Intel Launches Confidential Computing Solution for Virtual Machines

Check out all the Smart Security Summit on-demand sessions here.

Today, Intel announced the launch of its 4th Generation Intel Xeon Scalable processors and Mac-series Intel processors and GPUs, as well as the launch of a virtual machine (VM) isolation solution and of an independent trusted verification service to help build the "most comprehensive confidential IT portfolio.

Intel's VM isolation solution, Intel Trust Domain Extension (TDX), is designed to protect data stored in VMs within a Trusted Execution Environment (TEE) isolated from underlying hardware. underlying. This means that the data processed within the TEE is not accessible to cloud service providers.

The organization also confirmed that Project Amber, its multicloud trust verification and software attestation service, will launch in mid-2023, to help enterprises verify the trustworthiness of TEEs, devices, and devices. roots of trust.

By expanding its confidential computing ecosystem, Intel aims to offer organizations a set of solutions to protect data in transit, at rest, and in storage, so they can generate insights across on-premises, cloud environments and at the edge, while verifying the integrity of the components and software providing these data sets.
Event
On-Demand Smart Security Summit

Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here Confidential Computing and Software Supply Chain
The announcement comes as more and more organizations struggle to balance data accessibility and security, with research showing businesses use on average only 58% of their data, in part due to difficulties in implementing data access controls.

By combining Intel's TDX VM-level protection with solutions like Intel Software Guard Extensions (SGX), which uses application isolation technology to protect in-use code and data from changes, businesses will be able to better trust the integrity of software and information in the cloud and at the network edge.

It's an approach that Intel says goes well beyond the capabilities of traditional attestation services.

"Attestation provides cryptographic assurance that the TEE is genuine, that its microcode patches comply with the update policy, and that the TEE is properly launched using authenticated firmware", said Amy Santoni, Intel Fellow and Chief Xeon Security Architect.

"SGX can take it a step further and verify that the application software loaded into this enclave matches the manifest provided by the developer. This way the developer can be a separate person from the cloud infrastructure and there is a way to s ensure that this app is exactly the one that has been associated by developer SGX,” Santoni said.
Project Amber and the Zero Trust Journey
At the same time, the next version of Project Amber has the potential to simplify the zero trust journey.

“If you really think about it, zero trust practices and principles state that there should be a division of responsibilities between the infrastructure provider and the attestation provider,” Anil Rao, VP, Architecture and Systems Engineering, Office of the CTO.

"For example, if you're buying a used car, you don't take the mechanic's word for it that everything is good with the car. You usually go for an independent guy...

Startups Jan 10, 2023 0 35 Add to Reading List

Intel Launches Confidential Computing Solution for Virtual Machines

Check out all the Smart Security Summit on-demand sessions here.

Today, Intel announced the launch of its 4th Generation Intel Xeon Scalable processors and Mac-series Intel processors and GPUs, as well as the launch of a virtual machine (VM) isolation solution and of an independent trusted verification service to help build the "most comprehensive confidential IT portfolio.

Intel's VM isolation solution, Intel Trust Domain Extension (TDX), is designed to protect data stored in VMs within a Trusted Execution Environment (TEE) isolated from underlying hardware. underlying. This means that the data processed within the TEE is not accessible to cloud service providers.

The organization also confirmed that Project Amber, its multicloud trust verification and software attestation service, will launch in mid-2023, to help enterprises verify the trustworthiness of TEEs, devices, and devices. roots of trust.

By expanding its confidential computing ecosystem, Intel aims to offer organizations a set of solutions to protect data in transit, at rest, and in storage, so they can generate insights across on-premises, cloud environments and at the edge, while verifying the integrity of the components and software providing these data sets.

Event

On-Demand Smart Security Summit

Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.

look here Confidential Computing and Software Supply Chain

The announcement comes as more and more organizations struggle to balance data accessibility and security, with research showing businesses use on average only 58% of their data, in part due to difficulties in implementing data access controls.

By combining Intel's TDX VM-level protection with solutions like Intel Software Guard Extensions (SGX), which uses application isolation technology to protect in-use code and data from changes, businesses will be able to better trust the integrity of software and information in the cloud and at the network edge.

It's an approach that Intel says goes well beyond the capabilities of traditional attestation services.

"Attestation provides cryptographic assurance that the TEE is genuine, that its microcode patches comply with the update policy, and that the TEE is properly launched using authenticated firmware", said Amy Santoni, Intel Fellow and Chief Xeon Security Architect.

"SGX can take it a step further and verify that the application software loaded into this enclave matches the manifest provided by the developer. This way the developer can be a separate person from the cloud infrastructure and there is a way to s ensure that this app is exactly the one that has been associated by developer SGX,” Santoni said.

Project Amber and the Zero Trust Journey

At the same time, the next version of Project Amber has the potential to simplify the zero trust journey.

“If you really think about it, zero trust practices and principles state that there should be a division of responsibilities between the infrastructure provider and the attestation provider,” Anil Rao, VP, Architecture and Systems Engineering, Office of the CTO.

"For example, if you're buying a used car, you don't take the mechanic's word for it that everything is good with the car. You usually go for an independent guy...