Thales | Cloud Protection & Licensing Solutions
Contributors:
Lionel Merrien, Nikhil Deshpande
Threat Landscape
Organizations anticipate facing a serious and persistent cybersecurity threat landscape in the foreseeable future. Nearly half (47%) of the respondents of the 2023 Thales Data Threat Report reported that cyberattacks are increasing in volume and severity.
Meanwhile, organizations continue to invest in digital transformation by utilizing the efficiencies and elasticity offered by cloud service providers. As enterprises migrate sensitive data and workloads to the cloud such as financial information, healthcare records, IP-protected machine learning/artificial learning (ML/AL) models, personal customer data, or similar – increasing attack surface. Therefore, there is a need to continually raise the bar in cloud security.
To this end, industry collaborations between chip manufacturers, cloud providers and software/hardware providers are building an enhanced trusted ecosystem for end-to-end data protection with confidential computing.
Confidential Computing: Protecting Data in Use
Traditionally, data has been protected at rest and in transit, but with confidential computing technologies, organizations can protect their data while it is in use. Confidential computing protects data in use by performing computations in a cryptographically isolated hardware-based Trusted Execution Environment (TEE).
Together, Intel, Thales and Microsoft offer a comprehensive end-to-end data protection solution for Microsoft Azure customers. Intel® Trust Authority attests the authenticity of the Azure confidential computing environment before decrypting customer-sensitive workloads. Thales’ CipherTrust Data Security Platform controls the data protection based on the key release policy set exclusively by the customer for its data encryption and Intel Trust Authority -attested environment. The combined solution enhances trust by holding each stakeholder responsible for their respective role, enabling separation of duties.
The Solution
The solution from Thales, Intel and Microsoft enables enterprises to have a seamless, secure journey when migrating sensitive workloads to the cloud. With this lift and shift solution, customers always remain in control of their data protection, ensuring that sensitive workloads are never decrypted outside of a genuine verified Confidential Computing environment enabling End-to-End Data Protection.
Architecture
Thales CipherTrust Data Security Platform
Thales' CipherTrust Data Security Platform provides enterprises with a comprehensive data-centric solution to discover, protect, and control their sensitive workloads across a variety of cloud, on-premises, or hybrid deployment environments. The integration of Intel® Trust Authority into the policy engine of the CipherTrust Data Security Platform enhances customer data control and protection over confidential computing trusted execution environments, preventing the decryption of any data or workload when attestation fails.
“Thales and Intel have partnered to leverage Azure confidential VMs with Intel TDX to build a comprehensive end-to-end data protection solution (E2EDP) for customers requiring additional data security controls. This partnership is a testament to our shared commitment to provide E2EDP and innovate on behalf of our customers.”
Lionel Merrien, VP Innovation and Strategy, Thales
Intel Trust Authority
Intel® Trust Authority is a suite of trust and security services that assures customers that their apps and data are protected across multiple cloud, edge, and on-premises environments.
In its first release, Intel® Trust Authority takes Confidential Computing to the next level with a Zero Trust attestation service that verifies the trustworthiness of compute assets at the network, edge, and in the cloud. Intel Trust Authority attests to the validity of Intel Confidential Computing environments, also known as Trusted Execution Environments (TEEs).
"For enterprises, it is critical to retain agility while maintaining control of their data and meeting compliance requirements. We are pleased to work with Thales CipherTrust Data Security Platform and Microsoft Azure and offer Intel Trust Authority to verify the authenticity and integrity of Intel TDX-based Confidential Computing environments."
Anil Rao, Vice President, Systems Architecture and Engineering and Office of the CTO, Intel
Microsoft Azure Confidential Computing
In November, Microsoft announced the public preview of their confidential VM family with the launch of VMs backed by an all-new hardware-based Trusted Execution Environment called Intel® Trust Domain Extensions (Intel® TDX). This solution brings confidential workloads to the cloud without any code changes to applications.
"We are pleased to announce this integration among Intel, Thales and Microsoft to enable organizations flexibility with attestation and key management solutions, built on top of the Azure confidential computing platform. We look forward to continued collaboration in this area, to help organizations bring their most sensitive workloads to Azure."
Vikas Bhatia, Head of Product, Azure Confidential Computing at Microsoft