Security
Engage with our experts on security topics
Announcements
The Intel sign-in experience is changing in February to support enhanced security controls. If you sign in, click here for more information.
75 Discussions

Rising to the Challenge — Data Security with Intel Confidential Computing

Anil_Rao
Employee
5 0 8,453

Introduction:

Every day, we’re assailed with reports of new data breaches, trans-national hacking and ransomware attacks. It paints a dark picture, indeed. But what keeps me optimistic that the best days in security technology still lay ahead of us is the progress Intel, along with our customers and partners, are making in Confidential Computing.

The industry has long offered technologies like disk and network encryption to protect data at-rest and in-transit, but protecting data in-use proved a more elusive challenge — until we launched Intel® Software Guard Extensions. Intel® SGX is the most-deployed, researched and hardened trusted execution environment (TEE) for protecting data while it is actively being processed in memory, and remains a cornerstone of our Confidential Computing roadmap for Intel Xeon platforms. Deployed in the data center, the network or at the edge, Intel SGX helps protect data in-use via application isolation technology. By protecting selected code and data from modification in hardened enclaves, organizations can enhance security, data privacy and confidentiality.

pics3.jpg

Solving Data Privacy Challenges with Intel SGX

Innovative organizations have up-leveled their security and launched new growth-oriented services using Confidential Computing powered by Intel SGX. These include a wide range of industries, from financial services and healthcare to government services and retail. Among the top uses of Confidential Computing are services where multiple parties can collaborate and benefit from a pooled data set while keeping each party’s data private. For example, the University of California-San Francisco used an Intel SGX-based service to validate AI-enhanced medical device algorithms with multiple third-party data sets while preserving patient privacy and protecting the AI model’s IP. Magnit (retail), Swiss Re (insurance), Leidos (pandemic response) and others are growing their businesses today using multi-party collaboration while protecting everyone’s data confidentiality.

 

A Thriving Ecosystem Built on Intel SGX

A sure indicator of the health and potential of a technology is the supporting investment throughout the ecosystem. Leading cloud providers such as Microsoft Azure, Alibaba Cloud, IBM Cloud, OVH and more now offer Confidential Computing services protected with Intel SGX. Every month, we hear of new software companies offering tools and solutions for specific industries and use cases, building on the foundation of Intel SGX. Innovators like Fortanix, Consilient, Decentriq, Edgeless Systems and more continue to amaze me with their creativity, technical expertise, and customer insight. In addition, all major server manufacturers are delivering Intel® Xeon® platforms with Intel SGX capabilities. The need for Confidential Computing solutions is urgent, and the ecosystem is rallying to meet the challenge with Intel technology.

 

The Road Ahead – Intel SGX and TDX

Intel SGX is available today on 3rd Gen Intel Xeon Scalable, Intel Xeon E-2300 processors, and we’ll continue support in future single- and multi-socket Intel Xeon platforms. For the client platforms, Intel shifted our security roadmap away from Intel SGX to focus on purpose-built security technologies aligned with key PC ecosystem partners and client use cases, but Intel Xeon platforms are “full steam ahead” with Intel SGX. Our portfolio for Confidential Computing will only get stronger with the addition of our virtual machine isolation technology called Intel® Trust Domain Extensions (Intel® TDX) on upcoming Intel Xeon Scalable platforms. With a full range of options including both Intel SGX and TDX, our customers can tailor their Confidential Computing solutions to their use cases’ specific data isolation and deployment needs. Intel Xeon platforms will be ready to support a vast range of heterogeneous environments including virtualized and bare-metal deployments, isolation of specific VMs, native and custom applications, containers or functions, and a wide variety of programming languages.

Our customers are achieving amazing things with Confidential Computing on Intel platforms, and the thriving Intel SGX ecosystem and our robust technology roadmap make me optimistic that our industry can rise to the security challenges we face today. I hope you will learn more about Intel SGX and Intel TDX on Intel Xeon platforms, and join me in deploying, not just imagining, a more secure future.

 

Anil Rao is Vice President and General Manager, Systems Architecture and Engineering, Office of the CTO, at Intel.

 

Notices & Disclaimers
Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex
Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates.  See backup for configuration details.  No product or component can be absolutely secure.
Your costs and results may vary.
Intel technologies may require enabled hardware, software or service activation.
© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.  Other names and brands may be claimed as the property of others.
About the Author
Anil Rao is vice president in the Intel Office of the CTO and responsible for Security and Systems Architecture for Intel Corporation. Rao leads technical vision, strategy, and architecture for next-generation cloud to edge to client security, heterogeneous systems architecture including disaggregated and container computing, and Graph and Sparse AI. Rao joined Intel in 2016 with two decades of engineering, product and strategy expertise in cloud and data center technologies. He was a co-founder of SeaMicro Inc. in 2007 developing energy-efficient converged solutions for cloud and data centers. After SeaMicro was acquired by Advanced Micro Devices (AMD) in 2012, Rao spent three years as corporate vice president of products in AMD’s Data Center Solutions Business Group. He served as technical adviser and strategy consultant to the office of the chief technology officer at Qualcomm until joining Intel. Rao earned a bachelor’s degree in electrical and communications engineering from Bangalore University in India, a master’s degree in computer science from Arizona State University, and an MBA degree from the University of California, Berkeley. He is a co-author of the Optical Internetworking Forum’s OIF specifications and holds several patents in networking and data center technologies.
Authors