Intel Launches Service To Verify Proper Handling Of Sensitive Data In Data Centers

The launch of Intel Trust Authority, which counts Zscaler and Thales as early adopters, is part of CEO Pat Gelsinger’s push for the chipmaker to earn more revenue through software and services. It arrives as cloud service providers and other vendors seek to convince customers to move sensitive data into their data centers.

Intel is launching a new commercial service designed to verify that confidential computing enclaves enabled by its Xeon processors are properly handling sensitive data in data centers.

Announced Wednesday at the third annual Intel Innovation event, the attestation service is part of the chipmaker’s new portfolio of security software and services called Intel Trust Authority, and Intel is touting security vendors Thales and Zscaler as early customers.

[Related: 6 Big Announcements At Intel Innovation 2023: From 288-Core CPU To AI Supercomputer]

Previously known as Project Amber, the attestation service offers a “unified, independent assessment of secure enclave integrity and policy enforcement anywhere confidential computing is deployed,” whether that’s in public cloud, hybrid cloud, on-premises or edge environments, according to Anil Rao, vice president of systems architecture and engineering in the office of the CTO at Intel.

“It embodies zero trust principles by separating the assessment of the infrastructure’s trustworthiness from the provider of infrastructure,” he wrote in a blog post.

At launch, Intel Trust Authority will offer verification for trusted execution environments enabled by Intel Software Guard Extensions (SGX) and Intel Trust Domain Extensions (TDX) in Xeon processors. But Rao added that it will “ultimately contribute to the integrity of the entire digital ecosystem.”

The launch of Intel Trust Authority is part of CEO Pat Gelsinger’s push for the company to earn more revenue through software and services, a vision that was first laid out in CRN’s October 2021 cover story about Intel.

And it’s arriving as cloud service providers such as Google Cloud and Microsoft Azure as well as other vendors seek to convince customers to move sensitive data into their data centers.

SGX And TDX Available In Current And Upcoming Xeon CPUs

SGX is a feature found in the third and fourth generations of Xeon Scalable processors, the Xeon CPU Max Series as well as the latest Xeon D and Xeon E chips. It enables the processor to isolate applications with confidential or otherwise sensitive data in private memory regions known as enclaves.

TDX is a feature coming to fifth-gen Xeon Scalable CPUs and new edge variants of fourth-gen Xeon chips due to launch this December. According to Intel, some cloud service providers have custom variants of fourth-gen Xeon Scalable processors with TDX enabled to support early availability programs.

With TDX, Xeon CPUs will have ability the run hardware-isolated virtual machines called trust domains that are kept out of reach from the virtual machine manager or hypervisor.

How Thales And Zscaler Will Use Intel Trust Authority

In separate announcements, security vendors Thales and Zscaler said they will use Intel Trust Authority to verify the trustworthiness of their platforms’ confidential computing capabilities.

Zscaler plans to use Intel Trust Authority to verify the “authenticity and integrity” of its App Connectors, which enable a secure connection to private applications hosted in public or private cloud environments through the company’s Zero Trust Exchange Platform.

In explaining how Intel Trust Authority will work with Zscaler’s platforms, representatives at both companies said it begins with Intel’s service generating an attestation token “before an authenticated user can connect to their requested workload.”

“This token is passed via the Zero Trust Exchange to the App Connector and vice versa, providing a verified assurance that the connector (running on the same hypervisor as the customer application it protects) has not been compromised,” they wrote.

“The connector can then be safely decrypted and executed within the secure confines of the Intel TDX-based confidential computing environment. When the customer application carries out the same validation, the zero trust paradigm is effectively extended from cloud to the silicon,” they added.

As for Thales, the French security vendor said it will use Intel Trust Authority to ensure that customers of its CipherTrust Data Security Platform will never have sensitive workloads decrypted outside of a trusted execution environment such as SGX or TDX.

Todd Moore, vice president of data security products at Thales, said the “collaboration with Intel enables security-conscious organizations to share data safely while preserving privacy, confidentiality, and compliance with regulatory requirements such as GDPR, PCI-DSS and HIPAA, only disclosing the results of the processes performed.”

“This is especially important for highly regulated industries where data security is paramount to safeguarding the privacy of the information,” he said in closing.