View all on-demand sessions from the Intelligent Security Summit here.
Today, Intel announced the launch of its 4th generation Intel Xeon Scalable processors and the Intel Max Series CPUs and GPUs, in addition to launching a virtual machine (VM) isolation solution and an independent trust verification service to help build the “most extensive confidential computer portfolio in the industry”. ”
Intel’s VM isolation solution, Intel Trust Domain Extension (TDX), is designed to protect data stored in the VMs in a TEE (Trusted Execution Environment) isolated from the underlying hardware. This means that data processed within the TEE cannot be accessed by cloud service providers.
The organization also confirmed that Project Amber, its multicloud trust verification and software attestation service, will launch in mid-2023 to help enterprises verify the trustworthiness of TEEs, devices and trust roots.
By expanding the confidential computing ecosystem, Intel aims to provide organizations with a suite of solutions to protect data in transit, at rest, and in storage, enabling them to generate insights across on-premises, cloud, and edge environments, while ensuring data integrity. components are verified and software that provides those datasets.
Contents
Event
Intelligent Security Summit on demand
Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Check out on-demand sessions today.
Look here
Confidential computing and the software supply chain
The announcement comes as more organizations struggle to balance data accessibility and security Research showing that enterprises use an average of only 58% of their data, in part due to challenges in implementing data access controls.
Combining Intel’s VM-level TDX protection with solutions such as Intel Software Guard Extensions (SGX), which uses application isolation technology to protect in-use code and data from alteration, organizations can better rely on software integrity and insights into the cloud and at the edge of the network.
It’s an approach that Intel says goes far beyond the capabilities of traditional attestation services.
“Attestation provides cryptographic assurance that the TEE is genuine, that the microcode patches comply with the update policy, and that the TEE was successfully launched using verified firmware,” said Amy Santoni, Intel colleague and lead Xeon security architect.
“SGX can go a step further and verify that the application software loaded into that enclave matches the manifest provided by the developer. So the developer could be someone separate from the cloud infrastructure and there’s a way to make sure that app is exactly the one the SGX developer is related to,” Santoni said.
Project Amber and the Zero Trust Journey
At the same time, the upcoming release of Project Amber has the potential to simplify the zero-trust journey.
“If you really think about it, zero trust practices and principles state that there should be a division of responsibilities between the infrastructure provider and the attestation provider,” said Anil Rao, vice president, systems architecture and engineering, office of the CTO.
“For example, when you buy a used car, you don’t believe the mechanic says that everything in the car is good. Generally you have it checked by an independent mechanic and make sure the car is good,” Rao said.
Thus, Project Amber acts as an independent entity that organizations can use to verify software components used in their environments, without relying on application vendors or cloud service providers to confirm the security of their own products.
In practice, this means organizations can deploy AI/ML models at the edge of the network to generate insights from trusted sources while ensuring that sensitive data and personally identifiable information (PII) is not stolen or tampered with .
A look at the confidential computer market
Intel’s latest solutions fit the confidential computing market, which researchers predict will reach $54 billion by 2026 as cloud and enterprise security initiatives scramble to comply with growing data privacy regulations.
While other providers like Google Cloud and Fortanix also offer their own confidential computing solutions with data-in-use encryption, while the former offers its own confidential VMs, Intel is trying to differentiate itself from other vendors through the use of software attestation.
Intel’s combination of confidential computing solutions that provide VM and application isolation, in addition to its trust verification service compatible with providers such as Microsoft Azure, Google Cloud, Alibaba Cloud and IBM Cloud, gives it the potential to become the definitive provider in the market.
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.