Meeting the data security challenge with Intel SGX

Abstract visualisation of padlock icon

The idea of data bringing value to the business is no longer cutting-edge; it’s firmly established in the enterprise mainstream. Research from Forrester has shown that firms with good data analytics cultures perform significantly better against key marketing metrics like growth and engagement, and also achieve superior outcomes in terms of revenue and speed to market. In 2019, Gartner predicted that, by 2022, 90% of corporate strategies would explicitly mention information as a critical enterprise asset and analytics as an essential competency.

"CIOs need to go beyond thinking and talking about information as the new oil," said Douglas Laney, VP and Distinguished Analyst for Gartner. "Information has unique economic characteristics that render it potentially much more valuable to their business than any fossil fuel."

That doesn’t mean that realising that value is easy. It isn’t. It involves managing and processing data in a world where cyberattacks are growing ever more sophisticated, and where organisations have greater regulatory responsibilities. Data can enhance productivity, drive efficiency and empower companies to compete and grow, but to do so it needs to be used – to be fed into applications, analysed and the resulting insights fed back into the business. And whenever data is used, you run into two complications.

Firstly, once you get beyond the most basic level, data analytics gets expensive. It involves a lot of computational horsepower and requires high levels of expertise, not only to use the data but to clean it and prepare it for work. Bring in AI and machine learning to push for further insights, and you only increase the demands for computing power and data skills. Secondly, the more data you’re using throughout the business, the more challenging it becomes to both secure it and meet your regulatory obligations – particularly while the data is in use.

Securing data at rest and in transit is hard enough, and here the processes and safeguards are well established and well understood. However, the majority of enterprise data is also at risk while it’s in use. Even where data is securely encrypted while moving across networks or while stored in the data centre, it remains vulnerable to attack while in the application, being analysed and processed. When you’re running analytics operations or training a machine learning model, that data is open to attack.

Here, IT and security teams face a struggle. The rapid shift to remote working makes it essential that workers outside of the corporate network can access the data resources and applications within it. Yet cybercriminals are increasingly focusing on tactics that involve attacking Internet-facing infrastructure and using administration and management tools to attack crucial systems and infect them with malignant code.

What’s more, while new data sources open up new opportunities, they also open up new risks. The number of Internet of Things (IoT) devices is doubling every five years, creating new streams of data for businesses to process, but with them new attack surfaces for cybercriminals to target. And as latency, bandwidth and data gravity make it more sensible to process data near the edge, enterprises will also be required to safeguard that data, far outside the reach of their traditional network security tools.

All of this makes it imperative that organisations make security a key element of any data-driven applications, not to mention the platforms that they run on.

Using Cloud for Analytics

Shifting data-intensive analytics and machine learning workloads to the cloud is one answer to these problems. In fact, the arguments for doing so are compelling. Firstly, it’s more cost-effective for most businesses to spin up the necessary compute, network and storage resources then run them on an OpEx basis than it is to invest in new on-premises infrastructure. Secondly, you have a level of built-in platform security, and there can be performance and latency advantages, particularly with data from customer-facing websites, remote workers and IoT sensors at the edge.

Thirdly, cloud-based platforms and applications are already bringing AI and machine learning technologies within reach of a wider range of businesses, including those that would not normally have the budgets, or the internal skills required.

Perhaps this explains why Gartner has predicted that public cloud services will be essential for 90% of data and analytics innovation by 2022, and that the use of cloud-based AI technologies will increase five-fold between 2019 and 2023.

Yet the cloud has its own security issues, the biggest being trust in cloud service providers themselves. Richard Curran, Security Officer for the Datacenter Group at Intel, talks of how cloud economics push businesses to outsource their enterprise environments to the cloud. Yet, at the same time, doing so lays them open to the risks of the cloud platform itself being compromised, or of an insider threat within the provider. What’s more, regulatory and privacy requirements can add additional responsibilities in terms of identifying and mitigating risks.

All this, Curran says, leads to a situation where "your solution complexity increases, and your business risk and exposure and impediments abound". Businesses that should be using the cloud to run their AI and analytics workloads are forced to settle for in-house resources or – worse – abandon promising data-driven initiatives.

However, there is a way around this: to use Intel Software Guard Extensions (SGX). With Intel SGX firms can develop secure, cloud-based applications or use a ready-built cloud platform that protects your data while in use. SGX is a confidential compute technology that enables developers to build applications that work with sensitive data inside a secure area of system memory known as an enclave. Any data inside the enclave is effectively invisible and unmodifiable to other applications or system processes, or even the hypervisor or OS itself.

This adds the last, crucial element of security for in-house workloads, protecting data in use as well as in transit and at rest. Yet, it’s arguably even more important for workloads running in the cloud. You no longer have to trust your cloud provider with your most sensitive or important data because, while it’s inside the enclave, it’s invisible and inaccessible to them. Meanwhile, a system of attestation confirms that any data flowing in or out of the enclave will only be processed by that specific enclave, and that said enclave meets your security requirements.

Whether businesses are processing data on-premises, in the cloud or at the edge, SGX puts them in control of their data, who can see it, what they can see and when. It ensures that data is encrypted and protected in storage, in transit and in use. In doing so, it opens up cloud-based analytics and AI to more businesses, sectors and applications, ensuring that more organisations can extract as much value as possible from their data.

Learn more about Intel SGX and confidential computing

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.