Fortanix Confidential Computing Manager (CCM)
Overview
Fortanix Confidential Computing Manager is a cloud-native control plane that orchestrates confidential computing environments using Intel SGX and AMD SEV trusted execution environments. It manages enclave lifecycle, code attestation, policy enforcement, and data access for applications running in secure enclaves, enabling existing and new applications to run in protected environments without code changes.
Unsung implements CCM for UK customers that need to protect sensitive data during processing — addressing the "data in use" gap that traditional encryption at rest and in transit does not cover.
The Challenge
Encryption protects data at rest and in transit, but data must typically be decrypted for processing. This creates a vulnerability window during which sensitive data is exposed in memory. For organisations processing highly sensitive information — financial data, healthcare records, classified material, or proprietary algorithms — this gap represents a significant risk, particularly in cloud environments where the underlying infrastructure is shared.
Confidential computing addresses this by processing data within hardware-protected enclaves that prevent access even from the cloud provider or infrastructure administrators. However, managing confidential computing environments — deploying applications to enclaves, verifying code integrity, enforcing access policies — requires orchestration tooling that most organisations lack.
What It Does
CCM provides the management layer for confidential computing deployments. It orchestrates the creation and lifecycle of secure enclaves, performs code attestation to verify that only authorised, unmodified code runs within enclaves, and enforces data access policies that control which applications and users can access sensitive data during processing.
The platform supports multiple trusted execution environment technologies and enables organisations to deploy existing applications into enclaves without requiring application rewrites. This lowers the barrier to adopting confidential computing and enables organisations to protect sensitive workloads in cloud environments whilst maintaining operational control over data access and processing integrity.
How Unsung Helps
Unsung helps clients evaluate whether confidential computing addresses their data protection requirements, identify appropriate workloads for enclave deployment, and implement CCM within their cloud infrastructure. Our PKI Consultancy service provides guidance on how confidential computing fits within the organisation’s broader cryptographic and data protection strategy.
Related Unsung Services
PKI Consultancy — Advisory on data protection strategy and cryptographic architecture.
Hardware Security Modules — HSM and enclave-based key protection strategy.
