Intel this week announced a set of open source libraries intended to enhance cybersecurity by making it easier to build IT solutions that invoke confidential computing capabilities to create isolated enclaves of computing on its processors.
Lisa Davis, vice president and general manager for digital transformation and scale solutions at Intel, said confidential computing enclaves created by the Intel Security Libraries for Data Center will enable organizations to finally take a proactive approach to ensuring cybersecurity by being able to apply controls more consistently across a common root of trust, from edge computing devices to the cloud.
The fundamental issue with computing today is that IT organizations are forced to layer controls on top of systems across the enterprise that don’t always integrate well, Davis said. Intel is essentially making a case for what amounts to an “IT do-over” that, over time, upgrades systems from the edge of the network all way through servers in data centers and the cloud to provide a hardware-centric approach to securing applications.
It may take a decade or more to achieve that goal. But at its Intel Data Centric Innovation Day event this week Intel showcased a forthcoming server jointly developed by Lockheed Martin and Hewlett-Packard Enterprise (HPE) that was able to withstand a zero-day attack because of the level of isolation provided between virtual machines on the system.
Initially, the Intel approach to confidential computing relies on Intel SGX cards to set up trusted execution environments. But as compute power continues to increase, it will become more feasible to set up trusted execution environments on every system. In fact, Intel is betting that as cybersecurity becomes more of an imperative for organizations of all sizes, the transition to a more hardware-centric approach to cybersecurity will accelerate.
Of course, hardware-centric approaches to securing data have been around for years. Intel is trying to drive down the cost of this approach by leveraging its processor manufacturing muscle to make confidential computing much more economical for all organizations, regardless of size. In fact, one of the first places these capabilities will manifest themselves is on public clouds because the capital costs associated with making this transition are absorbed by the cloud service provider. The Intel Security Libraries for Data Center also should go a long way toward advancing DevSecOps as manufacturers of systems extend those tools to expose programmable interfaces.
In the meantime, however, it’s also clear that existing software-centric approaches to securing legacy systems will be employed well through the next decade. While Intel and other systems manufacturers would dearly love to see every piece of IT equipment be upgraded, the fact remains the cybersecurity omissions and sins of the past are not going to be forgiven that easily.