Today, Intel announced the launch of its 4th Gen Intel Xeon Scalable Processors and the Intel Max Series CPUs and GPUs, alongside the launch of a virtual machine (VM) isolation solution and an independent trust verification service to help build the “industry’s most comprehensive confidential computing portfolio.”  

Intel’s VM isolation solution, Intel Trust Domain Extension (TDX), is designed to protect data stored within the VMs inside a trusted execution environment (TEE) that’s isolated from the underlying hardware. This means data processed within the TEE can’t be accessed by cloud service providers. 

The organization also confirmed that Project Amber, its multicloud trust verification and software attestation service will launch in mid-2023, to help enterprises verify the trustworthiness of TEEs, devices and roots of trust.  

Through expanding its confidential computing ecosystem, Intel aims to offer organizations a set of solutions to protect data at transit, at rest and in storage, so they can generate insights across on-premises, cloud and edge environments, while verifying the integrity of the components and software delivering those datasets. 

Confidential computing and the software supply chain 

The announcement comes as more organizations are struggling to balance data accessibility and security, with research showing that enterprises are only using an average of 58% of their data, partly due to challenges in implementing data access controls. 

By combining Intel’s TDX VM-level protection alongside solutions like Intel Software Guard Extensions (SGX), which uses application isolation technology to protect code and data in-use from modification, organizations will be able to better trust in the integrity of software and insights in the cloud and at the network’s edge. 

It’s an approach that Intel claims goes well beyond the capabilities of traditional attestation services. 

“Attestation provides cryptographic assurance that the TEE is genuine, that its microcode patches conform to the update policy, and that the TEE is correctly launched using authenticated firmware,” said Amy Santoni, Intel fellow and chief Xeon security architect.

“SGX can go a step beyond that and verify that the application software loaded in that enclave matches the manifest provided by the developer. So the developer may be someone separate from the cloud infrastructure and there’s a way to make sure that that app is exactly the one that was related by the SGX developer,” Santoni said.

Project Amber and the zero-trust journey 

At the same time, the upcoming release of Project Amber has the potential to simplify the zero-trust journey. 

“If you really think about it, zero-trust practices and principles hold that there should be a division of responsibilities between the infrastructure provider and the attestation provider,” Anil Rao, vice president, systems architecture and engineering, office of the CTO. 

“For example, if you’re buying a used car, you don’t take the mechanic’s word saying that everything in the car is good. You generally go and have an independent mechanic check it and then make sure that the car is good,” Rao said.

Project Amber thus acts as an independent entity that organizations can use to verify software components used throughout their environments without having to rely on application vendors or cloud service providers to attest to the security of their own products. 

In practice, this means organizations can deploy AI/ML models at the network’s edge to generate insights from trusted sources while ensuring that sensitive data and personally identifiable information (PII) isn’t being stolen or tampered with.

A look at the confidential computing market 

Intel’s latest solutions fit within the confidential computing market, which researchers estimate will reach $54 billion by 2026 as cloud and enterprise security initiatives attempt to comply with expanding data privacy regulations. 

While other providers like Google Cloud and Fortanix also offer their own confidential computing solutions with data-in-use encryption, with the former offering its own confidential VMs, Intel is attempting to differentiate itself from other vendors through the use of software attestation. 

Intel’s combination of confidential computing solutions providing VM and application isolation, alongside its trust verification service that’s compatible with providers including Microsoft Azure, Google Cloud, Alibaba Cloud and IBM Cloud, gives it the potential to stand as the definitive provider in the market.