Intel Blazes Security And Software Trails At Intel Vision
For most people, the name Intel evokes hardware. Intel has played a pivotal role in the explosion and evolution of processor technology over the last 50 years, and remains a dominant player in the computer hardware arena. At Intel Vision in Dallas last week, though, the company shared an alternative version of “Intel Inside”—embracing the software side of the equation as well.
In his keynote presentation on Day 2 of the event, Greg Lavender, Senior Vice President and Chief Technology Officer; General Manager of Intel Software and Advanced Technology Group, opened with a bit about his appreciation for the contributions of Michael Faraday and described himself as a “software guy—captured in the electromagnetic field of hardware.”
He talked about digital transformation and the benefits of new technologies but added a word of caution. “Every innovation brings its own set of new challenges. It is true that the seamless integration of technology into our lives is allowing us to do more than ever. But at the same time, it’s creating an attack surface and attack vectors at a scale that we’ve never seen before.”
That set the stage to discuss the importance of Confidential Computing, and initiatives Intel is working on to enhance trust and improve cybersecurity for everyone.
Performance Analytics as a Service
I spoke with Lavender prior to the Intel Vision event about Intel offering a software-as-a-service (SaaS) offering to help developers optimize application performance. Or, providing an “easy button” as he explained it.
Intel is in a unique position to understand how the hardware works. They engineered it. As such, Intel is also intimately familiar with what the hardware is capable of and how to optimize performance.
In contrast, Lavender noted that there are an estimated 25 million software developers, with about a million added just in the last year. Many are not deep, experienced programmers. The advent of low-code and no-code development tools has lowered the bar for entry. These developers want an application that works, is secure, and can scale—but they don’t necessarily have the knowledge or skills to know how to make all of that happen.
Hence, the “easy button.”
There can also be significant costs associated with poor performance. Cloud platforms and services are typically billed based on consumption of resources. Applications that use those resources inefficiently can result in a shocking bill at the end of the month.
Intel acquired Granulate—a company focused on optimizing cloud performance. Granulate automates the process of identifying issues and bottlenecks, and resolving inefficiencies to improve performance and reduce costs.
Intel provides an initial profile and recommendations for free. For most companies, though, software changes often. DevOps practices and CI / CD (continuous integration / continuous deployment) tools have accelerated the development lifecycle. To ensure optimal performance on a consistent basis, Intel is offering performance-analytics-as-a-service under a subscription license through the Intel Developer Cloud.
Another software-based initiative Intel shared at Intel Vision is “Project Amber.”
Trust makes the world go ‘round—especially online. Our world increasingly relies on and revolves around technology. Connecting to platforms and services, interacting with applications, and communicating between devices or individuals all require trust—trust that the entity on the other end is legitimate, and that any communications and data between Point A and Point B will be secure and protected from interception or unauthorized access.
The question is how to achieve that trust.
In a nutshell, there are three steps that have to happen for Confidential Computing. First, you request an instance from the cloud. Second, the instance is spawned within a Trusted Execution Environment (TEE). Third, based on that attestation and trust, you deploy sensitive workloads in the cloud.
Seems relatively simple, but there are issues. I spoke to Nikhil Deshpande, Director of Product Development at Intel, about the challenges of trust in online interactions. He pointed out that in many cases today the cloud platform you request the instance from is attesting to the trustworthiness of its own TEE. This self-attestation is a problem for some customers—especially in tightly regulated industries.
Another challenge organizations face is that many have hybrid environments that span multiple cloud platforms. They might get attestation from a cloud platform, but it is limited only to that infrastructure. If you are running workloads across three different cloud platforms, you end up with three different attestations, and no uniform way to assure trust across the complete environment.
Finally, Deshpande said that a third challenge is that some organizations attempt to solve the first two challenges by building their own framework for attestation—but that is complex. It costs a lot to build and maintain a functional system.
Intel hopes to address these challenges with “Project Amber.” “Project Amber” will be an independent, third-party trust authority. The simplest way I can explain this initiative is to compare it to a Certificate Authority (CA). A CA is an independent, third-party that provides assurance of certificates. “Project Amber” will do the same thing for trust.
Within a system, a TEE typically relies on a Trusted Platform Module (TPM)—a physical or embedded technology that resides on the motherboard or in the processor. TPMs use cryptography to securely store essential and critical information and enable platform authentication. The main question I have regarding “Project Amber” is, “How do you get that level of trust in the cloud? How do you know you can trust the Trust Authority?”
Deshpande explained that one element of “Project Amber” is a feature called Verify Integrity of Trust Authority. “We will have a verification ability for the end users to ensure that they can actually see how “Project Amber” has verified certain things. Our intention is to be very transparent, because security needs transparency, and we want to be transparent across all. So, there are features built into the service to provide assurance to the “Project Amber” user that this is how this attestation has been protected.”
The initiative is in the early stages right now. Deshpande explained that Intel plans to launch a pilot of “Project Amber” by the end of this year, with a goal of moving to GA (general availability) by early 2023.
This is just the tip of the iceberg from Intel Vision. Intel execs shared tons more on the roadmap, and…well, vision for what lies ahead. These two aspects stood out to me, though, as examples of a company that is synonymous with PC hardware pursuing new horizons and exploring how software can make the hardware better and more secure.