Partners: Intel's New Internal Security Group Needs To Put Safeguards On The Same Level As Speed


Printer-friendly version Email this CRN article

Partners said that Intel's new cross-company group formed to address the processor exploits should make security a high priority at the same level as performance.

"Security has to be more than just a side consideration," said Daniel Daninger, vice president of engineering at Nor-Tech. "When you have a group that's ordained with some amount of power, that's probably more influential than just some engineers that look at security also."

Daninger cautioned, though, that fundamental design changes aren't likely to happen fast, and could in reality take months or even years. The challenge spans beyond Intel, Daninger said, since other processor vendors have also been using speculative execution, in which a computer system performs some tasks before knowing whether or not it is actually needed.

[Related: Intel CEO: Amid Spectre, Meltdown Exploit Crisis, 'Security Is The Number One Job For Intel']

"I think it [Intel's new security group] is necessary," Daninger said. "They're going to have to do a good job and a thorough job. It's just too fundamental."  

Intel's plan to create an internal security group was first reported Monday night by The Oregonian. Intel on Tuesday confirmed to CRN the establishment of the group, and said it will be led by human resources chief Leslie Culbertson and report directly into CEO Brian Krzanich.

"On Monday, the company established the Intel Product Assurance and Security (IPAS) group that will consolidate Intel's cross-company efforts on the side-channel issues," the company said in a statement.

Spectre and Meltdown are three variants of a side-channel analysis security issue in server and PC processors, which could potentially enable hackers to access protected data.

Forming this group should help establish ownership and accountability within Intel for identifying potential issues as well as managing the resolution process, according to Kent Tibbils, vice president of marketing of Fremont, Calif.-based ASI Corp., via email.

The team should also be well-positioned to handle internal communications within Intel as well as external communications with customers, Tibbils said, offering a prompt response to all.

"The key here is ownership and responsibility, especially since these potential issues are becoming increasingly complex," Tibbils said. "Protecting against security breaches in the emerging markets of the future is vital." 

Printer-friendly version Email this CRN article