Attestation vs. integrity in a zero-trust world

The complex risks facing modern IT environments make IT security a strategic imperative, not a back-end detail. Furthering this is cloud computing, which serves as the foundation of the AI economy, meaning that enterprises and nations require greater control, transparency, and assurance over data location and protection. Trust has become not just a technical question, but a matter of national policy, corporate strategy, and even societal resilience.

At the same time, the explosion of AI and machine learning (ML) workloads is reshaping infrastructure requirements. But these shifts pose a complex question—if your most valuable models and datasets are in the cloud, how do you assess their security posture?

Here lies the central dilemma. The very abstraction that makes the cloud powerful also makes it opaque. You don’t control the hardware, the hypervisor, or the low-level firmware that your workloads depend on. How do you trust something you cannot see or control? The old paradigm of “trust but verify” no longer works in this modern environment. Instead, the principle of zero trust, “assume nothing, verify everything,” has become a core tenet of modern security strategy.

This is where the next generation of security concepts comes into play. Confidential computing, through hardware-based trusted execution environments (TEEs), enables organizations to protect their data not only at rest and in transit, but also in use. At its heart are two core principles: attestation and integrity. Attestation provides proof, enabling organizations to verify that workloads are executing in a trusted and verifiable environment. Integrity means that what is running is exactly what you intended, unmodified and uncompromised. These are not just security features; they are the foundation for digital trust in an era where cloud and AI are redefining economies, industries, and even governance.

A new frontier in data protection

Security teams have long worked with the concept of the “three states of data”at rest, in transit, and in use. Encryption at rest protects stored information. Encryption in transit, such as TLS and VPNs, protects data as it moves between systems. Yet in the third state, when data is loaded into memory and actively being processed, it has remained largely unprotected. This is the critical exposure window that attackers, insiders, and even systemic vulnerabilities have exploited time and again.

With confidential computing, data remains protected not only at rest and in transit, but also during runtime. TEEs create an execution environment where code and data are shielded from the layers of infrastructure they depend on, from firmware and hypervisors to the cloud provider’s own administrators. For engineers, this means greater assurance that sensitive workloads stay confidential even in environments they don’t directly control. For decision-makers, it provides a concrete mechanism to align cloud adoption with zero-trust principles.

Confidential computing goes further than locking workloads inside a sealed “black box.” Its real value lies in providing attestation, which cryptographically proves that the TEE hasn’t been tampered with. Before sensitive data or models are loaded, organizations can verify the TEE’s integrity and configuration. This elevates confidential computing from a security feature to a foundation of digital trust, offering verifiable assurance that critical workloads in the cloud are both protected and trustworthy.

Demystifying the core concepts

Zero trust is a security model built on the principle of “never trust, always verify.” It means that no entity, whether inside or outside your network, is trusted by default. Every access request must be authenticated, authorized, and continuously validated. The 3 core tenets of zero trust are identity, integrity, and isolation.

Confidential computing is not a replacement for a zero-trust strategy; rather, it is a key enabler. Zero trust provides the security framework and policies, while confidential computing provides the hardware-enforced integrity and attestation mechanisms needed to implement that framework for workloads running in untrusted environments, like the public cloud.

Next, we want to focus on the concepts of integrity and attestation, as there are many misconceptions surrounding them.

Integrity is the assurance that a system, its components, or its data have not been altered or tampered with in an unauthorized way. It’s a foundational pillar of any security posture. Integrity validates that the operating system, applications, and data are unmodified and authentic, exactly as you expect it. Think of it as the digital equivalent of an unbroken, tamper-evident seal on a physical evidence bag. If the seal is intact, you can be confident that the contents haven’t been compromised. In the digital world, this “seal” is maintained through cryptographic hashes and other security measures that detect unauthorized changes.

While integrity is the state of being trustworthy, attestation is the process of proving it. Attestation is the mechanism by which a system or component (the “attester”) provides cryptographic proof of its identity and current state to another party (the “verifier”). This allows the verifier to make an informed decision about whether to trust that system.

To bring these concepts together, let’s use an analogy. Imagine integrity is a secure, sealed room. You know that for this room to be secure, the walls must be solid, the door must be locked, and the alarm system must be active. Integrity is the assurance that the room is in this exact, unaltered state. It’s the “unbroken seal” on the door.

Attestation is the process of getting proof of that room’s condition before you place anything valuable inside. You don’t just take the room’s word for it. Instead, you ask for a security report. You receive a notarized, tamper-proof certificate, like a digital passport, that lists the current status: “Door is locked, alarm is active, walls are solid.” You can examine this certificate to verify the room’s integrity without blindly trusting.

So, in the zero-trust world:

• Integrity is the secure, expected state of your workload or platform.
• Attestation is the verifiable, cryptographic evidence you receive about that state, enabling you to enforce your security policies with confidence.

How attestation and integrity reinforce each other

Integrity and attestation aren’t competing concepts, they’re a powerful combination that forms a synergistic loop at the heart of zero trust. One is incomplete without the other.

Let’s see how this works in a modern computing environment.

1. Establish integrity: A workload starts up in a secure environment, such as a confidential virtual machine (CVM). During its boot process, the system takes cryptographic measurements (hashes) of critical software components. This sequence of measurements creates a unique digital fingerprint that represents the platform’s exact configuration and establishes its integrity.
2. Request proof: Your orchestration platform challenges the CVM before deploying a sensitive application to verify its trustworthiness. It asks, “Can you provide evidence of your current state?”
3. Generate attestation: The secure environment uses a protected, isolated hardware element that serves as a digital notary. This trusted component cryptographically signs the integrity measurements and bundles them into an attestation report. Since this signature is rooted in hardware, it provides a high-assurance verification that the report is authentic and hasn’t been forged by potentially compromised software.
4. Verify and trust: Your platform receives the attestation report. It first verifies the signature to authenticate the report and came from a genuine hardware root of trust. It then compares the measurements in the report to a list of known-good values, often called a “golden image” or a security policy.

If the measurements match, trust is established—the platform has verified the VM’s integrity and can safely deploy the sensitive workload. If they don’t match, it signifies a potential compromise or misconfiguration, and the deployment is automatically aborted.

This loop closes the gap between knowing what an enhanced security system should look like and proving that it is.

From trusting to knowing

In a zero-trust world, we must replace blind faith with verifiable proof. This requires understanding 2 distinct concepts that are powerful only when they are combined: integrity and attestation.

Think of it this way—integrity is the quality of a system being secure, while attestation is the act of proving it with undeniable, cryptographic evidence.

Neither is sufficient on its own. A system might have perfect integrity, but without attestation, it’s a black box—it may be secure, but you have no way to verify it. Conversely, attestation of a compromised system is useless. It’s just an accurate report about an insecure state. Their true power is in their partnership. Together, they allow you to move from simply trusting your environment to cryptographically knowing it is secure.