FAQ

Who founded Profian?

Profian was co-founded by Mike Bursell, former Chief Security Architect at Red Hat, and Nathaniel McCallum, former Virtualization Security Architect at Red Hat.

Does Profian own Enarx?

No. Enarx is a Linux Foundation project, under the Confidential Computing Consortium. Profian is a custodian of the Enarx project, encouraging broad industry contribution and facilitating collaboration with other projects.

Why open source?

Confidential Computing protects organisations’ most valuable software and data assets from compromise and leakage, and central to its approach is reducing the risk to those organisations by limiting the number of components and companies that need to be trusted. Open source software is key to this, allowing anybody to evaluate and review the infrastructure which protects organisations’ “crown jewels.” Enarx, on which Profian’s products and services are based, is open source (under Apache 2.0).

What is Confidential Computing?

Confidential Computing is the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment (TEE). This is the definition from the Confidential Computing Consortium, of which Profian is a founding member. TEE implementations are available from Intel (SGX) and AMD (SEV), and both Arm and IBM have announced product plans. TEEs allow applications to run on the untrusted cloud: in other words, workloads are protected even from malicious or compromised hosts in the public cloud, on Edge or on-premises. Profian simplifies the deployment of applications on TEEs, maintaining the highest security postures whilst allowing cross-platform, hybrid cloud solutions with minimum effort to organizations. Read more in our detailed post.

Who needs Confidential Computing?

Almost all sectors have data or applications which are sensitive, whether those are customer information, financial transactions, healthcare or pharmaceutical research or lower-level data such as cryptographic keys, logging and auditing records or network configurations – and many sectors operate within specific regulatory regimes such as GDPR, CCPA or HIPAA. Profian provides products and services applicable across sectors but will initially focus on the financial services sector, where there is a well-defined set of use cases and a strong appetite for solutions that meet the strong confidentiality and integrity requirements applicable to enterprises in this space.

How is Profian different?

Profian provides products and services to deploy cloud-native applications in line with established workflows, using existing languages and development tools. Profian believes that customers should not need to change the languages, programming approaches or deployment pipelines in order to benefit from Confidential Computing. Profian also believes that the greatest transparency leads to the greatest security, and for that reason, is committed to providing completely open source solutions.