Guy Daniels, TelecomTV (00:15):
Right. It was time for our first session of the afternoon and as you can see, AI and digital sovereignty is the title there. But let's see what we have. We've got a double presentation. First I'm going to ask our next speakers to please join me on stage. Come on up, give me a round applause. So we have Christof Fetzer, who is CTO of SContain and Christoph Gerlach from Supermicro. So you're going to present together. So I will leave it to you. You have the clicker there. Take it away.

Christoph Gerlach, Supermicro (00:47):
Hello. Hello. It works. So hello everyone. Do you have a nice lunch? Yes, yes. Hopefully that's great. That's really, really great. So I am the Christoph from Supermicro and yes, we are two Christophs here. And if we are reducing our acronyms to and to C and C, of course this one stands for confidential computing tool. Which brings us to the topic. And don't worry, this one isn't another AI is great pitch. This is more than like a therapy session. Yes, a therapy session for AI paralyzed telcos, honesty with a bit of humor. So quick question. Who here thinks AI is essential for their company's survival? Hands up and now who's delayed an AI project because of security regulation or just a gut feeling it might blow up your career hands up too.

(02:09):
So congratulations. You are the world's first trading as telco, both desperate for AI and terrified of it. But let's face it, we are all tired of hearing digital transformation like a Hogwarts spell. But here's the truth, you hold civilization's most sensitive data, the real time movements of millions connected car telemetry. And yes, the cat memer preferences of an entire continent. And that's not just a risk, that's your superpower. You just need to use it without burning down the theater. But when we look at the possible solutions out there where all the data you already have is actually processed, we all realize one thing, none of them really fits. We have the option number one, the hyperscalers hot top, just move it all to the cloud. And this means hand over your crown js and pay egress fees. The size of small countries, GDP, the second one is the fortress. Keep everything on premise. And what this mean, your AI lab is herald from finance, running Excel macros. And the last one, the hybrid merge the best of both worlds, meaning twice the cost and double the headaches. So what you actually need is option number four where data is processed without C being seen. It's like a magic, but it's called confidential AI or confidential computing. And now I will hand over to the other Christophe and thank you very much.

Christof Fetzer, SContain (04:24):
This one. Thank you Christophe for the nice introduction. Let me go a little bit further here. So my name is Christof too and I'm the CTO of SContain. But in my day job, I'm also a professor at Technical University of Dresden, one of our excellence universities here in Dresden. And I have been doing confidential computing research for the last 10 years. And the reason for that was I had another startup called Cloud and Heat. The idea was to build edge computing 10 years ago, 12 years ago. One of the replies that we got from potential customers are, oh, is that really secure? Because you have this physical or limited physical security, somebody could just steal your computers that are on the edge, not perfect physical security and therefore we don't want to have our data on these computers that are on the edge. And so therefore I started to look into completely encrypted processing. These days we call that confidential computing. So that means that we always want to have all data encrypted. So in the context of AI, we call that now confidential AI.

(05:44):
We want to make sure that all your data, so training data is encrypted all the time. Also, the queries that reveals lots about my work that I do right now. So every time I query Chat GPT, I reveal what I'm working on and they see the code that I might generate using these tools. So therefore I would like to keep all the queries also confidential. And I want to have insurance that my queries are not used to build competitive or competing systems and also the models that I might invest in and build, I want to keep them confidential secret so that only I can use that. So therefore we have this approach of confidential computing. So we keep all the data always encrypted and we make it in this way that only code that is encrypted can actually see that data in the clear text.

(06:39):
And moreover, the keys that are used to encrypt are only visible to the code that is actually encrypted in memory. So this sounds like magic, but it is not magic. It is confidential computing that we use and we want to protect ourselves against adversaries that might have gained root access to our computers. So we saw this morning that we can use confidential, no, sorry, we didn't see that this morning. We saw this morning that we can use AI to protect our systems. But actually if I'm an adversary, I can use AI also to attack your system. And there might be at least there are some studies that say I might as an adversary be an advantage over the defenders because as an adversary I only need to find one exploitable vulnerability to gain access to your systems. While as a defender I have to defend against all exploitable vulnerabilities that that is in my system.

