We've all heard the stories about being hacked - and perhaps even experienced this ourselves - whether by rogue individuals or organized criminal organizations. Cybersecurity anxiety appears to be the new normal for our times. It seems not a week goes by without news of another prominent computer security breach. Recently, there's been "VENOM" that exploits vulnerabilities in several software hypervisors as well as the data breach at the Office of Personnel Management (OPM) that exposed personnel files of four million U.S. government workers. Many of us have also received one or more notifications that our credit card or personal identity information may now be in the hands of these invaders.
There's nothing new in this, really. Willie Sutton enlightened us all a long time ago. He allegedly said he robbed banks, “Because that's where the money is.” Today, money and other valuable personal information are 1s and 0s, digital bits stored on servers. There's a real evolution from traditional crime to cyber-crime. Yesterday's bank vault is now a server and disc storage array in a data center. Instead of armed guards standing at the bank entrance, security now comes from computer access control and encryption guarding our assets.
With everything rapidly moving online, it's clearly a new age and one that is quickly growing and changing. The Internet of Things and cloud computing, two massive trends still unfolding, bring both benefits and threats. As everything becomes more connected, we gain greater services that improve our quality of life, such as being able to deposit checks and make payments from our smartphones. Organizations are better able to drive cost savings by improving asset utilization, enhancing process efficiency and boosting productivity. But at the same time, this connectedness creates new opportunities for outsiders looking to exploit security holes for their own profit.
The challenge is significant as individuals and organizations face daily peril of theft in the digital age. People are now faced with the task of protecting assets, whether on their smartphone or PC, and IT managers have to protect servers, business laptops, and other embedded computing nodes. Why embedded devices? Think about the multitude of new intelligent connection points where data is being collected: biometric authentication, mobile payment systems, toll roads, location tracking and smart electrical grids. The advent of autonomous cars will add a new wrinkle, as clearly a nefarious hack of the navigation and control system could prove disastrous. Already there are hacking efforts pointing to the potential for this vulnerability.
All of this is made more complicated by the vast technical complexities and mix of user needs. Companies, public entities and governments have mobile workforces, infrastructure and audiences that require global communications, cloud-based functionality, and adherence to strict regulations, all while compromising neither an employee's ability to bring their own device nor the organization's data security. At the same time, even though individuals and businesses need security, they aren't willing to sacrifice convenience or performance. To achieve this along with a greater level of security requires a combination of software and chip-level hardware. Hardware-based security augments available software tools since it cannot be remotely altered. The physical layer virtually eliminates the possibility of malware, such as virtual rootkits, from infiltrating the operating system.
Security-hardened platforms for PCs, servers, high-performance computing, and embedded devices make consumer and commercial workloads more secure through encryption acceleration, trusted execution environments, isolation of sensitive applications, secured authentication and dedicated key storage. To do this, hardware developers include a secure processor paired with high performance cryptographic engines.
Dedicated hardware in the form of a secure processor enables more secure computing, whether on a PC, laptop, server, or an embedded device. The hardware provides encryption acceleration to protect data without slowing the user's experience. Hardware-based encryption is considered more secure because the encryption keys are embedded in the hardware and poses a significant road-block for the attacker to acquire the encryption keys. In addition, hardware security implemented through a dedicated processor does not consume system resources which results in faster performance for security operations.
Hardware is only half of the security story. The best security comes from a combination of hardware and software. By using an industry standard, customers have access to proven security management software that includes virus detection, anti-malware, system management, data encryption and data geo-fencing. The software library meets the needs of the consumer, commercial and embedded markets and because it is based on an open ecosystem, continues to grow.
We're now at a point where there's a crisis of trust, where cybersecurity is a fundamental requirement for modern computing. Without this, the developing trends of greater connectivity through cloud computing and the Internet of Things could possibly bring more risk than reward. As a provider of computer processors, it's incumbent on us to provide security options that seamlessly integrate with software and that enable customer choice. Individuals and businesses need full solutions to help protect consumer online experiences, corporate device and data management, security of cloud infrastructure, and the Internet of Things. Robust security hardware and software is key to securing our data future.
About the Author: Mark Papermaster is chief technology officer and senior vice president at AMD, responsible for corporate technical direction, and AMD’s intellectual property (IP) and system-on-chip (SOC) product research and development. His more than 30 years of engineering experience includes significant leadership roles managing the development of a wide range of products spanning from mobile devices to high-performance servers.