Intel announces new security as-a-service to deliver confidential computing

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, on the 2nd day of Intel Vision, Intel announced the release of a new security-as-a-service solution called Project Amber, an independent trust authority, designed to remotely verify whether a compute asset in the cloud, network’s edge, or on-premise environment is trustworthy. 

Project Amber supports confidential compute workloads deployed as bare metal containers, virtual machines, and containers running in virtual machines using Intel’s trusted execution environment (TEE). The initial release will be released in the second half of 2022. 

For enterprises, Intel’s creation of an independent trust authority has the potential to ensure the security of third party services, and give enterprises more confidence of the supply chain. 

Bringing trust to the supply chain 

As software supply chain attacks have increased, high profile security incidents like the SolarWinds, Kaseya, and Codecov data breaches have shaken enterprise’s confidence in the security practices of third party service providers. 

While entities like cloud service providers use confidential computing and can attest to the integrity of their own security measures, some organizations need greater assurances before they can start to trust them completely. 

“Most cloud service providers (CSPs) today provide the compute infrastructure to run confidential compute workloads and self-attest to those workloads trustworthiness,” said Senior Director of Project Amber strategy at Intel, Nikhil Deshpande. 

“Our customers have expressed interest in a trusted third-party assurance service and this new implementation of a trust authority will help ensure higher confidence in moving sensitive data to the cloud.”  

“A recent study with Ponemon Institute found that 58% of organizations say all (34%) or most (24%) access points in their organization’s IT infrastructure are authenticated, pointing to a growing need for attestation implementations like Project Amber. The implementation like this trust authority can provide businesses with higher customer confidence when moving sensitive workloads and data to the cloud. Not to mention, delivering consistent trust assurance for multi-cloud deployments.” 

The confidential computing market today 

The announcement comes as researchers expect the confidential computing market to reach a value of $54 billion by 2026, growing at a compound annual growth rate of 90%-95% as organizations attempt to prevent threat actors from accessing or tampering with applications and data. 

Confidential computing is currently being used by a range of providers (and public cloud providers) to protect data in-use. For instance, Google Cloud, which recently announced it had generated $5.5 billion in fourth quarter revenue in 2021, offers users Confidential VMs and Confidential GKE Nodes to encrypt data-in-use. 

Similarly, Microsoft Azure encrypts data in memory in hardware-based TEE, only running applications in the cloud after it verifies the environment to prevent unauthorized access by cloud providers, administrators, and users. Microsoft recently announced raising $51.7 billion in annual revenue. 

However, the key difference between these providers and Intel’s solution, is that Project Amber is cloud-agnostic and designed to stand as a third-party solution to verify and provide attestation for assets managed by other providers. 

The reason for this approach is that verifying assets by a third party offers enterprises a more objective approach for measuring risk than relying on a cloud service provider to testify to the security of their own systems.  

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Source: Read Full Article