Intel Editorial: Intel Joins Industry Consortium to Accelerate Confidential Computing
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190821005140/en/
Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods. However, data being actively processed in memory is another matter. Whether running on your own servers on-prem, in an edge deployment, or in the heart of a cloud service provider’s data center, this “in-use” data is almost always unencrypted and potentially vulnerable.
Intel’s commitment to helping customers and the ecosystem at large with data protection is why we and other industry leaders are coming together to form a new
Confidential Computing Protects Data In-Use
Confidential computing may take multiple forms, but early use cases rely on trusted execution environments (TEE), also called trusted enclaves, where data and operations are isolated and protected from any other software, including the operating system and cloud service stack. Combined with encrypted data storage and transmission methods, TEEs can create an end-to-end protection architecture for your most sensitive data.
Enterprises and cloud service providers can apply confidential computing to a wide range of workloads. The most popular of the early use cases use the trusted enclave for key protection and crypto-operations. But trusted enclaves can be used to protect any type of highly sensitive information. For example, healthcare analytics can be performed so that the enclave protects any data that may contain personally identifiable information, thus keeping results anonymous.
Companies that wish to run their applications in the public cloud but don’t want their most valuable software IP visible to other software or the cloud provider can run their proprietary algorithms inside an enclave. Multiple untrusted parties can share transactions but protect their confidential or proprietary data from the other parties by using enclaves. Any time sensitive data is in use, there may be an opportunity to use confidential computing to better protect it.
Intel SGX – The Hardware Engine Powering Confidential Computing
Intel SGX is a hardware-based technology that helps protect data in-use by establishing protected enclaves in memory so only authorized application code can access sensitive data. Unlike full memory encryption technologies that leave the data within the attack surface of the OS and cloud stack, Intel SGX allows a specific application to create its own protected enclave with a direct interface to the hardware, limiting access and minimizing the overall performance impact for both the application and any other virtual machines (VMs) or tenants on the server.
Intel SGX provides hardware-based encryption for data in-use protection at the application level with the smallest attack surface. Intel SGX is available today on Intel® Xeon® processor E-2100 family, and is used in confidential computing services from Microsoft Azure*, IBM Cloud Data Guard*,
As part of today’s announcement of the new
The launch of the
Highwire Public Relations