Securing data in use so PaaS and AI workloads can safely span every cloud by 2026

Confidential computing: securing data in use across clouds

In traditional cloud security, enterprises have become good at encrypting data at rest in storage and in transit over the network. The weak spot has always been the moment data is actually processed in memory. At that point, it has historically been exposed to the operating system, hypervisor, cloud provider administrators, and in some cases other tenants on the same hardware. Confidential computing aims squarely at that problem.

The Confidential Computing Consortium, part of the Linux Foundation, defines confidential computing as the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment. Confidential Computing Consortium+1 IBM describes it more simply as a cloud technology that protects data during processing, completing end-to-end encryption at rest, in transit, and in use. IBM. Instead of trusting the whole cloud stack, enterprises can now rely on a much smaller “trusted compute base” implemented in silicon.

In parallel, Gartner’s 2026 strategic technology trends highlight confidential computing as one of the core pillars for AI platforms and infrastructure, noting that it enables secure AI and analytics across untrusted environments. Gartner Analysts now project that by 2029, more than three-quarters of operations processed in untrusted infrastructure will be secured in-use by confidential computing techniques, making it a mainstream requirement rather than an experimental option. Help Net Security

For multicloud networking and PaaS teams, this shift is profound. The network is no longer just moving packets between zones and regions; it now connects enclaves of trusted execution that span clouds, edge locations, and data centers, all while preserving strong confidentiality guarantees even against the infrastructure itself.

Why data in use is the multicloud blind spot

Data protection has long been explained in terms of three states of data: at rest in storage, in transit over networks, and in use while being processed in memory. Encryption for the first two states is now broadly deployed. At rest, full-disk and object-level encryption are standard. In transit, TLS and VPNs secure traffic across public and private networks. Yet in use, data is often decrypted inside virtual machines, containers, or serverless runtimes that sit atop large, complex stacks of software and hardware.

In a single-cloud setup with strict controls, that risk can be managed. In a multicloud world, it becomes multiplied. Each provider has its own hypervisors, management planes, and security practices. Workloads routinely cross geographic boundaries and jurisdictions. Network teams must interconnect these environments, often over public internet links or shared backbone services. In contrast, application teams push sensitive AI and analytics workloads closer to customers, partners, and edge sites.

Without confidential computing, every hop in this multicloud journey expands the potential attack surface. Malicious insiders at a provider, compromised hypervisors, firmware backdoors, and sophisticated supply chain attacks can all target data at the exact moment it is most valuable: during active processing. The network can encrypt the path, but it cannot, in general, protect the memory where actual computation occurs.

Confidential computing changes that trust model. By confining sensitive code and data to hardware-enforced enclaves, and by using cryptographic attestation to prove where and how code is running, organizations gain a new way to anchor trust across heterogeneous networks and untrusted infrastructure. Microsoft Learn In practice, this means multicloud networking architectures in 2026 will be designed not only around subnets and routing domains, but around zones of attested secure execution.

Trusted execution environments as the new perimeter

At the heart of confidential computing are Trusted Execution Environments, or TEEs. These are secure, isolated areas of a processor and memory that protect code and data from anything outside the enclave, including the host operating system and hypervisor. Microsoft’s Azure documentation describes a TEE as a segregated area of CPU and memory whose contents are encrypted and integrity-protected, with a small security processor on the chip enforcing access. Microsoft Learn Google Cloud offers a similar description, emphasizing that TEEs prevent unauthorized access or modification of applications and data while they are in use. Google Cloud Documentation

Cloud providers implement these TEEs in several ways. Some offer confidential virtual machines that encrypt all memory for an entire VM and protect it from the hypervisor. Others expose application-level enclaves where specific processes run inside a TEE, often leveraging technologies like Intel TDX, AMD SEV-SNP, or ARM’s confidential computing architectures. Red Hat and IBM, for example, have begun integrating confidential computing capabilities directly into Kubernetes, enabling containerized workloads to run within TEEs on managed cloud infrastructure. IBM

For networking and PaaS teams, TEEs become a new kind of perimeter. Instead of focusing only on which subnet or VPC a workload sits in, they must now consider whether the workload runs inside an attested enclave, whether the customer controls its keys, and what network paths can reach those enclaves. Policy engines, service meshes, and API gateways will increasingly treat “enclave identity” as a first-class security attribute, alongside IP addresses, service accounts, and device posture.

