There are three states in which data can be protected: at rest, in transit, and in use. Encrypting data at rest (e.g. files, objects, storage) and in transit (e.g. TLS, HTTPS) have become a common practice, while encrypting data in use (the core idea behind Confidential Computing) is still an emerging concern.

But while a common practice today, encrypting data in transit only gained wide adoption with the Let’s Encrypt movement, which was fundamental in changing the general mindset from “encryption is only important for e-commerce and banking applications” to “let’s encrypt everything by default, no matter what’s the application”. Confidential Computing is just starting to emerge, and most use cases are restricted to sectors like healthcare and banking, which require greater assurances that their sensitive code and data are protected.

We will look back at the Let's Encrypt project, which started 10 years, to understand why this movement was so successful and how we can replicate this success for encrypting data in use. Our hope is to make encrypting data in use the default way for deploying applications, which will fundamentally change the security approach that exists today.