Intel today unveiled the suite of new security features for the upcoming 3rd generation Intel® Xeon® Scalable platform, code-named “Ice Lake.” Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel® Software Guard Extension (Intel® SGX) to the full spectrum of Ice Lake platforms, along with new features that include Intel® Total Memory Encryption (Intel® TME), Intel® Platform Firmware Resilience (Intel® PFR) and new cryptographic accelerators to strengthen the platform and improve the overall confidentiality and integrity of data.
Data is a critical asset both in terms of the business value it may yield and the personal information that must be protected, so cybersecurity is a top concern. The security features in Ice Lake enable Intel’s customers to develop solutions that help improve their security posture and reduce risks related to privacy and compliance, such as regulated data in financial services and healthcare.
“Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity. This extends our long history of partnering across the ecosystem to drive security innovations,” said Lisa Spelman, Intel corporate vice president in the Data Platform Group and general manager of the Xeon and Memory Group.
Data Protection across the Compute Stack
Technologies such as disk- and network-traffic encryption protect data in storage and during transmission, but data can be vulnerable to interception and tampering while in use in memory. “Confidential computing” is a rapidly emerging usage category that protects data while it is in use in a Trusted Execution Environment (TEE). Intel SGX is the most researched, updated and battle-tested TEE for data center confidential computing, with the smallest attack surface within the system. It enables application isolation in private memory regions, called enclaves, to help protect up to 1 terabyte of code and data while in use.
“Microsoft Azure was the first major public cloud to offer confidential computing, and customers from industries including finance, healthcare, government are using confidential computing on Azure today,” said Mark Russinovich, chief technology officer, Microsoft Azure. “Azure has confidential computing options for virtual machines, containers, machine learning, and more. We believe the next-generation Intel Xeon processors with Intel SGX featuring full memory encryption and cryptographic acceleration will help our customers unlock even more confidential computing scenarios.”
Customers like the University of California San Francisco (UCSF), NEC, Magnit and other organizations in highly regulated industries have relied on Intel to support their security strategy and leveraged Intel SGX with proven results. For example, healthcare organizations can more securely protect data — including electronic health records — with a trusted computing environment that better preserves patient privacy. In other industries, such as retail, companies rely on Intel to help keep data confidential and protect intellectual property. Intel SGX helps customers unlock new multiparty shared compute scenarios that have been difficult to build in the past due to privacy, security and regulatory requirements.
Intel is also introducing new security capabilities to improve data protection and strengthen the platform, including:
Privacy-preserving, trusted platforms in the upcoming 3rd generation Xeon Scalable processors will help drive even greater innovative services, usage models and solutions for organizations looking to activate the full value of their data.