Architecting a confidential multicloud network fabric

By 2026, a typical confidential multicloud architecture will combine several elements into a cohesive fabric. At each central cloud region and data center, organizations will deploy clusters of confidential VMs and enclave-enabled containers to host their most sensitive analytics, AI models, and transaction processing. These clusters are fronted by secure ingress controllers and service meshes that terminate encrypted connections and route traffic based on both service identity and enclave attestation status.

The multicloud network that ties these locations together will be built as an overlay of encrypted tunnels, often using SD-WAN or cloud backbone services. But the key difference lies in how routing and policy decisions are made. Instead of simply steering by region or latency, AI-driven controllers will consider whether a given workload requires confidential execution, whether the destination environment has passed attestation checks, and whether data residency rules allow that particular flow.

Confidential computing whitepapers from the Confidential Computing Consortium describe use cases where data from multiple parties can be processed in a shared TEE without exposing inputs to one another, enabling privacy-preserving analytics and machine learning across organizations that do not fully trust each other. Confidential Computing Consortium In a multicloud network, that pattern extends across providers: enterprises can assemble “confidential data clean rooms” that span cloud boundaries, with the network enforcing that only attested enclaves can exchange specific classes of data.

PaaS platforms will abstract much of this complexity. Developers will deploy AI pipelines, data processing jobs, or microservices to “confidential tiers” of the platform. Under the hood, the PaaS control plane will schedule workloads onto TEE-enabled nodes, generate and manage keys, configure service-mesh policies, and program multicloud routing decisions. The result is a developer experience that feels similar to current serverless or container platforms, but with strong hardware-backed guarantees about how and where data is processed.

Use cases at the intersection of confidential computing and multicloud

Several early use cases illustrate why confidential computing and multicloud networking are converging so rapidly.

Financial institutions are exploring cross-border anti-money-laundering and fraud detection pipelines that aggregate transaction data from multiple banks and payment providers. Azure’s confidential computing use case documentation describes scenarios where data from different sources can be processed in secure enclaves without exposing raw inputs to other parties. Microsoft Learn In a multicloud context, one bank may run its systems on one hyperscaler, while a partner runs on another. Confidential computing and multicloud networking combine to create shared enclaves connected by encrypted, attested network paths, enabling joint analytics while preserving data sovereignty.

Healthcare organizations are piloting AI models that analyze imaging, genomics, and patient records across hospitals and research institutions. Regulations often require that personally identifiable health data never leave specific jurisdictions or be exposed to third parties. Confidential computing allows these workloads to run in public clouds while keeping data encrypted in use and shielded from providers and administrators. Decentriq Multicloud networking ensures that researchers and clinicians can access results from wherever they operate, while the underlying data is processed only in approved regions and enclaves.

Manufacturers and industrial firms are using confidential computing at the edge to analyze sensor data from factories, vehicles, and energy infrastructure. In these environments, networks often include a mix of private 5G, satellite links, and cloud connections. Confidential computing lets them process sensitive telemetry and proprietary models on shared edge hardware, while the network securely backhauls aggregated insights to central AI platforms in multiple clouds. Everyday IT

Finally, AI platform providers themselves are adopting confidential computing for their inference and training infrastructures. Vendors like NVIDIA and major cloud providers are touting confidential computing as a way to protect proprietary models and customer prompts during generative AI workloads, ensuring that neither competitors nor insiders can access model internals or sensitive inputs. NVIDIA As these AI services are exposed across multicloud networks through APIs and edge endpoints, confidential computing becomes a key differentiator for enterprises choosing where to run mission-critical AI.

