In the context of data becoming a new production factor, security issues are crucial, and paying attention to data security has become a global trend. As “critical data resources” within the “national critical information infrastructure,” safeguarding financial data security is not only necessary but also urgent.
The national “14th Five-Year Plan” clearly states the need to strengthen the digital economy security system, enhance data security assurance levels, and further requires research to promote the establishment of a data security standard system, regulating the management of data throughout its lifecycle. In 2021, the People’s Bank of China issued the “Financial Data Security Data Lifecycle Security Specification,” which clarifies the security framework for the financial data lifecycle, requiring financial institutions to build a data security governance system that covers the entire lifecycle of data collection, transmission, storage, usage, and destruction. Data storage security is the bottom line guarantee for data security throughout the data lifecycle. The data storage phase faces significant challenges; on one hand, data transitions from dynamic to static, making the targets clearer for attackers and the difficulty of attack lower; on the other hand, data is centralized from being dispersed, and once breached, the harm is extensive and the impact is broader.
Previously, the People’s Bank of China proposed requirements for the encrypted storage of sensitive data, clarifying that important systems must implement important data protection based on commercial encryption algorithms. In 2023, the People’s Bank of China further clarified the technical measures for data storage protection in the “Data Security Management Measures for the Business Scope of the People’s Bank of China (Draft for Comments),” and encouraged research into more “fine-grained encryption methods” for data security storage innovation solutions.
Currently, there is no suitable solution that can balance security and transformation costs. Against this backdrop, this article conducts research on financial data security storage based on confidential computing technology. By leveraging the hardware-based security capabilities of confidential computing, a secure storage solution is developed, placing important data, keys, and encryption/decryption calculations in a secure and trustworthy operating environment of confidential computing. At the same time, further application explorations are conducted to provide unified secure storage foundational service components for application systems, effectively ensuring the security of financial sensitive data in both computing and storage states.
Existing Storage Encryption Solutions
Introduction to Confidential Computing Technology
Confidential Computing Secure Storage Service Solution
Application Practice of Confidential Computing Secure Storage Service

2. Performance Analysis
Confidential computing greatly enhances the security of services, but the increase in security inevitably sacrifices some performance. To analyze the overall performance of the confidential computing secure storage service and the impact of the confidential computing environment on service performance, performance tests were conducted in both ordinary and confidential computing environments.
(1) Testing Method. The national encryption SM4 algorithm was used to encrypt a table with 18 fields, setting encryption for 1, 2, 3, and 4 fields respectively; the front-end encryption module was deployed in both ordinary and confidential computing environments; and the sysbench tool was used on the client side to connect to the front-end encryption module for performance testing.
(2) Resource Configuration. Database resource configuration was set to 4C16G, with the front-end encryption module configured to 2C8G, 4C8G, and 6C8G, and the client configured to 2C8G.
(3) Result Analysis. The overall performance of services in ordinary and confidential computing environments is shown in Table 1 and Table 2.


From Table 2, it can be seen that with a configuration of 2C8G and encrypting 1 field, the TPS of the confidential computing secure storage service can reach approximately 2330 (QPS is 6990), meeting the needs of most applications. As resource configuration increases, service performance gradually improves, reaching a TPS of 4369 under a 4C8G configuration, demonstrating good scalability.
To analyze the impact of the confidential computing environment on service performance, a comparative analysis of overall service performance in ordinary and confidential computing environments was conducted. It can be seen that while the confidential computing environment enhances security, it also incurs some performance overhead, with performance loss in the confidential computing environment relative to the ordinary environment being within 20%. As resource configuration increases, performance loss gradually decreases, with performance loss in the confidential computing environment being between 15% and 20% with a 2C resource configuration, fluctuating around 15% with a 4C configuration, and reducing to under 3% with a 6C configuration.
Summary and Outlook
(Source: Financial Electrification)
Share Cybersecurity Knowledge to Strengthen Cybersecurity Awareness
Welcome to follow the official Douyin account of “China Information Security” magazine

“China Information Security” magazine strongly recommends
“Enterprise Growth Plan”
Click the image below to learn more
