulations, such as financial institutions and healthcare providers.
What Sets Us Apart:
Hardware-Based Confidential Computing for Maximum Security
At Secretarium, we leverage hardware-based Confidential Computing to create the smallest possible trust boundary. Unlike competitors using virtualisation-based methods that trust broader components like hypervisors and OS stacks, our approach isolates sensitive data and applications in secure regions within memory that are isolated from the rest of the system. This ensures your data remains secure, even when the OS is untrusted and inaccessible to privileged software or users. By offering stronger isolation than broader trust models, we limit risks from vulnerabilities in the OS, hypervisor, or admin access, ensuring total confidentiality.
Transparency Supported by Attestation
Secretarium Platform offers end-to-end confidentiality through memory encryption and remote attestation thanks to TEEs. Unlike competitors, our remote attestation workflow is verifier-agnostic, meaning you aren't locked into using our attestation system. We can provide the attestation quote, allowing you to validate it independently or through a third-party verifier. This makes our solution ideal for enabling sensitive data collaboration use cases across industries such as financial compliance, anti-fraud measures, and healthcare analytics.
Regulatory Compliance and Data Sovereignty
The Secretarium solution is built with regulatory compliance in mind. It supports critical regulations like AML (Anti-Money Laundering), GDPR, and HIPAA, enabling secure, privacy-preserving solutions that meet the highest global standards. Our success in the 2023 BIS/G20 TechSprint competition to fight financial crime demonstrates our leadership in regulatory tech.
Use Cases:
Financial Services
Enable secure transaction monitoring and anti-fraud analytics without exposing sensitive data. With Secretarium Technology, financial institutions can prevent fraud and comply with global regulations while maintaining absolute privacy.
Healthcare
Process and analyse patient data without risking privacy breaches. Our Confidential Computing solution allows organisations to perform advanced analytics on encrypted datasets, ensuring compliance with HIPAA and other healthcare privacy laws.
Legal & Compliance
In highly regulated industries, Secretarium Technology provides a framework that secures client data during audits while maintaining complete confidentiality. Legal firms and auditors can operate confidently without compromising sensitive client information.
Why Choose Secretarium?
Our hardware-based confidential computing provides better isolation and protection than virtualisation-based solutions offered by competitors.
With our verifier-agnostic remote attestation workflow, the Secretarium Platform ensures end-to-end confidentiality, going beyond standard trust models. Designed for energy efficiency, our platform delivers top-tier security and privacy for large-scale applications, positioning us as a strong competitor to global cloud providers. We offer confidentiality at scale without compromising environmental impact, making our solution ideal for industries with strict data protection requirements such as finance, healthcare, and legal.
Understanding Performance Overhead in Confidential Computing
Confidential computing offers cutting-edge protection for data-in-use by isolating computations within Trusted Execution Environments (TEEs). This technology safeguards sensitive data during processing, ensuring robust security through memory encryption, integrity checks, and strict access control. While this protection is crucial, it can introduce some performance overhead. Here’s what to expect:
Minimal Impact on Computation-Intensive Workloads
TEEs are designed to handle compute-heavy tasks efficiently. Purely computational workloads, which involve minimal memory access, experience nearly no performance degradation, making confidential computing ideal for high-demand applications where data integrity and security are paramount.
Low Overhead for Linear Memory Operations
For processes that utilise linear memory access patterns—where data is read and written sequentially—the performance impact is kept low. Optimised data prefetching minimises overhead, allowing these tasks to perform comparably to non-secure environments.
Handling Memory-Intensive or Random Access Tasks
Memory-intensive operations or those involving random access may see a slight overhead when data is larger than the CPU L3 cache. This impact is mainly due to added encryption and integrity checks on memory operations, ensuring that sensitive data is securely processed without compromising its confidentiality.
Optimised Performance with Secretarium’s Klave Platform
Secretarium’s Klave platform is engineered to minimise these overheads through advanced optimisations. By enhancing data locality, refining memory management, and using efficient TEE architecture, Klave ensures that security and performance remain balanced, enabling organisations to leverage confidential computing at scale without sacrificing speed.
Secretarium is designed to connect to other digital services the same way internet services connect to one another. Services can seamlessly integrate with existing web systems, blockchain networks, and other Secretarium services.
On top of keeping data always encrypted in memory, we enable the use of advanced privacy techniques such as Differential Privacy and Privacy Budgeting for the analysis of datasets which protects the privacy of discreet data points.