As cybercriminals become more sophisticated, enterprises must find new ways to increase the security of applications, data and users. In a world where the traditional network perimeter has all but evaporated, this task becomes increasingly difficult.
To help thwart the malevolent actors, Intel® is offering new security technologies on Intel® 3rd Gen Xeon® Processors that go beyond the cryptography libraries of years past, extending Intel® Software Guard Extensions (SGX) with broader, richer on-chip security. This article looks at the evolution of on-chip security and how enterprises can take advantage of these new features.
The Constant Imperative of Cybersecurity
A recent CompTIA report found that again in 2021, cybersecurity is the No. 1 challenge facing IT professionals.1 Perhaps the one constant in technology is that a new security hole will appear as soon as one is plugged. Enterprises have taken many different approaches to solve cybersecurity challenges, including multifactor security, advanced firewalls, virus detection, encryption and even restricting access to known good IP addresses. However, in an environment where users increasingly connect to enterprise resources from outside the network perimeter, lapses in security are bound to occur.
Data encryption is one method of battling ransomware and cybercrime. However, while data is often encrypted both in transit and at rest, one critical area of data security is often overlooked: namely, data that is active in memory while being used for application processing.
SGX, Enclaves Evolve Into Confidential Computing
This in-memory vulnerability has led to the need for a trusted execution environment to protect data, which Intel® addressed in 2015 with the introduction of Intel® SGX, a set of security-related CPU instructions that allow both applications and the operating system to define private regions of memory, or enclaves. These enclaves cannot be read or saved by any process outside of the enclave, including other VMs, processes or system tasks, and are thus protected from prying eyes or malicious code. This helps ensure that data is safe while in use, by isolating different applications into their own private memory enclaves.
Fast-forward to 2021 and the growing adoption of Intel® 3rd Gen Xeon® Processors CPUs, which offer an enhancement to SGX known as Total Memory Encryption (Intel® TME). With Intel® TME, enterprises can now protect up to a terabyte of code and data per CPU while it is in use. Now, everything can be encrypted, including customer credentials, encryption keys and other personally identifiable information such as HIPAA or GDPR protected data.
The Future of Computing with Supermicro X12 Servers
The Supermicro server and storage families that incorporate the Intel® 3rd Gen Xeon® Processors enable new workloads to be run, allowing unique insight from massive amounts of data. Learn how to reduce application run time and infrastructure costs with Supermicro and Intel®.
Download NowWhat It Means
Thanks to Intel® 3rd Gen Xeon® Processor CPUs with Intel® TME, enterprise data is now physically secured in ways that were never before possible. Intel® TME thwarts even hardware attacks. For example, an attempt to remove and read DRAM DIMMs after spraying them with liquid nitrogen (yes, that is a practice that has been used in the past) will yield only encrypted data—protecting the enterprise from potential theft of information and regulatory penalties.
Additionally, the increased power of Intel® 3rd Gen Xeon® Processors CPUs, including integrated cryptographic accelerators, means that enterprises no longer need to choose between better protection of data and the performance required for demanding application workloads. Finally, even attacks on the firmware of critical servers are thwarted by Supermicro’s Platform Firmware Resilience solution, which can protect critical non-volatile elements of the server, including system BIOS flash, BMC flash and more.
Systems Matter
There is more to system security than just the CPU. To help organizations meet their cybersecurity objectives, Supermicro offers a broad range of purpose-built servers utilizing Intel® 3rd Gen Xeon® Processors with enhanced security, configuring each one to the organization’s exacting needs.
Certainly, core performance matters. However, a single security lapse can bring down even the highest performing servers and the applications that execute on them. To beat the bad guys, enterprises can rely on the trusted execution environment and Intel® SGX to deliver chip-level security, data segmentation and secure enclaves that protect data at rest, in motion and during execution.
Learn more at Supermicro.com/X12 or contact Supermicro sales.
1 “Top 10 Challenges Facing Technology in 2021,” CompTIA, May 6, 2021