Governance, performance, and interoperability challenges

Despite the momentum, deploying confidential computing across multicloud networks is far from trivial. Governance is one of the largest hurdles. Security and compliance teams must define which workloads require confidential execution, what attestation evidence is acceptable, and how to audit that policies are consistently enforced across clouds and edge sites. Several recent industry analyses emphasize that confidential computing delivers technical assurances, but those assurances must be integrated into broader regulatory frameworks such as GDPR, CCPA, and emerging AI regulations. Confidential Computing Consortium+1

Performance and cost trade-offs also matter. Running workloads inside TEEs can introduce overhead, particularly for memory-intensive AI models and analytics jobs. While silicon vendors are racing to optimize TEE performance for AI workloads, some organizations may need to redesign applications or adjust expectations around latency and throughput. Intel CDRD Multicloud networking adds another layer, as encrypted overlays and cross-region traffic can compound latency effects if not carefully engineered.

Interoperability is another concern. Each cloud provider currently offers its own flavors of confidential VMs, enclaves, and attestation services. The Confidential Computing Consortium is working to standardize terminology, architectures, and APIs, but practical differences remain. Confidential Computing Consortium Multicloud platforms will need to hide those differences from developers while still giving security teams enough visibility to assess risk.

Finally, there is the challenge of skills and culture. Security architects, network engineers, and DevOps teams must become comfortable reasoning about hardware-backed trust, attestation flows, and enclave life cycles. They will need new tools to test, debug, and monitor workloads running in environments where traditional logging and introspection are intentionally limited. Training, experimentation environments, and vendor-neutral guidance will be essential to scale adoption beyond early adopters.

Closing thoughts and looking forward

Confidential computing is rapidly moving from theory to practice, and its impact on multicloud networking and PaaS will be hard to overstate. By extending strong cryptographic protections to data in use, it provides a missing piece in the end-to-end security puzzle, especially for AI and data-intensive workloads that must span multiple providers, regions, and edge sites.

In this second article of the series, we explored how confidential computing reshapes the assumptions behind multicloud networking. Instead of trusting the entire infrastructure stack of each cloud, organizations can rely on a narrow, hardware-enforced trust anchor and use attestation, policy, and AI-assisted automation to build a “network of enclaves” across their global footprint. That network supports new use cases, from cross-institution analytics and healthcare AI to secure industrial edge processing and protected AI inference.

Looking ahead to 2026, the most advanced PaaS offerings will treat confidential computing as a built-in capability rather than an optional add-on. Developers will choose whether workloads run in standard or confidential tiers, while the platform and multicloud network handle the heavy lifting of enclave scheduling, key management, attestation, and path selection. AI-native operations will continuously monitor this fabric, predicting capacity needs, flagging misconfigurations, and tightening policies as threats evolve.

The journey will not be simple. Governance, interoperability, and performance questions must be answered, and skills must be developed. But the direction of travel is clear: in a world where AI and data define competitive advantage, confidential computing offers a way to unlock the power of multicloud without surrendering control over the crown jewels. For IT and security leaders, now is the time to pilot confidential workloads, integrate attestation signals into network policy, and prepare teams for a future where the most critical security decisions are made at the intersection of silicon and software.

Reference sites

What is confidential computing? – IBM – https://www.ibm.com/think/topics/confidential-computing IBM

Top Strategic Technology Trends for 2026 – Gartner – https://www.gartner.com/en/articles/top-technology-trends-2026 Gartner

Confidential Computing overview – Google Cloud – https://cloud.google.com/confidential-computing/docs/confidential-computing-overview Google Cloud Documentation

What is confidential computing? – Red Hat – https://www.redhat.com/en/topics/security/what-is-confidential-computing redhat.com

Confidential Computing: Hardware-Based Trusted Execution for Applications and Data – Confidential Computing Consortium – https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC_outreach_whitepaper_updated_November_2022.pdf Confidential Computing Consortium

Benoit Tremblay, Author, IT Security Management, Montreal, Quebec.
Peter Jonathan Wilcheck, Co-Editor, Miami, Florida.

#MultiCloudNetworking #ConfidentialComputing #DataInUseSecurity #TrustedExecutionEnvironment #HybridCloud #SecureAI #ZeroTrust #CloudSecurity #PaaSTrends #AIInfrastructure