Intel's Xeon E-2200 processors are available, bringing enhanced security usages with the additional layer of hardware-based security and manageability made possible by Intel Software Guard Extensions (Intel SGX).
The new 8-core Intel Xeon E-2200 processors enable servers to operate at frequencies reaching up to 5.0 GHz (with Intel Turbo Boost Technology 2.0) and feature expanded capacity for hardware-enhanced security with double the Intel SGX Enclave Page Cache (EPC), now 256MB, and side-channel mitigations in hardware. The larger enclave sizes enable larger code and datasets to be encrypted in the SGX enclave, expanding the usages of Intel SGX, and paving the way for additional data center security innovations like AI architectures including federated learning.
Federated Learning is a machine learning paradigm where many compute systems are “federated” together to analyze large and/or diverse datasets. However, current approaches to AI can require complex webs of trust, where the data or the algorithm could be exposed to an untrusted party. Trusted Execution Environments (TEEs) such as Intel SGX provide a means for processing the data within protected enclaves. This facilitates the advantages of cross-industry machine learning while still helping to maintain the privacy of individual data and the confidentiality of proprietary algorithms. Rival banks could build joint anti-money laundering models. Hospitals could use remote, 3rd party analytics on patient data. Retailers could monetize their purchase data while keeping a focus on user privacy.
Many data security practices focus on securing data at rest in storage, and in flight across the network. Encrypting sensitive data while it is actively in-use in memory is the latest, and possibly most challenging, step in a fully encrypted data lifecycle. Until recently, encrypting data in-use remained unaddressed – and that is where Intel SGX comes in. Intel SGX for the data center first launched in 2017 and was the first hardware-based feature that addressed data protection while in-use by enabling developers to partition their application code and data into processor-hardened encrypted areas of execution in memory.
Confidential Computing is an emerging industry initiative focused on securing data in-use, especially in multi-tenant cloud environments where the goal is to keep sensitive data isolated from all other privileged portions of the system stack. Intel SGX plays a large role in making this capability a reality. As computing moves to span multiple environments from on-prem to public cloud to edge, it is no wonder companies are looking for protection controls that help to safeguard sensitive IP and workload data wherever their data resides.
Intel is making investments in the ecosystem like joining the Confidential Computing Consortium and contributing the Intel SGX Software Development Kit to support a broad industry push to address the latest frontier for data confidentiality in the cloud.