How can technology keep women safe?

Successful in the data age - with new standards in performance, flexibility and scalability -Display-

The use of state-of-the-art technologies can significantly support the fight against the Covid pandemic. The EU Commission writes on its website: “Tracking and warning apps can help break the chain of infection. You can save lives by adding manual traceability. ”SAP has addressed this problem and developed the Pandemic Cohort Management Suite together with Intel. With this suite, meetings, events and similar gatherings can be conducted more securely. The core function of the app consists of verifiable records, so that critical contacts can be tracked quickly and correctly in order to break the chains of infection. In this way, the software supports organizations and companies in their fight against the spread of corona among employees, customers and business partners.

SAP is now using the suite for its visitor center. “We have to make sure that our customers can feel absolutely safe when they visit us. This includes not only the usual protective measures, but also the collection of your data in accordance with the GDPR, ”says Heather Morrison, Head of the Global SAP Experience Center. She is addressing an important point, because one of the particular problems of tracking apps is data protection. The federal authorities require end-to-end encryption for this. This means that it must be ensured that all data is always protected, even during processing.

Data protection is also a top priority for the city of Heidelberg, another pilot user. "The SAP solution is exactly what we need, because we need the data and are looking for suitable tools that offer us the data protection we need," says Heidelberg Mayor Eckart Würzner about the solution developed by Intel and SAP.

Confidential Computing: The highest possible level of data protection

To ensure the high data protection requirements, SAP relies on "Confidential Computing", a data protection concept that was developed by the consortium of the same name. "Confidential Computing" essentially consists of a trustworthy runtime environment (Trusted Execution Environment, TEE) in which data and programs, including the operating system and the cloud service stack, are processed in an isolated and shielded manner. This takes the protection of data and applications to a new dimension, because these protection mechanisms are so extensive that even cloud providers have no way of accessing the data while it is being processed. That is why many cloud providers are now increasingly relying on these new technologies.

For example, Microsoft offers its “Azure Confidential Computing” with the Azure virtual computers of the DCsv2 series, which are equipped with the new Intel processors. This ensures control over the data throughout its lifecycle, and the protection and verification of the integrity of code in the cloud. It also ensures that the data and code of the cloud user remain outside the access of the cloud provider.

The latest Intel® Xeon® processors offer security and performance

The Azure virtual machines are based on the latest scalable Intel® Xeon® processors of the 3rd generation. These offer very high performance and native support for numerous security functions. These include Crypto Acceleration with integrated encryption for faster processing of Vector AES, SHA and RSA / DH protocols, Total Memory Encryption (TME) for complete physical memory encryption and Platform Firmware Resilience (PFR).

A particularly important feature are the Intel® Software Guard Extensions (Intel® SGX) with an enclave protection function of up to 1 TB. These are areas within a process that are specially protected by the CPU. Here all accesses - including those from privileged processes - are controlled by the CPU. There is no way to display data or code within an enclave, even with a debugger. As soon as untrusted code tries to change the contents of the memory of the enclave, the environment is deactivated and the operations are refused.

With the help of Intel SGX, developers can better protect their software from manipulation, because the code can even be executed securely on operating systems that have already been compromised. Nevertheless, these extensive protection and security functions do not impair performance. "Normally, the data is unencrypted at the CPU level, but with the scalable Intel Xeon processors with Intel SGX, the data remains encrypted here too, so our Pandemic Cohort Management Suite offers a particularly high level of protection," says Kai Wussow, Head of Digital Transformation at SAP.