(07:45):
Therefore, we actually make sure that we protect against all users that have access to our system, that they cannot treat any data of our applications. So by completely encrypting all the data, we can protect against these adversaries that might have gained root access. And moreover, we can also outsource more because if I let my application be managed by some external party, I might not trust that external party. So by using making sure with the help of confidential computing that you cannot treat the data as somebody who takes care of the application, I can protect myself as an application owner. So therefore we would like to protect ourselves from all users that have access to the system that they cannot read our confidential data. So our models, our queries, our training data, and that might sound like magic, but it is in production. So we have been developing that platform for the last 10 years and we have been now working for the last three years and being in production in the healthcare domain.

(09:04):
So in Germany we have this healthcare card where we can log into our data and also go to the doctors. And what we do is we work with one of the big German telcos and we provide them with a confidential computing platform where the users can connect to their health data and there are tens of millions of users that use that platform daily. And so we can protect the data using always encrypted data. And that is actually required by the German regulator, which is called matic. With the help of BSI, which is the German information security agency, they set rules and these are hundreds of rules that define how we need to protect that data. And one essential part of that regulation is that nobody that has access to any part of our service can see the data. They must not be able to change the code to access the data.

(10:04):
Only the code that is approved that runs on a server can see that data, the health data. And that is in production as I said, for a few years. And now of course we are working on confidential AI together with Nvidia and Supermicro. And there we are working on a blueprint for scalable confidential AI such that we can protect all the data that we need to protect all the queries, all the models, and give you a blueprint for building such systems. So that this morning we heard about AI and native telcos. I would say we need confidential AI native telcos. And now I hand over to Christoph.

Christoph Gerlach, Supermicro (10:51):
But we learned a lot. But make it real. Make it real for your CFO, but let's make it real CFO friendly. The German governments say our data can't leave the country. And the old answer was then we can't help. And the new answer is yes, we'll process it, we never look at it and we prove it. And this opportunity only for the German government is roughly more than 2 billion. The second one is multiple operators share encrypted data safely. Nobody leaks secrets, everyone gains insight. And this means 30% efficiency boost and CFOs high fiving in hallways and the last one, I call it Edge AI Fort Knox, tiny boxes everywhere and easy to steal with confidential AI, thieves get only encrypted nonsense. And the result, lower insurance and happy lawyers. Last but not least, and repeat after me, security used to cost us money. Now it makes us money. Thank you very much for your time.

Guy Daniels, TelecomTV (12:19):
Thank you. Round of applause, round of applause for our presenters. Christoph, come and join us on here. Yeah, great. Fascinating. Thanks very much for that. Really interesting insights there. Any questions from our audience right in the front row, Ahmed, Alex is running as fast as he can with a microphone.

Ahmed Hafez, Deutsche Telekom (12:40):
Does solution work with serverless environments or it has, you have to have control on server.

Christof Fetzer, SContain (12:47):
Sorry, can you speak?

Ahmed Hafez, Deutsche Telekom (12:50):
Does your solution work with serverless environments?

Christof Fetzer, SContain (12:52):
Ah, oh let me repeat it. So does the solution work for serverless environments? Yes, it also does work with serverless. So you have to be a little careful how you do serverless, but in principle, in serverless you can start application without having reserved computation VMs. And that is exactly where you can use confidential computing because you can prove that your serverless function is inside of this encrypted memory region. You can so-called test it, make sure that cryptographically that this is your code with your data that runs there. Okay.

Ahmed Hafez, Deutsche Telekom (13:28):
Okay. So can you share any matrix that you have around latency that this brings and roughly the costs of implementing confidential computing if you have?

Christof Fetzer, SContain (13:37):
Yeah, so for confidential ai, so you have of course by encrypting everything you have some overhead, but it's in our measurement about 5%. So within 5% of native computation. So I would say it's acceptable overhead for the extra encryption that you do.

Guy Daniels, TelecomTV (13:58):
Okay, great. Thanks very much. Can I ask layman's questions a follow up? Going back actually because you, I asked the question there about serverless, why is this an important question? Why are we talking about will it work on serverless environments?

