Data sovereignty: How confidential computing makes your data technically inaccessible to cloud providers

In discussions around data sovereignty, the U.S. Cloud Act is often framed as the primary threat for organizations hosting their data in the cloud. Yet the emergence of confidential computing technologies is fundamentally reshaping that conversation. For the first time, it becomes technically impossible for cloud providers—and by extension, for any government authority—to access customer data, even under a legal mandate.

AWS Nitro Enclaves, Azure Confidential VMs, and Google Cloud Confidential Computing represent an architectural shift that redefines the boundaries of digital sovereignty. These technologies no longer rely on contractual commitments or privacy policies, but on cryptographically verifiable, hardware-enforced guarantees. For Québec and Canadian organizations concerned about maintaining control over sensitive data, this technical evolution marks a decisive turning point.

 

Confidential computing: A technical barrier, not a legal one

Trusted Execution Environments (TEEs): Absolute hardware isolation

Confidential computing is built on Trusted Execution Environments (TEEs) embedded directly into modern processors. These TEEs create hardware-isolated enclaves where data remains encrypted in memory and can only be decrypted by the processor itself, within a fully isolated execution space.

The three main cloud providers have adopted this approach:

• AWS Nitro System: Since 2017, AWS has developed the Nitro System, a specialized hardware architecture designed to completely eliminate operator access to customer data. According to an independent audit conducted by NCC Group in 2023, “there is no mechanism by which a cloud provider employee can log into the underlying host” or access EC2 instance memory. AWS Nitro Enclaves extend this protection further by creating isolated virtual machines where even the root administrators of the parent EC2 instance cannot access the data processed inside the enclave.
• Azure Confidential Computing: Microsoft offers confidential virtual machines based on AMD SEV-SNP and Intel TDX technologies. These VMs encrypt all memory using unique keys generated by the processor itself. These keys are inaccessible to hypervisors or Azure administrators. Microsoft documentation explicitly states: “Even Azure engineers with administrative access to the VM host cannot access customer data in memory.”
• Google Cloud Confidential VMs: Google leverages AMD SEV, AMD SEV-SNP, and Intel TDX to encrypt virtual machine memory. Encryption keys are generated by the AMD Secure Processor or Intel TDX and “exist only within the processor, making them unavailable to Google or to any VM running on the host.”

Cryptographic attestation: Verifiable proof of integrity

Beyond encryption, these technologies provide cryptographic attestation mechanisms that allow customers to verify both the identity and integrity of the execution environment. A hardware-signed attestation document contains hashes of all software and hardware components within the enclave, enabling customers to mathematically prove that only authorized code is running and that the environment has not been tampered with.

This capability fundamentally differentiates confidential computing from traditional encryption. It does not merely protect data at rest or in transit; it cryptographically guarantees that the computation itself occurs in a verified, tamper-proof environment.

 

The Cloud Act meets technical impossibility

The limits of legal obligations: When technology makes compliance impossible

The Cloud Act allows U.S. authorities to compel cloud providers to disclose data stored on their servers, regardless of geographic location. However, this legislation collides with an unavoidable technical reality: with confidential computing, cloud providers simply do not possess the technical means to access customer data.

AWS addresses this directly in its Cloud Act documentation: “AWS designs its products and services so that no one—not even AWS operators—can access customer content. We can only respond to lawful requests for data when we have the technical ability to do so.” This is not a commercial promise, but an architectural constraint.

The Nitro System is built without any mechanism that allows operators to access customer data. There is no “super-user” or privileged access path that bypasses these protections. Even for maintenance operations, AWS operators are limited to a restricted set of administrative APIs that provide no ability to access customer data. These controls are enforced at the Nitro System level and cannot be overridden by any AWS employee.

Customer-managed encryption keys: The final line of defense

The three cloud providers also offer encryption models where keys are fully controlled by the customer:

• AWS External Key Store (XKS): Allows encryption keys to be stored entirely outside AWS, in customer-managed HSMs or with Canadian partners such as Thales.
• Azure Key Vault Managed HSM: Provides FIPS 140-2 Level 3 HSMs in single-tenant mode, where only the customer controls the cryptographic keys.
• Google Cloud External Key Manager (EKM): Enables customers to manage encryption keys outside Google Cloud while still using them to protect data within GCP.

With these architectures, even if a cloud provider were served with a legal request, it would be technically incapable of decrypting the data without access to keys held exclusively by the customer.

 

Real-world use cases: Adoption in regulated industries

Financial services and cryptocurrencies

Organizations handling critical financial assets are rapidly adopting these technologies:

• ACINQ, a leading Lightning Network developer in the Bitcoin ecosystem, uses AWS Nitro Enclaves to protect private keys controlling its funds.
• Fireblocks, which secures billions of dollars in digital assets, has integrated Nitro Enclaves into its multi-party computation (MPC) architecture for secure transaction signing.

Personal data protection

1Password, the password manager used by millions worldwide, extends its end-to-end encryption model into the cloud using Nitro Enclaves. According to its CTO: “With AWS Nitro Enclaves, we extend this end-to-end encryption model into the cloud, securely processing sensitive data in isolated and attested environments. These capabilities are not just security features; they are trust enablers, allowing us to build enterprise-grade functionality while cryptographically proving that no one can access customer data during processing.”

