People, Processes, Products Define Intel’s Security Strategy
By Martin G. Dixon, Intel
March 2, 2021
Security Solutions Rooted in Hardware Provide a Trusted and Secure Foundation
IDC expects worldwide security spending to reach $174.7 billion in 2024 with a compound annual growth rate of 8.1% over the 2020-2024 forecast period.
Every year, even as the total investment in cybersecurity grows, vulnerabilities persist with an ever-increasing volume of threats to the confidentiality, integrity and availability of data.
Security doesn’t just happen. At Intel, our success relies on the success of our customers, and it starts with us. We have a clear long-term strategy, and it boils down to our people, our processes and our products.
I am proud that many of the world’s greatest security experts are at Intel. These trusted leaders are embedded across every product group, from architects and designers to technologists and researchers, and help ensure we all operate with a security-first mindset.
It is our people who build new security capabilities, protect against evolving threats and co-engineer security solutions with our partners. Our products are highly complex, and we cannot anticipate the myriad ways in which they will be used nor how sophisticated third parties will seek to undermine their integrity. We work with skilled security researchers across the globe to identify, test and validate the security of Intel products through our Bug Bounty Program and academic programs, including the Side Channel Academic Program.
Beyond what we do for Intel, we also work with the broader community and contribute to industry standards, discussions and think tanks to accelerate industry-level progress in security. Our success depends on executing the best possible products, and for that, we must have a culture where individuals are heard and the best idea wins.
As Nilofer Merchant wrote in the Harvard Business Review, “Culture Trumps Strategy, Every Time.” It is this culture that helps ensure that everything we build is designed to deliver the highest performance and optimal protections.
As we consider who we are and what’s changing in the world, we prioritize innovation, execution, culture and impact. We established the Intel Security Architecture and Engineering Group to lead this effort.
The entirety of a product’s life needs to be secure, and our development practices stem from a security development lifecycle (SDL). Intel SDL is a robust set of processes that integrates security principles and privacy tenets into every step of product development, from concept to support. We take a holistic approach to SDL, customizing the process to address the highly integrated nature of hardware, firmware and software development. This helps to ensure the delivery of a trustworthy product that can be effectively supported from beginning to end of life.
Building security and privacy into products from concept to retirement is not only a strong development practice, but it is also essential to enable customers to truly unleash the power of their data.
Once products are released, we continue to support them and address vulnerabilities. Our SDL process is closely connected to the Intel Product Security Incident Response Team and our internal research efforts that contribute to ongoing security assurance for products both in development and in the field. We feed the learnings of vulnerabilities directly into the concept and architecture stages of our products — constantly learning as threats evolve.
In 2020, 92% of vulnerabilities addressed in our products were a direct result of the proactive investment in our processes. It is our processes that allow us to address threats in a manner that is both comprehensive and maintains high performance, while adapting to new classes of vulnerabilities.
Security is a system-level property rooted in the silicon. Every component in the system — from software to silicon — needs to do its part to help keep data secure.
Today, billions of devices are interconnected and operate in increasingly diverse and complex environments requiring workloads to execute seamlessly between different architectures, with data moving through a multitude of hierarchies. To address these challenges, our product strategy focuses on three areas: foundational security, workload protection and software reliability.
We start with a solid foundation of security to build upon. Intel has delivered security engines being used more than a billion times worldwide. Our platforms have features such as Intel® OS Guard, BIOS Guard and Boot Guard, which help them start up correctly and verify that it is running as expected. These and other technologies are the building blocks that provide ways to verify trustworthiness of devices and data.
Once a platform has started correctly, the next step is to protect workloads. These workloads vary depending on the environment, and to help protect data that moves through them, we continue to build upon silicon-based control schemes that optimize security and performance in foundational technologies. One such example of this is the work Intel is doing to accelerate the use and performance of stronger cryptographic algorithms that encrypt data.
The primary way attackers get into systems continues to be through something they can scale — and that is software. Intel has a history of improving software reliability by building silicon enhancements realized through logic inside the processor. These architectural advancements can result in considerably less execution overhead compared to software-only implementations. A recent example of this work is the release of Intel® Control-flow Enforcement Technology, which helps find the weaknesses that lead to common malware attack methods that have been a challenge to mitigate with software alone.
Security solutions rooted in hardware provide the greatest opportunity to provide security assurance against current and future threats. Intel hardware, and the added assurance and security innovation it brings, helps to harden the layers of the computing stack.
Intel is shaping the future of computing and communications technologies that are the foundation of the world’s innovations. Our success relies on the success of our customers and it is through our ongoing commitment and investment that we earn our customers’ trust.
Martin G. Dixon is an Intel fellow and vice president in the Intel Security Architecture and Engineering Group at Intel Corporation.