Project Amber: Pilot
Increasing Trust in Confidential Computing
As enterprises increasingly look to multi/hybrid-cloud environments, there’s growing interest in a trusted third-party assurance service and new implementation of a trust authority to help build higher confidence in moving sensitive data to the cloud.
Project Amber introduces an innovative approach to objective third-party attestation.
Project Amber Decoded
Code-named Project Amber, this upcoming service is an innovative approach to objective third-party attestation. It is a SaaS-based implementation of a trust authority that provides remote verification of the trustworthiness of a compute asset based on attestation and policy.
Initially, Project Amber will verify the trustworthiness of Intel trusted execution environments (TEEs), but the vision extends to much broader device verification, like IPUs, GPUs, platform roots of trust, and beyond. Project Amber is architected as a cloud-native microservice platform running on a managed Kubernetes service, with appropriate abstractions on different cloud infrastructure platforms, on-prem, and edge locations.
Key Benefits
- Independent: Verification of trustworthiness by an independent authority provides increased assurances to users, a solid security foundation for confidential computing and enables new usages in AI, multi-party compute, and federated learning.
- Scalable Cloud-agnostic SaaS, multi-cloud workload support: Project Amber enables organizations to more securely scale and move workloads across a wider range of edge, on-premise, and cloud environments — all with better protection for in-use data and intellectual property.
- Turnkey: Project Amber liberates enterprises from the need to build and maintain a complex and expensive attestation system. This would enable them to focus on their core business.
Project Amber is Intel’s first step in creating a new multi-cloud, multi-TEE service for third-party attestation and will drive forward adoption of confidential computing for the broader industry.
The Amber 1.0 Pilot supports confidential compute workloads deployed as bare metal containers, virtual machines (VMs), and containers running in virtual machines using Intel TEEs. Coming soon in 2023, support will be extended to other non-Intel TEEs in market.
How it Works
- Customer subscribes to the service and obtains Project Amber service API keys.
- Customer downloads and integrates Project Amber Client Agent in their workload.
- Customer requests TEE instantiation in the cloud (such as Azure) as normal.
- Workload executes in the cloud after Project Amber service provides an attestation verification token for the TEE.
Watch the Launch
Project Amber was introduced during the Intel Vision conference on March 11, by Intel’s Chief Technology Officer, Greg Lavender. Watch the Day 2 keynote replay to learn about this innovative service.
Want the highlights? Watch the 5-minute supercut video on YouTube.
With the introduction of Project Amber, Intel is taking confidential computing to the next level in our commitment to a zero-trust approach to attestation and the verification of compute assets at the network, edge and in the cloud.
-- Greg Lavender
Expert Insight
BLOG: How Accenture used Intel’s Project Amber for Multi-Cloud Federated Learning
Accenture is integrating Project Amber into a new AI-based framework for privacy-protecting data cooperatives. Well-designed cooperatives let companies share data and collaborate and help reduce concerns around trust, compliance, privacy and data control or ownership.
BLOG: Independent Attestation as a Service: Leidos Health Pilots Intel Project Amber
This healthcare solutions provider is building a proof of concept for Project Amber attestation for potential use in its mobile medical clinics, which uses specially equipped vans to perform exams and health information processing for U.S. veterans in rural and underserved areas.
BLOG: Advancing Confidential Computing with Intel’s Project Amber
Nikhil Deshpande, senior director of security, and Raghu Yeluri, lead security architect, share how next-generation forms of trust are needed to match the rapid shifts in computing infrastructure and enterprise usage, notably multi-cloud, hybrid cloud, and edge computing.
PODCAST: Live from the Green Room; Behind the Scenes of Project Amber
This episode in the Cyber Security Inside series features Raghu Yeluri, senior principal engineer and lead security architect, discussing how Intel’s approach to independent attestation is poised to accelerate the adoption of confidential computing.
BLOG: Securing AI - and Other Leading Use Cases - with Confidential Computing
Anil Rao, VP and GM of Systems Architecture and Engineering outlines how confidential computing is a paradigm shift that enables growth of services that run on shared infrastructure, as well as new use cases reliant on collaboration among ecosystem partners.
BLOG: How to Secure Security: The Frontier of Trust
In this companion blog, Anil Rao explains how Project Amber enhances the security of confidential computing by de-linking attestation and infrastructure, enabling attestation across multiple clouds, without requiring enterprises to invest in such capabilities.
Join the Pilot Program
Project Amber is in its pilot phase and available to a select set of customers (by invitation only) to further refine and optimize Project Amber’s capabilities and market model.
Please contact Intel at ProjectAmber@intel.com to learn how you might be able to participate in the pilot program.
What Others are Saying
“Project Amber is cloud-agnostic and designed to stand as a third-party solution to verify and provide an attestation for assets managed by other providers….verifying assets by a third-party offers enterprises a more objective approach to measuring risk than relying on a cloud service provider to testify to the security of their systems.” VentureBeat
“With a need for organizations to meet growing security needs, the service focuses on one of the most critical security elements for any organization: trust. Project Amber operates as an independent trust authority in the form of an innovative service-based security implementation code.” SiliconANGLE