Intel Xeon Scalable Platform Built for Most Sensitive Workloads
October 14 2020 - 9:00AM
Business Wire
New Security Innovations Include Intel SGX,
Memory Encryption, Firmware Resilience and Breakthrough
Cryptographic Accelerators
NEWS HIGHLIGHTS
- Intel introduces new security technologies to help secure
sensitive workloads and enable new opportunities to unleash the
power of data in its upcoming 3rd Generation Intel® Xeon® Scalable
Platform, code-named “Ice Lake.”
- Proven Intel® Software Guard Extensions comes to the volume
mainstream server platform with Ice Lake, along with new
technologies that include Intel® Total Memory Encryption, Intel®
Platform Firmware Resilience and new cryptographic performance
accelerators to address today’s most pressing data protection
concerns.
- With revolutionary new capabilities, Intel’s approach is to
drive continuous innovation and deep collaboration with technology
partners to improve the confidentiality and integrity of data.
Intel today unveiled the suite of new security features for the
upcoming 3rd generation Intel® Xeon® Scalable platform, code-named
“Ice Lake.” Intel is doubling down on its Security First Pledge,
bringing its pioneering and proven Intel® Software Guard Extension
(Intel® SGX) to the full spectrum of Ice Lake platforms, along with
new features that include Intel® Total Memory Encryption (Intel®
TME), Intel® Platform Firmware Resilience (Intel® PFR) and new
cryptographic accelerators to strengthen the platform and improve
the overall confidentiality and integrity of data.
Data is a critical asset both in terms of the business value it
may yield and the personal information that must be protected, so
cybersecurity is a top concern. The security features in Ice Lake
enable Intel’s customers to develop solutions that help improve
their security posture and reduce risks related to privacy and
compliance, such as regulated data in financial services and
healthcare.
More: Intel Security Initiatives (Press Kit) | Upcoming
Intel Xeon Scalable Platform Built for Customers’ Most Sensitive
Workloads (YouTube Video) | Azure Confidential Computing (YouTube
Video)
“Protecting data is essential to extracting value from it, and
with the capabilities in the upcoming 3rd Gen Xeon Scalable
platform, we will help our customers solve their toughest data
challenges while improving data confidentiality and integrity. This
extends our long history of partnering across the ecosystem to
drive security innovations,” said Lisa Spelman, Intel corporate
vice president in the Data Platform Group and general manager of
the Xeon and Memory Group.
Data Protection across the Compute Stack
Technologies such as disk- and network-traffic encryption
protect data in storage and during transmission, but data can be
vulnerable to interception and tampering while in use in memory.
“Confidential computing” is a rapidly emerging usage category that
protects data while it is in use in a Trusted Execution Environment
(TEE). Intel SGX is the most researched, updated and battle-tested
TEE for data center confidential computing, with the smallest
attack surface within the system. It enables application isolation
in private memory regions, called enclaves, to help protect up to 1
terabyte of code and data while in use.
“Microsoft Azure was the first major public cloud to offer
confidential computing, and customers from industries including
finance, healthcare, government are using confidential computing on
Azure today,” said Mark Russinovich, chief technology officer,
Microsoft Azure. “Azure has confidential computing options for
virtual machines, containers, machine learning, and more. We
believe the next-generation Intel Xeon processors with Intel SGX
featuring full memory encryption and cryptographic acceleration
will help our customers unlock even more confidential computing
scenarios.”
Customers like the University of California San Francisco
(UCSF), NEC, Magnit and other organizations in highly regulated
industries have relied on Intel to support their security strategy
and leveraged Intel SGX with proven results. For example,
healthcare organizations can more securely protect data — including
electronic health records — with a trusted computing environment
that better preserves patient privacy. In other industries, such as
retail, companies rely on Intel to help keep data confidential and
protect intellectual property. Intel SGX helps customers unlock new
multiparty shared compute scenarios that have been difficult to
build in the past due to privacy, security and regulatory
requirements.
Intel is also introducing new security capabilities to improve
data protection and strengthen the platform, including:
- Full memory encryption: To better protect the entire
memory of a platform, Ice Lake introduces a new feature called
Intel Total Memory Encryption (Intel TME). Intel TME helps ensure
that all memory accessed from the Intel® CPU is encrypted,
including customer credentials, encryption keys and other IP or
personal information on the external memory bus. Intel developed
this feature to provide greater protection for system memory
against hardware attacks, such as removing and reading the dual
in-line memory module (DIMM) after spraying it with liquid nitrogen
or installing purpose-built attack hardware. Using the National
Institute of Standards and Technology (NIST) storage encryption
standard AES XTS, an encryption key is generated using a hardened
random number generator in the processor without exposure to
software. This allows existing software to run unmodified while
better protecting memory.
- Cryptographic acceleration: One of Intel’s design goals
is to remove or reduce the performance impact of increased security
so customers don’t have to choose between better protection and
acceptable performance. Ice Lake introduces several new
instructions used throughout the industry, coupled with algorithmic
and software innovations, to deliver breakthrough cryptographic
performance. There are two fundamental innovations. The first is a
technique to stitch together the operations of two algorithms that
typically run in combination yet sequentially, allowing them to
execute simultaneously. The second is a method to process multiple
independent data buffers in parallel.
- Growing resilience: Sophisticated adversaries may
attempt to compromise or disable the platform’s firmware to
intercept data or take down the server. Ice Lake introduces Intel®
Platform Firmware Resilience (Intel PFR) to the Intel Xeon Scalable
platform to help protect against platform firmware attacks,
designed to detect and correct them before they can compromise or
disable the machine. Intel PFR uses an Intel FPGA as a platform
root of trust to validate critical-to-boot platform firmware
components before any firmware code is executed. The firmware
components protected can include BIOS Flash, BMC Flash, SPI
Descriptor, Intel® Management Engine and power supply
firmware.
Privacy-preserving, trusted platforms in the upcoming 3rd
generation Xeon Scalable processors will help drive even greater
innovative services, usage models and solutions for organizations
looking to activate the full value of their data.
To learn more about how Intel SGX can help protect sensitive
workloads and data, visit www.intel.com/sgx and
www.confidentialcomputing.io.
More Use Cases:
- Intel SGX Enables Magnit to Create a Trusted Computing
Environment
- Intel SGX Helps UCSF Propel Medical Device Innovations
- NEC Creates a Confidential Computing System Backed by Intel
SGX
About Intel
Intel (Nasdaq: INTC) is an industry leader, creating
world-changing technology that enables global progress and enriches
lives. Inspired by Moore’s Law, we continuously work to advance the
design and manufacturing of semiconductors to help address our
customers’ greatest challenges. By embedding intelligence in the
cloud, network, edge and every kind of computing device, we unleash
the potential of data to transform business and society for the
better. To learn more about Intel’s innovations, go to
newsroom.intel.com and intel.com.
© Intel Corporation. Intel, the Intel logo and other Intel marks
are trademarks of Intel Corporation or its subsidiaries. Other
names and brands may be claimed as the property of others.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20201014005202/en/
Jennifer Foss 425-765-3485 jennifer.foss@intel.com
Kelly McDermott Promes 831-600-6211 kelly@highwirepr.com
Intel (NASDAQ:INTC)
Historical Stock Chart
From Aug 2024 to Sep 2024
Intel (NASDAQ:INTC)
Historical Stock Chart
From Sep 2023 to Sep 2024