As more and more organizations look to secure their operations as best as they can, one area of data security that’s gaining a lot of traction is in-use data. In their journey towards a more confidential computing experience, Intel recently released their Software Guard Extensions (SGX) solution to specifically address in-use data protection as a part of their 3rd Generation Xeon Scalable Processor platform. Let’s dive into what SGX means for the industry based on Intel’s appearance at Cloud Field Day in March.
Assessing the State of Data Security Today
Security is one of, if not the most, important aspects of today’s IT landscape. We hear on an almost daily basis about another breach or hacking attempt, and while coverage often focuses on the perpetrator(s), we rarely hear about the work being done by the thousands of IT practitioners on the other side, “the good guys” who are striving to prevent attacks.
Today’s security practices, specifically regarding data protection, come in many forms; at-rest and in-flight encryption are often talked about the most. A new security tactic coming to prominence in the scene is in-use data protection.
The Rise of Confidential Computing
Intel is known for many things around the IT industry, but there’s one epithet of theirs that might be less well-known: they are a founding member of the Confidential Computing Consortium (CCC). The CCC focuses specifically on protecting in-use data as more and more attackers have turned their sights on lower levels of the tech stack. This data could range anywhere from customers’ personal identification information to high-value organizational assets, ultimately, all incredibly important data to keep safe.
As shown in the diagram above, the hypervisor, firmware, and CPU levels are areas of potential concern when it comes to attacks on data in use, but up until now have not gotten the same level of treatment when it comes to security tooling. Intel’s announcement of their SGX solution changes everything.
SGX: Scalable Protector of In-Use Data
A part of the 3rd Gen Xeon Scalable platform announcement, Intel’s SGX applies specifically to the parts of the stack not covered by a plethora of preexisting security tools: in-use data. In a recent Cloud Field Day presentation, Garry Binder, Intel’s Senior Security Architect, spoke about the release of SGX and how it applies to the industry.
Since it’s a part of the 3rd Gen Xeon Scalable platform, Intel’s SGX solution applies specifically to servers and data centers, creating an enclave of up to 512 GB of allocated memory that stores data being used by applications. The enclave protects said data from attacks that usually prey on some of the most crucial aspects of any organization. That includes protection against malicious insiders, hackers from the nation-state level down to “script kiddies,” un-consented/unintentional data access, and more.
Ultimately, Intel’s SGX enables companies to feel more at ease about the security of their cloud infrastructure as the solution safeguards in-use data both on-premises and in Azure and IBM Cloud. The security solution also servers as a flagship for Intel’s commitment to being more transparent about protecting confidential information, regardless of its purpose.
In his rundown, Binder also mentions that Intel’s SGX solution is just getting started; the tool should be present in further iterations of Intel’s server and data center products, continuing their dedication to in-use data protections.
Any solution that helps improve an organization’s security posture is an important one, and tack on the fact that it’s baked into Intel’s 3rd Gen Xeon Scalable platform, and we’re sure to be hearing more about the protective capabilities of SGX in the future.
In the meantime, you can see the rest of Intel’s Cloud Field Day presentation to learn more, including their new data telemetry solution. You can also check out this Tech Talk following the 3rd Gen Xeon Scalable announcement from Frederic Van Haren, What Makes the Latest Intel Xeon Platform an AI Workhorse?
For more information on SGX, be sure to check out Intel’s website.