It is no surprise that security is an increasing issue, especially in the cloud. Every week there is a new cybersecurity breach that pops up in our news feed. I can probably guess which one you just thought of. Unfortunately, a security disaster like the Equifax breach isn’t the only incident. Many other high profile organizations have been impacted by sophisticated cyber-attacks. No one wants to be the next company in the news trying to clean up a mess that may be preventable with a solid security plan in place. It is essential that enterprises protect the overall security of their infrastructure and their most valuable digital asset – their data, – if they want to remain competitive. The first step is to understand the three main forces that impact data center security.
Attack surfaces have expanded as more and more devices connect to enterprise networks and the broader Internet, and as IT moves more workloads to the cloud. The enterprise network perimeter used to be limited to a few manageable connection points, but today the perimeter is as big as the planet, creating more vectors and opportunities for attackers to reach your critical data. Endpoint security is more important than ever, but with so many endpoints, you should assume it is inevitable hackers will get in, so you’ll need continued layers of protection.
Hacking has become a huge money-making business, and the process is more industrialized, globalized, and weaponized than ever before. Hacking tools with greater sophistication are widely available for smarter and more resolute hackers. Whether their goal is geopolitical chaos or simple greed, they are after your data.
Security is a big industry and the system stack has a lot of layers. Vendors continue to offer new products and more vendors join the market every year, but that means a lot of fragmented solutions are out there, creating complexity.
Clearly, IT’s security problems have scaled immensely. The good news is, Intel’s hardware and software security solutions have also scaled.
Protecting the Data
Equifax and other big hacks have something in common: huge databases full of plaintext data. This is why companies need to encrypt their data in all of its phases: at-rest, in-use, and in-flight. And the most critical secret is the key used to decrypt the data. Hackers can’t use encrypted data, so they will hunt for the keys, and these need to be protected. Intel has revolutionized securing these keys with Intel® Key Protection Technology (Intel® KPT), which ensures that your private key isn’t compromised, even when in-use.
Intel Key Protection Technology
Intel® KPT leverages Intel® Platform Trust Technology (Intel® PTT) as the keystore and Intel® Quick Assist Technology (Intel® QAT) as the encryption/decryption engine, both of which are integrated into the Intel® Xeon® Scalable processor family platform chipset. This allows the keys to be stored and processed without ever exposing them to main system memory, thus providing an extra layer of isolation, even if an attacker gained full control over the platform. It also removes the processing overhead from the CPU, which is especially valuable in the case of large-volume encryption.
Security has created new requirements and opportunities. For IT organizations, new regulations and legal liability increase the need to take every reasonable measure to ensure the integrity of the infrastructure and protect customers’ data – no one wants to be the next one in the news. To learn more about Intel® KPT and all of the other Intel® Security technologies that help secure the platform, protect the data, and deliver all of this without compromise, visit www.intel.com/XeonScalable.