Hardening data security in the cloud
How Intel’s SGX hardware helps safeguard applications in multi-tenant environments
Sponsored Feature As enterprises continue to migrate applications into the cloud, security concerns about the data those workloads store and process are inevitable. But how can IT departments be certain that sensitive information covered by stringent data protection laws hosted in public, private and hybrid cloud environments spanning multiple servers and locations is adequately protected from both internal and external threats?
One potential answer is Confidential Computing, which isolates data within a encrypted portion of a server's memory to make sure it cannot be accessed or tampered with. Predictions from the Everest Group published last year indicate that demand for confidential computing solutions will grow at a compound annual growth rate (CAGR) of 90-95 percent over the next five years to be worth US$54bn by 2026.
That momentum is partly down to the Confidential Computing Consortium, a community of suppliers at the Linux Foundation focussed on projects securing data in use and accelerating the adoption of confidential computing through open collaboration.
Intel is a key memory of the Consortium, and provides its own approach to Confidential Computing through the Intel® Software Guard Extensions embedded within its latest generation Intel® Xeon® server chips. These establish isolated enclaves, or a Trusted Executive Environment (TEE), within the memory. Inside an enclave, designated application code and sensitive data are protected and out of view of both internal and external threats. That includes preventing access from other applications running on the system that might be corrupted by malware – particularly useful in maintaining data integrity and security in multi-tenanted cloud environments that could be susceptible to insider threats as well as external cyber attacks.
"By isolating data within a CPU during processing, those CPU resources are only accessible to authorized programming code – they are isolated from everything and anyone else", explains Paul O'Neill, Intel director of strategic business development and confidential computing.
"As a result the data is not readable by human admins as well as the cloud providers' hypervisors, other tenants or the operating system. So you no longer have to trust the cloud provider's security even if they were corrupted and intentionally malicious."
Sensitive code and data outside the enclave is encrypted, and only decrypted once inside the enclave. Results or data created by the application running within the TEE is encrypted again when it leaves the enclave to make sure it remains confidential at all times.
Intel SGX offers an additional layer of beyond data and application isolation inside the TEE. The remote attestation function verifies that a cloud user's SGX-enabled application can be trusted. Attestation provides cryptographic assurance that the enclave is running on a genuine Intel SGX-enabled platform, the processor's microcode security patches are up-to-date, and the application software is exactly what the user authorized. With this assurance, confidential data can be released into the enclave. Pre-examining the security status of a remote server is a necessary precaution that every device and application and process should take when seeking to connect, and the Intel SGX remote attestation feature provides a hardware protected method for this important step.
Financial services to the fore
Any guarantee of trust and data integrity is an attractive option for public and private sector organisations which routinely share and process sensitive, personally identifiable information (PII) tightly regulated by national and regional data protection regulations – including those in financial services, healthcare and retail.
"The early adopters of Confidential Computing, and Intel SGX , are financial services and healthcare organizations ready for complex computing. The reason for that is twofold," says O'Neill.
"One is that they are dealing with the most sensitive datasets, and the second is that they need to harness the economics of the cloud".
Confidential Computing is starting to allow banks, insurance companies and other financial institutions to take sensitive datasets into the cloud, once an unthinkable prospect for such sensitive data. Once there, they can safely harness the scale of the cloud's massive compute resources and apply artificial intelligence and machine learning (AI/ML) analytics to workloads like Anti Money Laundering (AML), credit qualification, market rate calculations, credit scores, loan fulfilments and Know Your Customer (KYC) – all workloads which they have previously struggled to migrate due to the privacy regulation and security concerns involved.
A global reinsurance provider uses data analytics to pull more meaningful insight from the large volumes of data it collects to build more accurate risk profiles for its global customer base. It recently built a Trusted Execution Environment based on Intel SGX to protect the data being processed by the machine learning algorithms that form the basis of its calculation models.
Collecting constantly updated information from other companies in its supply chain - in this case shipping firms, logistics suppliers and port authorities – makes it hard for the firm to share and access data securely. But encrypting it in hardware-based memory provided the assurance it needed to process new, more sensitive data sets.
A UK bank also used Intel SGX to improve its KYC processes. KYC is used to verify the identity of banking customers, typically performed via credit agencies which broker PII to limit the risk of fraud and comply with AML and Counter Terrorism Financing rules and regulations. But this can be an expensive, time consuming and ineffective approach overly reliant on manual processes.
