Servers & Systems: The Right Compute
ComputeExperts

Why HPE chose Intel SGX to deliver Confidential Computing platforms

HPE Gen10 Plus servers with Intel SGX® provide the world’s most secure industry-standard server portfolio with a holistic, 360-degree view of security from manufacturing supply chain to end-of-life decommissioning. 

Intel SGX_HPE ProLiant.png

Privacy, trust, and integrity have never been more crucial in enterprise computing than it is today.  I still believe that it’s imperative every industry move from a cost-driven, reactive approach to a proactive, security-by-design philosophy that forms a clear business parameter with identified measurable outcomes because a single breach can expose everything from valuable intellectual property to personal or sensitive business information.

Security by design really revolves around a comprehensive defense-in-depth strategy, and we believe an important aspect of this—if not the most important—can be found in adopting Confidential Computing (CC).

Many solutions require data privacy, and this has been addressed for data at rest and data in transit. However, these protections alone are insufficient in today’s world. The other remaining data exposure is when it’s in use and Confidential Computing using Intel SGX® provides protections for this situation. This can help solve the concerns around sharing data across platforms, applications, and environments, while simultaneously protecting from breaches and helping customers meet privacy laws and regulations.

With the continued exponential growth in data driven by edge devices and new usage models, business transformation in terms of taking advantage of this data by creating information and thus extrapolating valuable insights is hindered. HPE decided to use Intel’s Software Guard Extensions (Intel SGX) in their new ProLiant Gen10 Plus systems to address this and offer their Confidential Computing platform.

For example, a recently deployed solution in German healthcare required an application with very high security and availability requirements, and thus needed an equally secure operating environment. To achieve this, ITSG, the operator of the complex application structure, involved HPE very early in the required public tender process. The was to provide a highly automated, secure, efficient, and flexible operation of the ePA document management system. HPE contributed with Intel SGX technology to the ePA implementation of  AOK.

The benefit of utilizing these enclaves is that your data can bypass the OS, the hypervisor, and other applications, thus protecting it from vulnerabilities at those layers. These protections extend to other VMs, OSs, and application vulnerabilities in a shared or multi-tenant environment. Not only are on-premises environments protected, but also vital hybrid, public, and multi-public cloud systems.

Another critical aspect of Intel SGX is attestation, or the ability to verify that a specific piece of code ran (or will run) unmodified inside a specific, secure enclave. Thanks to attestation, developers can guarantee that their application is communicating with the enclave, and that data in the enclave hasn’t been simulated or tampered with. What’s more, attestation proves that any results coming back from the enclave are unaltered from the same trusted source.

"We are excited about HPE’s new server platform with Intel SGX. It brings new capabilities to help solve data privacy concerns thus enabling business transformation." Richard Curran, Chief Information Security Officer of Data Center Sales Group, Intel

Endless possibilities

Whether sharing information across different institutions, engaging with CSPs, working with software vendors and security experts relying on Intel SGX today creates the art of possible. For example, Consilient has built a secure, federated learning platform that consolidates multiple datasets from different financial organizations to ensure money-laundering is detected.

University of California San Francisco used the Fortanix platform to review and share health records to reduce time to build out clinical algorithms—which can save lives like that of the Sepsis Controls implemented at UC Davis.

Mark Azadpour, HPE workload solutions program manager, says: “SGX is a game changer in enabling applications to run in enclaves and therefore provide applications with security and confidential computing not possible before. SGX. along with HPE’s secure supply chain server offering, is a winning combination”.

In banking and finance, multi-party compute and federated learning can be applied to the combined, sensitive dataset, providing insights without giving access. With Confidential Computing, institutions meet confidentiality requirements, while analytics helps identify fraud situations.

No need to sacrifice performance for enhanced security

In the past, protecting active workloads could result in significant performance processing requirements, reducing overall performance of the platform. With the new 3rd generation Intel® Xeon® processor, Intel SGX has built in crypto accelerators, resulting in minimal performance impact to the platform. With the larger 1 TB enclaves on dual socket, Intel SGX can protect large datasets, such as medical imaging and video files.

Industry game changer

Confidential Computing, powered by HPE Gen10 Plus with Intel SGX, is a game changer for the industry. HPE Gen10 Plus servers are the world’s most secure industry-standard server portfolio, and provide an enhanced holistic, 360-degree view to security that begins in the manufacturing supply chain and concludes with a safeguarded, end-of-life decommissioning. With robust security features, such as Silicon Root of Trust, Trusted Supply Chain, and Managed Security Services with GreenLake, customers have a best in class solution to run their most critical workloads.

Ready for more?

Discover more about HPE server storage and server security and infrastructure security solutions. And then join technology industry leaders at Accelerating Next on April 21 at 8 am PDT and April 22 at 11 am SGT where they'll be discussing how HPE is transforming compute systems and solutions to become your new foundation for digital transformation.

Register for Accelerating Next, April 21, 8 am PDT

Register for Accelerating Next, April 22, 11 am SGT


Meet our Compute Experts guest blogger Cole Humphreys, HPE Product Management, Cyber Security

Cole Humphreys1.pngCole leads Global Cyber Security Product Management at HPE with responsibility for the security features and technologies embedded within HPE’s compute portfolio.

 

 

Compute Experts
Hewlett Packard Enterprise

twitter.com/hpe_compute
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers

 

 

 

 

About the Author

ComputeExperts

Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.