Intel SGX Evolves for Data Center

Today, Intel takes another step forward in data center security with the general availability of Intel® Xeon E-2200 processors. Already popular for small-medium business deployments, Intel Xeon E processors are also driving enhanced security usages with the additional layer of hardware-based security and manageability made possible by Intel® Software Guard Extensions (Intel® SGX). One of our top priorities at Intel is enabling features that will help protect sensitive customer data – and Intel SGX does just that.

The new 8-core Intel Xeon E-2200 processors enable servers to operate at frequencies reaching up to 5.0 GHz (with Intel® Turbo Boost Technology 2.0) and feature expanded capacity for hardware-enhanced security with double the Intel SGX Enclave Page Cache (EPC), now 256MB, and side-channel mitigations in hardware. Intel invests heavily in security, and the larger enclave sizes enable larger code and datasets to be encrypted in the SGX enclave, expanding the usages of Intel SGX, and paving the way for additional data center security innovations like AI architectures including federated learning.

Federated Learning is a machine learning paradigm where many compute systems are “federated” together to analyze large and/or diverse datasets. However, current approaches to AI can require complex webs of trust, where the data or the algorithm could be exposed to an untrusted party. Trusted Execution Environments (TEEs) such as Intel SGX provide a means for processing the data within protected enclaves. This facilitates the advantages of cross-industry machine learning while still helping to maintain the privacy of individual data and the confidentiality of proprietary algorithms. Rival banks could build joint anti-money laundering models. Hospitals could use remote, 3rd party analytics on patient data. Retailers could monetize their purchase data while keeping a focus on user privacy.

And Federated Learning is just one example of new security innovations that Intel SGX can enable. Intel’s ecosystem partners bring new ideas to the table constantly with customer data protection as a top priority. Microsoft has been at the forefront of confidential computing in the cloud with Azure. “The new Intel Xeon E-2200 processor unlocks additional enclave space which opens up new scenarios and improves performance. Microsoft plans to roll-out Xeon E-2200 based confidential computing clusters in UK South and Canada within the first quarter of 2020,” said Scott Woodgate, Azure Security, Microsoft.

Why Does Confidential Computing Matter?

Many data security practices focus on securing data at rest in storage, and in flight across the network. Encrypting sensitive data while it is actively in-use in memory is the latest, and possibly most challenging, step in a fully encrypted data lifecycle. Until recently, encrypting data in-use remained unaddressed – and that is where Intel SGX comes in. Intel SGX for the data center first launched in 2017 and was the first hardware-based feature that addressed data protection while in-use by enabling developers to partition their application code and data into processor-hardened encrypted areas of execution in memory. Only Intel SGX offers such a granular level of control and protection.

Confidential Computing is an emerging industry initiative focused on securing data in-use, especially in multi-tenant cloud environments where the goal is to keep sensitive data isolated from all other privileged portions of the system stack. Intel SGX plays a large role in making this capability a reality, both at our own company and throughout the industry. As computing moves to span multiple environments from on-prem to public cloud to edge, it is no wonder companies are looking for protection controls that help to safeguard sensitive IP and workload data wherever their data resides.

Security Cloud Data Center
See how Microsoft is using Intel SGX in their Azure Confidential Computing Services in this video with Corey Sanders.

We’re just beginning our journey to toward widespread confidential computing and comprehensive data security. It will take great innovation and collaboration to continuously move the ball forward. We are making investments in the ecosystem like joining the Confidential Computing Consortium and contributing the Intel SGX Software Development Kit to support a broad industry push to address the latest frontier for data confidentiality in the cloud. In a blog outlining the consortium, Mark Russinovich, CTO of Microsoft Azure sums up the value of the Confidential Computing Consortium perfectly: “These technologies offer the promise to help protect data and enable collaboration to make the world more secure and unlock multiparty innovations.”

Intel is excited to be a part of this effort and looks forward to sharing more about the program at the Linux Foundation’s Open Source Summit in Lyon this week!

In the last year alone, we have seen broad adoption into cloud services from CSPs including Alibaba CloudBaiduIBM Cloud Data Guard, and Microsoft Azure. Driving the ecosystem even further are ISVs like Fortanix, who is building an entire line of business around the technology and servicing a wide range of clients.

Intel is proud to say we will continue to make the foundation of computing more secure with our Intel SGX technology – on current platforms and platforms of the future. What will you do with 256MB of encrypted data and what could you do with 1TB? Tweet me at @jenhuffstetler to let me know!

Learn More

Learn more about how the security ecosystem is implementing Intel SGX and the intriguing use cases on this Intel Chip Chat podcast with Jim Gordon and Allyson Klein.

No product or component can be absolutely secure. Intel® technologies' features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at