There are plenty of ways to secure data while it’s sitting in databases and while it’s winging around networks, even if the means remain far from perfect. But what about when the data is being actively used in cloud applications and services?

That particular state of data is what the emerging concept of “confidential computing” is intended to address. Today Google LLC announced a new “challenge” intended to spur more innovation in cloud security using confidential computing techniques.

The Confidential Computing Challenge is aimed at getting developers to come up with novel use cases for the budding field between now and April 1. The winner gets $15,000, $5,000 in Google Cloud Platform credits and a “surprise hardware gift.”

Not least, the challenge is also intended to boost interest in Google’s own open-source confidential-computing framework called Asylo that it introduced last May, and by extension Google’s cloud, which trails far behind those from Amazon Web Services Inc. and Microsoft Corp. Greek for “safe space,” Asylo is intended to make it easier to create “enclaves,” or “trusted execution environments” for protecting data and applications while they’re in use.

In particular, running applications in these confidential computing environments provides more protection from malicious insiders in companies or cloud providers, network vulnerabilities, compromised operating system software and malicious firmware inserted into the basic BIOS software in devices.

“We think this is a solid next step in advancing security for cloud,” Brandon Baker, Google’s tech lead for cloud security, said in a press briefing.

Providing confidentiality, code integrity and attestation — meaning identity around code executing in the enclave — the enclaves are currently used in chips via instruction codes such as Intel Corp.’s Secure Guard Extensions or SGX, Advanced Micro Devices Inc.’s Secure Encrypted Virtual Machines or SEV, and Arm Holdings Ltd.’s TrustZone.

The problem is that it has been difficult for developers to implement this new kind of security because of that dependence on particular hardware. “This presents a lot of challenges for developers,” Baker said, not least that current implementations are aimed at workstations more than the servers that are the foundation of cloud computing.

To address those challenges, Google introduced Asylo, which it’s using in its own cloud, to make it easy to build applications that run in enclaves — for now on Intel SGX machines but with plans for integrating it into popular developer pipelines.

But it’s clear that Google realizes it can’t do all this itself, thus the challenge to solve knotty issues such as solid app design processes and tradeoffs between security and performance. Google’s hoping other developers will experiment with new models for security and that more standards will be developed to make applications developed that use confidential computing to be portable across computing environments.

“This is fairly early days,” Baker said.

Google isn’t the only company pushing confidential computing. Microsoft provides it in its Azure infrastructure cloud as well.

Image: geralt/Pixabay