Intel bets big on security-as-a-service for confidential computing
- 16 May, 2022 16:52
Intel revealed a string of security advancements at its inaugural Intel Vision event, including Project Amber — a security-as-a-service initiative for confidential computing — as well as increased collaboration for secure and responsible developments in AI, and a phased approach to quantum-safe cryptography.
Project Amber is aimed at providing organisations with remote verification of security in cloud, edge, and on-premises environments.
"As organisations continue to capitalise on the value of the cloud, security has never been more top of mind," said Greg Lavender, CTO and general manager of the Software and Advanced Technology Group at Intel.
"With the introduction of Project Amber, Intel is taking confidential computing to the next level in our commitment to a zero-trust approach to attestation and the verification of computing assets at the network, edge, and in the cloud."
What is confidential computing?
Intel defines confidential computing as a process of isolating the sensitive data payloads with hardware-based memory protections. Hardware-based TEEs (trusted execution environments) are used to help secure data in use. Intel uses its SGX (Software Guard Extensions) available on the Intel Xeon Scalable platform to deploy confidential computing technology.
"Confidential computing is an emerging industry initiative focused on helping enterprises better secure their applications and sensitive data while currently in use and during processing," says Gary McAlum, senior analyst at Tag Cyber.
"To secure enterprise data, confidential computing runs it within secure enclaves that isolate data and code to prevent unauthorised access, even when the infrastructure itself is compromised."
It's important to note, McAlum adds, that while confidential computing is a powerful security concept, it's not a silver bullet. With the growing data security challenges and proliferating privacy regulations, it is imperative organisations take a holistic approach to cyber security.
Best practices that McAlum recommends include regular patching, implementing strong authentication controls, continuous monitoring, employee awareness and training, and data back-up and recovery procedures.
How Intel's Project Amber provides cloud security
Amber provides the foundational basis of trust in a confidential computing environment via a process called attestation. Attestation, Intel says, is a process that verifies that a cloud provider offers the security that customers need to protect their data and intellectual property as they move sensitive workloads to the cloud.
Intel is releasing Project Amber as a multi-cloud, multi-TEE service for third-party attestation. Also dubbed as "cloud-agnostic," Amber is designed to support confidential computing workloads in the public cloud, within private/hybrid clouds, and at the edge.
"In its first version, Project Amber will support confidential compute workloads deployed as bare metal containers, virtual machines (VMs), and containers running in virtual machines using Intel TEEs," says Nikhil Deshpande, director of product development at Intel. "While the initial release will only support Intel TEEs, the intent is to extend coverage to platforms, TEEs in devices, and other TEEs in the future."
Intel is also working with independent software vendors (ISVs) to enable trust services that include Project Amber.
"To fully implement Zero Trust in cloud environments, Intel's Project Amber will help address the concerns that many cloud customers have about moving extremely sensitive IP and data to the cloud by securing data at all stages of its lifecycle: at rest, in transit, and while in use," says McAlum.
Intel plans to launch a customer pilot of Project Amber in the second half of 2022, followed by general availability in the first half of 2023.
Intel's collaborative efforts for future AI
At the Vision event Intel also emphasised its commitment to developing artificial intelligence that is secure and responsible.
To that end, the chipmaker highlighted collaboration with BeeKeeperAI, a zero-trust platform that uses Intel SGX hardware-based security capabilities and Microsoft Azure's confidential computing infrastructure to run a healthcare AI algorithm using real-world clinical data sets, without compromising privacy and integrity.
A second partnership, with the University of Pennsylvania's Perelman School of Medicine, allows Intel to contribute to the training of AI models to locate brain tumours.
"While the potential of artificial intelligence and machine learning (AI/ML) to help address the significant cyber security challenges of a digital world is exciting, there are also valid concerns around data privacy," adds McAlum.
"Intel clearly recognises the concerns associated with the use of AI/ML capabilities and their public commitment to collaborate with partners such as BeeKeeperAI and University of Pennsylvania's Perelman School of Medicine."
Intel roots for quantum-resistant cryptography
Intel also revealed its efforts toward addressing the threats posed by quantum computers in both symmetric and public-key cryptography. Alerting to a "millenium-bug-equivalent" moment, or Y2Q — the idea that quantum computing will overpower current security technology —in the coming 10 to 15 years, Intel said that it is developing a rich cryptography technology pipeline to build quantum-resistant crypto techniques.
In its efforts to this end, Intel enlists a phased approach:
- Discourage data harvesting by increasing key and digest sizes for symmetric cryptoalgorithms.
- Increase robustness of code-signing applications such as authentication of firmware and software with quantum-resistant algorithms.
- Secure the internet with post-quantum cryptoalgorithms standardized by the National Institution of Science and Technology (NIST).