AMD continues to expand its confidential computing initiative launched during the summer with another cloud partnership, this one with an AI twist designed to accelerate and secure workloads running in hybrid cloud deployments.
The chipmaker and new cloud partner IBM announced a joint development agreement that seeks to leverage open source frameworks to extend the confidential computing paradigm to hybrid cloud and HPC deployments.
The multi-year agreement announced Wednesday (Nov. 11) builds on an earlier partnership between AMD and Google to use hardware encryption as the basis for “confidential virtual machines” designed to protect data “in use.”
The partners are betting the shift to hardware-based encryption increasingly used to protect data in virtual machines will help plug security holes in hybrid clouds while workloads are running. Industry groups such as the Open Compute Project have released specs designed to secure components such as firmware.
In response, project members such as FPGA specialist Xilinx and chip security startup Kameleon have introduced security processors designed to extend protections to vulnerable workload runtimes. (AMD is in the process of acquiring Xilinx in all-stock transaction valued at $35 billion.)
AMD and IBM said this week their confidential computing effort would build on open standards and architectures to develop workload accelerators for HPC applications along with encryption and virtualization capabilities in hybrid clouds.
The collaboration gives AMD another cloud partner as it and other chipmakers embed security features into their latest architectures. While providing few details about its collaboration with IBM, the chipmaker said in August its confidential VM partnership with Google would be based on its latest “Zen 2” Core architecture, its first Epyc processor built on 7nm process technology. The latest Epyc chip incorporates hardware-based encryption. The chipmaker also promotes its Epyc processors as a platform for migrating applications and data to the cloud.
The latest agreement gives IBM an established hardware partner as it fleshes out its hybrid cloud strategy that seeks to boost data security as deployments scale. The goal is “designing for security and compliance across the stack, from the hardware, through the hybrid cloud platform, to the SecDevOps pipeline,” the company’s research arm notes.
The partnership is also the latest in a series of moves by IBM to promote its hybrid cloud offerings based on Red Hat OpenShift. The cloud vendor claims a growing list of OpenShift users as customers begin to migrate more mission-critical applications and services from in-house datacenters to more secure clouds.
“Businesses need to see some evidence and guarantees that the [public cloud] infrastructure they are using hasn’t been tampered with, and that their workload is isolated from” others, said Talia Gershon, director of IBM’s Hybrid Cloud Infrastructure Research.
The partners are also expected to leverage AI and other tools to help developers keep track of data security and compliance as they push application updates to production, often several times a day.
The joint development agreement further emphasizes open source components ranging from enterprise software to cloud-native architectures. That latter allows data “in use” to be secured based on emerging standards such as OCP’s spec for verifying device firmware at boot via a root-of-trust framework.
IBM’s efforts to lockdown public clouds includes the trusted approach along with encryption signatures during system startup along with isolating cloud tenants from each other and from cloud management systems. Gershon said IBM would also apply automation to developers’ compliance checks, or what she called “compliance as code.”
IBM said the confidential cloud computing initiative also will apply AI tools to vulnerability analysis. “AI applied to code can help us detect, analyze and write better code,” said Gershon.
The partners will seek to apply AI to detecting cloud vulnerabilities as well as application modernization and IT operations, she added.