Background

In the wake of global conflict and the pandemic, the shift to remote work has greatly increased, coupled with more data-driven organizations moving their operations to the cloud, which has escalated the risk of attacks and widened security threats. With constant security threats, confidential computing provides hardware-level security, confidentiality, and privacy for enterprises.

Data in-use, data at-rest, and data in-transit may each have slightly different risk profiles, attackers will attempt to gain access depending on which state is easiest to breach. Data in-use, when one or more applications are opened for access and usage by its user, is more vulnerable and more challenging to protect, in the sense that the user must have access to the decrypted content, creating a compromising opening and potential security exposure of the other processes running in the same shared memory space. Such exposures, in particular, are of great concern for financial or healthcare information privacy.

Confidential computing is an approach to protect data in-use using hardware-based trusted execution environments (TEE), creating an environment that provides assurance in data integrity, data confidentiality, and code integrity. Data and code held within a TEE enclave are protected by a hardware root of trust, even from highly privileged system software, to remain safe from unauthorized access. Intel® SGX implements TEE functionality by dividing it into trusted portions operating in more secure enclaves, dedicated to private memory address spaces to protect from external access. Confidential computing assists enterprises to protect their sensitive data and applications while currently in-use by systems.

Intel® SGX Complements Platform Capabilities

Intel® (3rd Gen) Xeon® Scalable processors, in conjunction with Intel® SGX, can incorporate multiple hardware-resident security features, especially for communications service providers deploying 5G network functions. This hardware-level security provides built-in crypto acceleration to handle the performance impact of extensive encryption in multitudinous connected 5G networks, with results of up to four times higher TLS-encrypted connections per second.

Confidential Computing Use Case 1: Money Laundering & Financial Fraud Detection

Money laundering is a global issue and allows criminal parties to make use of their illegal profits to fund terrorism or finance nuclear, chemical, or biological weapons. There is a need to move beyond manual or fragmented monitoring systems to detect illicit and fraudulent activity. Government and financial institutions can use this new security technology to more accurately and efficiently detect illicit activity, help combat financial crime, and thwart higher-value money laundering. At the same time, enable legitimate individuals and businesses to manage risks more productively.

Confidential computing technology and Intel® SGX use the federated learning arrangement, a machine learning approach where encrypted customer accounts and network telemetry data from multiple banks are aggregated in a more secure enclave, enabling multiple parties to collaborate and benefit from a pooled data set while keeping each party’s data private. This collective data set can provide more advanced analytics than individual bank data, enabling the detection of transactions and patterns that signal money laundering and fraud, in addition to accelerating deep learning models used in detection. With Confidential Computing, these calculations can be performed without exposing sensitive information, and auditable privacy protections throughout the data lifecycle.

Confidential Computing Use Case 2: Electronic Health Records Implementation

Germany has a comprehensive healthcare system, giving all residents access to extensive medical care, and at the same time, the country government has defined compliance regulations and rules to protect its digital medical records, including highly sensitive information, such as diagnoses, test results, and therapy suggestions. Providers must ensure patient data is protected through data encryption and during transmission.

Deploying Confidential Computing technology, utilizing Intel® SGX, enables protection by processing encrypted data in private memory areas without exposing it to the rest of the system. The data is stored in more secure enclaves, only accessible with approval by the patient and remains unavailable to unauthorized parties, even from those with root access to the server the data is being processed on. The transmitted data information is encrypted and decoded once inside the enclave, improving application integrity and ensuring data privacy.

Featured Product

The NCA-6520, powered by the 3rd Gen Intel® Xeon® Scalable Processor (Codenamed Ice Lake SP) and the Intel® C627A chipset, supports up to 1536GB of system memory and 8 NIC module slots for almost any networking interface and I/O configuration. Additional prominent features include built-in SGX® and QAT crypto acceleration, making it ideal for 5G network deployment and confidential computing for financial or healthcare data providers.


NCA-6520

2U 19" Rackmount Network Appliance Built with Intel® Xeon® Processor Scalable Family (Codenamed Ice Lake SP)

CPU Intel® Xeon® Processor Scalable Family(Codenamed Ice Lake SP)
Chipset Intel® C627A

Read more