Confidential computing is a security paradigm designed to protect data while it is being processed. Unlike traditional data protection that focuses on data at rest and in transit, confidential computing secures data in use within a Trusted Execution Environment (TEE). A TEE is a secure area within a processor that ensures the data and code inside are protected from unauthorised access and tampering. This is like having a lockbox in an open room where the contents cannot be seen or altered, even though the box itself is accessible. Confidential computing’s main principles — isolation, encryption, and attestation —guarantee data confidentiality and integrity during computation, making it crucial for handling sensitive information securely. This technology ensures data remains encrypted throughout its entire lifecycle. In a public cloud environment, confidential computing guards against various risks, such as malicious insiders, physical data centre breaches, and multi-tenant environment vulnerabilities. Encrypting data even when in use closes a critical security gap, ensuring comprehensive data protection.