Confidential computing enables processing data in an untrusted environment (e.g.: a public cloud). Only code that has been approved by all parties can run on the data but it does not give any guarantee on the security of the output of this code. Making sure a code is safe is a high-risk endeavor, especially in a multiparty environments because re-identification attacks can be very subtle.
Moreover, in real life, data science work implies writing dozens of exploratory queries, wrangling the data, trying different parameters... This would be unrealistic if every party had to agree on hundreds of different queries along the way.
Sarus removes the need to pre-agree on the queries that will run. It can run in a confidential computing environment if the data owner cannot run the queries locally, which we demonstrated with Microsoft