Secure multi-party computation and confidential collaboration

Google Cloud Confidential Space enables organizations to collaborate on sensitive datasets without ever revealing the data to other parties. A common use case is joint fraud detection across financial institutions:

• Two banks can identify shared customers or fraud patterns without ever exchanging their respective customer lists.

Implications for Québec and Canadian organizations

Redefining digital sovereignty

Digital sovereignty is no longer limited to selecting a Canadian provider or ensuring data residency within national borders. Confidential computing allows organizations to host data anywhere in the world while maintaining absolute technical control over access.

A Québec-based company can, for example, take advantage of the AWS us-east-1 region—optimized latency for U.S. customers, lower costs, and access to advanced services—while ensuring that even AWS cannot access sensitive data, thanks to Nitro Enclaves and External Key Store backed by a Canadian HSM.

Simplified regulatory compliance

For regulated sectors such as healthcare, finance, and the public sector, confidential computing significantly simplifies compliance:

• Law 25 (Québec): Protection of personal information enforced through verifiable technical controls.
• PIPEDA (Canada): Data security strengthened beyond minimum regulatory requirements.
• Healthcare sector: Processing of health data in cryptographically attested environments.

Compliance audits become more straightforward because security controls no longer rely solely on organizational procedures, but on independently verifiable hardware guarantees.

 

Cost considerations and ROI

Implementing confidential computing represents a marginal investment relative to its benefits:

• AWS Nitro Enclaves: No additional cost beyond the parent EC2 instance.
• Azure Confidential VMs: 10–15% premium over equivalent standard VMs.
• Google Cloud Confidential VMs: Negligible to zero performance impact, with pricing comparable to standard VMs.
• External key management: AWS KMS with XKS costs approximately $1/month per key, identical to standard KMS.

For organizations handling sensitive data, the cost of non-compliance or a data breach (fines, reputational damage, legal exposure) far exceeds the minimal investment required for confidential computing.

 

Practical implementation: Where to start

Assessing workload sensitivity

Not all workloads require the same level of protection. Begin by identifying:

• Highly sensitive data: Financial information, medical records, cryptographic keys, intellectual property → Confidential computing required
• Moderately sensitive data: Standard customer data, application logs → Customer-managed encryption
• Public or low-sensitivity data: Marketing content, anonymized aggregated data → Standard encryption

Reference architecture for AWS

For a Québec-based SMB handling sensitive data:

1. Nitro-based EC2 instance in ca-central-1 (Montréal)
2. Nitro Enclaves enabled for sensitive processing
3. AWS KMS with External Key Store connected to a Canadian HSM (Thales, Atos)
4. Cryptographic attestation configured to verify enclave integrity prior to processing

Estimated cost:

• m6i.xlarge instance (4 vCPU, 16 GB RAM): ~$250/month
• External Key Store: $1/month per key
• Total: ~$260/month for bank-grade security

Equivalent architecture on Azure

1. Confidential VM DCasv5-series in canadacentral (Toronto)
2. AMD SEV-SNP memory encryption enabled
3. Azure Key Vault Managed HSM for key management
4. Azure Attestation for integrity verification

Estimated cost:

• DC4as_v5 (4 vCPU, 16 GB RAM): ~$300/month
• Managed HSM: ~$1,400/month (shared across multiple applications)

Google Cloud architecture

1. Confidential N2D VM in northamerica-northeast1 (Montréal)
2. AMD SEV-SNP or Intel TDX depending on performance requirements
3. Cloud External Key Manager with external HSM
4. Google Cloud Attestation for verification

Estimated cost:

• n2d-standard-4 Confidential VM: ~$250/month
• External Key Manager: variable depending on HSM provider

Conclusion: Sovereignty through technology, not geography

For years, debates around the Cloud Act and data sovereignty have framed the issue as a choice between U.S. providers and local alternatives, as though geographic location alone could guarantee data control. Confidential computing moves beyond this simplistic dichotomy by making data access technically impossible, regardless of jurisdiction.

AWS Nitro Enclaves, Azure Confidential VMs, and Google Cloud Confidential Computing are not incremental security enhancements. They represent a paradigm shift: for the first time, organizations can leverage the elasticity, performance, and innovation of the public cloud while retaining absolute technical control over their most sensitive data.

For Québec SMBs, this technology democratizes access to security levels once reserved for financial institutions and government agencies. It enables the processing of health data, financial information, and intellectual property in the cloud with cryptographically verifiable guarantees—without forcing a trade-off between security and innovation.

True digital sovereignty does not lie in defaulting to a Canadian provider, but in mastering the technical controls that govern data access, regardless of physical location. Confidential computing delivers exactly that: mathematically provable protection, independently audited, and technically unavoidable.

At Unicorne, we support Québec organizations in the strategic adoption of confidential computing technologies. Our expertise spans security needs assessment, architecture design, and implementation that aligns both budget constraints and compliance requirements—because digital sovereignty is built on solid technical foundations, not promises.

Need an evaluation of your confidential computing requirements? Unicorne’s experts are available to analyze your sensitive workloads and design an optimal architecture. Contact us for a personalized consultation.