Christof Fetzer, SContain (14:12):
So sometimes it's more convenient to use serverless than say a Kubernetes cluster. So personally I always, if I have certain workloads, I use Kubernetes clusters or cloud native. But for certain workloads, serverless is good because I don't have to reserve a cluster. So it can be more cost effective if I send just a server to a cloud provider like the telecom and then they run it. And I, as a user of that serverless functionality, I want to make sure that my data is protected in that serverless function. I think that's how I interpreted your question.

Guy Daniels, TelecomTV (14:44):
Great, thanks for clarifying that. That's great. Do you have any more questions for, I guess there's one at the back there as well. Thanks Alex.

Audience Member (14:51):
Are you worried about Q day and should we be worried about Q day?

Christof Fetzer, SContain (14:56):
Q day,

Audience Member (14:57):
Q day. So when quantum computers can break?

Christof Fetzer, SContain (15:00):
Okay, I'm not worried about quantum computing. So we mainly use symmetric keys so we can actually be p-st quantum crypto-safe in the sense that we use something that's called attestation. So it's kind of a magic how we provision keys to these encrypted memory regions. We can have everything symmetric and symmetric encryption is actually pretty resistant against quantum computers. It's when you use public private key pairs there, you have to be careful to be quantum post-quantum safe.

Guy Daniels, TelecomTV (15:38):
Great. There's one more the front here. The microphone's coming. Thank you.

Andrew Collinson, Connective Insight (15:43):
Hi, thank you. It's a very interesting concept. What's the business model for telecoms? So who pays who for what and who makes what profit out of what?

Christof Fetzer, SContain (15:55):
Okay, so maybe, I hope I can say that about German telecom. They have for example a cloud about that provides confidential computing and so they have then workloads from governments and in the healthcare domain and there they have done an additional charge for confidential computing. And it's similar also by in other hyperscalers. So you can provide computing to customers and you protect their data using this confidential computing and you can have some extra charge for that. And if you're a local telco, you can also make sure that the data stays in that geographic region.

Andrew Collinson, Connective Insight (16:39):
So is Deutsche Telekom the one and only you're working with or you're trying to syndicate this with other operators? Is that your proposition? You're trying to get more partners?

Christof Fetzer, SContain (16:50):
So we have also other partners outside of Germany, also other European telcos that we work with. But of course we want to have more telcos that use that technology, use Nvidia, use super micro and build a scalable confidential AI platform. Fantastic. Of course also outside of you.

Guy Daniels, TelecomTV (17:11):
Great, thanks so much. Do you have another question Alex?

Francis Haysom, Appledore Research (17:22):
You mentioned obviously Germany has very, very strong governance as far as the data sovereignty is concerned. Yes. How are you seeing your story go beyond the bounds of just Germany because where often these are less or they're less explicitly said there's a problem and I guess people could ignore it. I'm just interested in what you're seeing in other countries.

Christof Fetzer, SContain (17:47):
So I would that in Europe I would expect there will be more push towards that. So there's an AI regulation act and I think that is very important for Europe to regulate this, make sure that the data is protected. There is of course a different push in the US but in there's less focus on protecting the data. And while in Europe I would expect there will be more and more push towards this solution to protect the citizens and their data. Okay,

Guy Daniels, TelecomTV (18:22):
Fantastic. Great, thank you. Do you have another question? Well, we're here, we've got a lot of questions for this topic. I don't very reassuring, I think we might be clear in that case. I do have one from our online audience related, it's quite a straightforward question. Does AI increase the threat surface for telcos and how much of a problem is that?

Christof Fetzer, SContain (18:45):
So I would say yes. So as I mentioned, you can use AI to protect yourself against attacks, but there is this so-called defenders dilemma. So that means I have hundreds of millions of lines of code that run in my infrastructure. And if I'm the attacker, I need to find one vulnerability that I can exploit and that I can use AI to find that I can analyze all the Linux code, I can analyze all this software that is open source and I can actually have a targeted attack. And if I am a telco, I need to defend against all these potential attacks and I need to have much more computing power than as an attacker. So therefore there is some asymmetry that we need to take care of and therefore one way is to encrypt more because then I can exclude some of the code base out of my, what is called trust compute base. So I don't need to defend against all vulnerability that are in my

Guy Daniels, TelecomTV (19:48):
System. Great. Thanks very much for that. Right. We shall move on in that case. So let's thank our two Christoph presenters. Thank you very much. Fascinating.