The bank digitised its KYC with Intel SGX, applying ML to sensitive data protected in the Confidential Computing enclave to help it detect and reduce AML fraud. The project also allowed it to build more accurate customer profiles that could help it pursue new streams of revenue through targeted promotions.
Perhaps more importantly, the pilot showed how Intel SGX has the potentially to fundamentally alter the way that financial services companies access shared information without negatively impacting the customer experience and simultaneously meeting compliance obligations.
The economics of cloud ML
Most financial services organizations are moving increasing larger volumes of data, applications and services into the cloud as they seek to streamline their Open Banking operations and compete with more nimble Fintech start-ups. Getting access to the vast amounts of powerful compute resources available off-prem can help significantly scale up their data analytics activity.
A case in point is homomorphic encryption, long used to enable complex financial transactions to be performed using encrypted data, meaning operations could be shifted off prem into the cloud. The trouble is, explains O'Neill, is that it struggles to scale on existing architectures which makes for an expensive IT overhead that Confidential Computing and Intel SGX can help to bring down.
"At the end of the day it comes down to economics, because scalability is super important, Confidential Computing and Intel SGX offers scalable data protection across a wide range of use cases" he points out.
Without scalability, banks can struggle to process enough secure data quickly to give them the insight that underpins the use cases they require. This was initially a problem for the UK bank. The smaller enclave size on previous generations of Intel Xeon E3 CPUs limited the volume of encrypted data which could be stored and processed in protected memory. But the latest 3rd Generation Intel Xeon Scalable components offer much greater scalability, which offers the potential to open up some exciting new financial services use cases.
The other advantage of performing secure ML operations in the cloud stems from the shift to an opex rather than capex investment. That brings secure, cloud-based data analytics and processing within reach of smaller organizations that would otherwise struggle to find the budget to build out their own compute infrastructure.
Cloud computing is already a mainstay in the enterprise, with adoption of public and hybrid clouds continuing to increase. Confidential Computing today leans toward the public cloud, but the volume and diversity of cloud platforms and services available – public, hybrid and private for example – mean that solutions like Intel SGX must be adaptable to suite different architectures and processes to meet customer preferences in a broader range of industries and use cases.
Supporting data sovereignty
Other interesting AI/ML workloads which can benefit from Confidential Computing include the training of sensitive video footage collected from cars to enable autonomous driving algorithms.
"Think of a camera on a car driving around, and it's capturing people's faces, registration plates, addresses on doors etc. Because autonomous driving is safety critical, obfuscating that data is not the best idea," says O'Neill.
"So encrypting that data and taking it into the cloud, and AI training on encrypted data is a massive step forward and that is where SGX can play a key role."
In that example the organization doesn't need the permission of the individual to use their private data, but it does still have to protect it while being simultaneously liable to regulatory fines in the event of data leaks or breaches.
Another deployment comes from the German government which recently moved to build Confidential Computing-enabled services for centralized healthcare, a project that also impacts data sovereignty and shows how Intel SGX can protect citizens' private data when its stored in the cloud.
"Confidential Computing enables three things. The first is obviously data privacy. Because the data is encrypted it is secure by design and meets the principles of the GDPR," says O'Neill, which gives enterprises using Intel SGX a significant advantage as they seek to demonstrate compliance.
"It's also provides privacy since that it creates an environment that is confidential, even in a multi-tenant cloud scenario. And the third key piece is integrity – the concept of knowing that the compute environment is defended by the latest Intel approved security updates and patches, and that certain algorithms are only allowed to do certain things."
Recruiting more software developers
There is already a large ecosystem of Intel partners building what O'Neill calls privacy enhancing applications on top of SGX, each of which either uses the Intel SGX software development kit (SDK) or a library OS. Intel is a major contributor to Gramine, an open source project that enables developers to run unmodified Linux applications in SGX enclaves first outlined by Intel CTO Greg Lavender in May this year. Gramine is important because it provides a 'push button' method for developers to protect applications and data using SGX more easily without having to modify their code.
Intel hopes this will help to expand the number of developers building applications for SGX, particularly when it comes to embedding encryption/decryption and other security functions.
"Between the many ready-to-deploy Confidential Computing solutions from the ecosystem and availability of Gramine and other Library OSs, organizations don't need to develop new applications from scratch using the Intel SGX SDK," concludes O'Neill. "With the software solutions available today, Confidential Computing is not only for the security architects but also the data scientists and other service and solution developers that want to add confidentiality, privacy and compliance to their favourite AI/ML frameworks and utilise AI/ML with the protection of confidential computing more easily."
Sponsored by Intel.