Zscaler Scales Confidential Computing and Zero Trust with Intel® Trust Authority

By Nikhil Deshpande, Sr. Director of Product Management, Intel Corp. and Ken Urquhart, Vice President, Zscaler

Organizations have focused on adoption of Zero Trust security practices to address the challenges of an ever-increasing threat landscape. Zero Trust enables these organizations to operate securely even when they cannot verify directly the security of the third-party cloud platforms and SaaS solutions they use to run their businesses. But Zero Trust for secure data communications is only part of the solution. To extend Zero Trust beyond cloud to endpoint, down to the silicon, requires adding hardware-based privacy and security technologies to the servers running organization workloads across multiple clouds, edges, and data centers.

A Solution to the Security Challenge

Among the front runners in Zero Trust cloud security is Zscaler. In a collaboration with Intel, Zscaler recently introduced a unique approach to utilizing the power of confidential computing and Zero Trust. Their goal is to provide scalable silicon-to-cloud security that permeates various applications, multi-tenant environments, and multi-cloud deployments with Intel Trust Authority.

Zscaler’s solution used the cloud native Zero Trust Exchange platform, and is designed to establish secure connections between users, devices, and applications, regardless of their geographic location. In its latest move, Zscaler is expanding the scope of this platform by integrating it with Intel® Trust Domain Extensions (TDX), a silicon-based confidential computing environment. This enhanced security measure is fortified by Intel® Trust Authority, which verifies the authenticity and integrity of Zscaler's App Connectors across various cloud infrastructures.

Anchoring Trust in the Silicon

Zscaler and Intel have collaborated to scale trust across multiple cloud environments by providing a higher degree of security assurance with Intel trust Authority by anchoring trust within the silicon. This innovative approach enables cloud-native platforms and applications to mutually attest before running any workload – a process that is fast, secure, and verified.

Zscaler’s Zero Trust Exchange platform interacts with multiple App Connectors worldwide, providing a secure interface between a customer’s servers and the Zscaler cloud. This approach facilitates rapid, secure connections with customer applications and endpoints.

In a recent pilot program, App Connectors were isolated and protected within Intel TDX-based confidential computing environments. Intel Trust Authority then validated these environments, demonstrating the potential of this hardware security model.

Mutual Attestation of Cloud-Native Applications

The key to this new security process is the mutual attestation of cloud-native applications. Before an authenticated user can connect to their requested workload, Intel® Trust Authority generates an attestation token. This token is passed via the Zero Trust Exchange to the App Connector and vice versa, providing a verified assurance that the connector (running on the same hypervisor as the customer application it protects) has not been compromised. The connector can then be safely decrypted and executed within the secure confines of the Intel TDX-based confidential computing environment. When the customer application carries out the same validation, the Zero Trust paradigm is effectively extended from cloud to the silicon.

In summary, the partnership between Zscaler and Intel is driving a new wave of security solutions. By leveraging the power of confidential computing, these companies are scaling Zero Trust across multiple clouds, offering an enhanced level of protection for businesses operating in today's complex digital world. Their combined security approach is not just about keeping pace with the evolving threat landscape but setting the pace for the future of digital security.

Learn more about Intel® Trust Authority here.