Encryption, firewalls and zero-trust architectures are time-tested methods for guarding sensitive data. But there’s a catch: in the era of cloud computing and deeply intertwined digital networks, it’s increasingly difficult to know where data resides — and who can view it — at any given moment.
That’s prompting CIOs to turn to confidential computing. The technology addresses a common but often overlooked security gap: organizations generally use encryption for data at rest and in transit, yet the moment it’s decrypted, it is potentially visible. This makes it vulnerable to anyone or anything that has access to system memory, including a rogue process, compromised hypervisor or bad actor.
Confidential computing protects data in use by processing it inside a hardware-encrypted trusted execution environment (TEE) — a secure area within a chip that isolates data from surrounding infrastructure, applications, cloud providers and even privileged users. Think of a TEE as a mailroom without a door or windows: no one can enter, but letters can pass in and out through a safe slot.
“When we describe confidential computing and people actually understand it, the question is almost always the same: Why wouldn’t we use this?” said Mark Bower, chief strategy officer at Anjuna Security and co-chair of the Cloud Security Alliance Confidential Computing Working Group.
As threats worsen and risks grow — including geopolitical instability — confidential computing is in the spotlight. A recent survey conducted by IDC Research found that 75% of 600 respondents are adopting confidential computing in some form — with 18% already in production and 57% testing it. Equally important, 88% of business leaders say it improves data integrity, and 77% believe it dials up key technical assurances.
“As AI adoption grows, regulatory pressures increase and multi-party analytics gains traction, organizations are looking to close security gaps and future-proof resilience,” said Philip Bues, a senior research manager at IDC. “It is becoming a board-level imperative.”
Establishing trust in code, protecting data in use
What makes confidential computing so attractive is that it introduces verifiable trust through hardware-rooted attestation. Workloads contain a unique cryptographic identity that proves code is running within a confidential environment. “You avoid injecting secrets into the CI/CD pipeline, which is exactly where they get compromised,” Bower said.
Normally, organizations power up software and services with no guarantee that passwords, keys or secrets are intrinsically secure. “There is a ‘first secret problem.’ How do I know when I set up access control for a system that it is actually trustworthy?” Bower said. “Confidential computing solves this problem. It establishes trust before it ever touches data.”
The technology is already widely used for chip cards and payment platforms, including Apple Pay and Google Pay. It’s also built into hardware security modules that store and protect cryptographic keys. Now, as organizations look to wall off intellectual property, regulated analytics workloads, personal and private data, and information that can run through generative AI models, confidential computing is expanding to cloud, hybrid and edge environments.
Confidential computing excels for “sensitive workloads and where data and operational sovereignty are high on the list of concerns,” said Bart Willemsen, an analyst at Gartner. This includes finance and banking, healthcare, AdTech and MarTech. There’s also growing interest around confidential AI and running smaller, fit-for-purpose open source AI models within a TEE. In fact, Gartner ranked confidential computing among its top three technologies to watch in 2026.
“Confidential computing provides the hardware-enforced boundary that software controls alone cannot,” Bower said.
How CIOs can adopt confidential computing
Until recently, many CIOs viewed confidential computing as an experimental technology. Early versions required technical expertise to deploy, manage and use systems — and tools often didn’t integrate well with existing workflows. As a result, developers and DevOps teams bristled, and adoption lagged.
What’s changed is that modern software stacks support confidential computing within existing runtime environments, including virtual machines and containers. As a result, there’s no need to redesign applications and reinvent security protocols from the ground up. TEEs also come with controls that work alongside existing encryption tools rather than replacing them, Willemsen said.
A regulatory structure is also emerging. NIST published an initial public draft in December explicitly recommending confidential computing as a control for sensitive workloads. The NSA — whose recommendations heavily affect government and enterprise security planning — has added TEE to its most recent zero-trust guidance. Other initiatives around the world, including the EU’s Digital Operational Resilience Act and the Monetary Authority of Singapore, are also promoting the approach.
IDC recommends starting with the most sensitive workloads, spinning up targeted pilot projects, tapping third-party attestation solutions and open source tools to validate the integrity of an environment, and engaging with vendors that support open standards and interoperability. It’s important to participate in industry initiatives and collaborate with key stakeholders and invest in training and skills development, Bues said.
Confidential computing’s role in the secure enterprise
Confidential computing isn’t the only game in town. Other methods, such as homomorphic encryption, secure multiparty computation and privacy-preserving federated learning, are also gaining traction. Yet each introduce performance penalties or implementation complexity. The appeal of confidential computing is that it already operates at scale with infrastructure organizations it owns.
Bower said that as CIOs turn to confidential computing, it’s important to stay focused on a crucial fact: ROI doesn’t arrive in the form of hard numbers; TEEs reduce risk exposure and improve compliance. They help organizations sidestep potentially devastating — and expensive — security and regulatory breakdowns. He suggested turning to industry sources, such as the Confidential Computing Consortium, to gain insight into training, open source tools and other resources that can smooth the transition to confidential workloads.
According to Bues, confidential computing will likely converge with AI Security Posture Management (AI-SPM) and Data Security Posture Management (DSPM) platforms. This would close a critical gap: TEEs securing data in use, while DSPM and AI-SPM manage exposure and governance across the rest of the lifecycle. He predicted that within a few years, a new standard could emerge for how enterprises manage and protect sensitive workloads. The result would be a framework that further integrates security and governance.
“The question is no longer whether confidential computing belongs in the enterprise,” Bower said. “It’s how quickly CIOs can make it part of the architecture.”
