Tech
Paid Content : This paid content was written and produced by RV Studios of Red Ventures' marketing unit in collaboration with the sponsor and is not part of ZDNET's Editorial Content.
Home Tech Computing Processors

Business Computing for the 2020s: Next-generation Security

With a dedicated security core, Memory Guard technology, and strong OEM partnerships, AMD builds layered protection into its Ryzen PRO processor family to help keep business data safe. Commissioned by AMD.

Whatever your company's IT priorities may have been at the beginning of 2020, they've certainly changed by now. With more employees working remotely than ever before, how to support, manage, and protect employees' mobile devices has become a critical consideration.

According to an August 2020 survey conducted by Netwrix and reported on in TechRepublic, data and network security were tied as the number-one priority for business, with 76 percent of organizations surveyed citing them as their most important IT projects for the rest of 2020. 

This dovetails with a TechRepublic report from Black Hat USA 2020, which was entirely virtual this year for the first time in its 23-year history. One of the trends identified at the conference is that the shift to remote work is sparking a significant increase in cyber attacks. Criminals are exploiting the new reality, and businesses have to fight back in order to avoid financial and reputational damage.

amd-video2-thumbnaild.png

We sat down with Chuck Schalm, product marketing manager at AMD, to understand the approach AMD takes for device security and to learn about the security features that are built into the AMD Ryzen PRO 4000 Series Processors.  

Not just an enterprise problem

"We're now all working remotely, we're using laptops, and data is getting outside of the organization," Chuck said. "Security has become an increasingly important topic to our customers." 

"Because of privacy regulations like HIPAA and CCPA in the US and the GDPR in Europe," he added, "the stakes are high for companies that put sensitive information at risk. At the same time that these regulations are being imposed, you also have an increasing number of sophisticated attacks and attempts to breach security to steal that data." Schalm explained that these concerns affect companies large and small. 

"There's a lot of expense and cost associated with a data breach, and you can read about this all the time in the news, right? And the cost of those data breaches is going up all the time. For a large organization, it may be many millions of dollars in [remediation] costs and lost productivity. What I find is, in the vast majority of the time, the midmarket and even some of the smaller customers care about data security as much as a large enterprise does. In fact, a small business that has a data breach or loses information can be out of business in months. They can't afford to have that breach."

Secure by design

AMD Ryzen PRO 4000 Series Processors represent a five-year development journey for AMD, Schalm recalled. "We're very excited at AMD about our new Ryzen PRO processors, and the 'Zen' core that's the foundation of those processors. Security features start at the silicon level, where we look at potential data threats and we try to anticipate them. Then we layer security capabilities on top of that, as well."

The security features built into AMD Ryzen PRO 4000 Series Processors are on the same die as the CPU itself, not relegated to a separate unit on the motherboard. This helps prevent certain attacks by design, and it enables AMD to deliver a host of security services. These services include DRM (Digital Rights Management), software TPM (Trusted Platform Module), and secure boot functionality. 

"The AMD Secure Processor is a separate processor whose sole functionality is to provide security services to the chip," Schalm said. "One of those security services is Digital Rights Management, or DRM, and it performs the necessary functions in order to allow protected content to play on the appropriate device or block it if it's not allowed. Another function is a Trusted Platform Module, or TPM. This is where a lot of secrets, such as passwords, are stored. The third function I might add to this is what we call Secure Boot: When the processor is first powered on, the AMD Secure Processor is the first part that gets power, and it controls the flow of information from that point until the processor starts. It checks its own firmware to make sure that it's valid and it hasn't been tampered with. If that's okay, it can then check the BIOS code, make sure that hasn't been tampered with. At that point, it releases the rest of the chip, and the rest of the chip powers up and begins the normal boot process."

Protection from cold boot attacks

An AMD-exclusive feature called Memory Guard protects laptops from so-called 'cold boot' attacks. Schalm explained:

"When you first log into your system, your security and login information is stored into RAM. Your hard drive encryption keys are stored into RAM, and this helps accelerate performance. The problem is, when you go into standby, the contents of that memory is still retained. With a simple spray of compressed air, a bad actor can freeze the memory and retain its contents through a reboot cycle. The memory can then be read out to obtain secrets such as passwords to be able to log into the PC. 

"This is a problem that's been around for nearly 10 years. And it impacts how you use your PC, because the only solution up to now is to completely turn off your PC every time you're done using it. And of course, we all want the laptop to be more like a phone. That is, we want to keep it on all the time." 

With AMD Memory Guard, however, this type of attack is no longer a threat. "The only mitigation that can help solve this problem is to encrypt the contents of the memory. And that's what AMD Memory Guard is," Schalm said. "It encrypts the contents of your system memory every time that CPU writes information out to memory or reads it back in. That means when someone tries to reboot your PC and steal that data, all they'll get is jumbled information. There's no longer a trade-off between the way I want to use the PC and protecting my data."

amd-video2-thumbnailc.png

With AMD Memory Guard, however, this type of attack can be mitigated. "AMD Memory Guard encrypts the contents of your system memory when the CPU writes information out to memory or reads it back in. That means when someone tries to reboot your PC and steal your data, they'll get  jumbled information. There's no longer a trade-off between the way we want to use the PC and helping protect the data."

A team effort

AMD works closely with its OS and OEM partners to ensure that it leverages their security innovations, as well, Schalm pointed out. "Security at AMD is a layered approach, and it's hard for one company by itself to offer a complete solution. We focus on security features at the silicon level and enable capabilities that are at the OS or the OEM level, so when companies in our ecocystem bring out new security features, we make sure that they're implemented into our silicon." 

Schalm added that AMD is looking forward to delivering processors that meet the current and future needs of business users. "We like to say that the AMD Ryzen PRO Processors are the new standard for the modern business PC, and the reason is the pace of innovation that the Ryzen PRO family is bringing to market -- new capabilities that help a business be more productive and help to protect the data at the same time."

To learn more about AMD Ryzen PRO 4000 Series Processors, please visit amd.com/business

Editorial standards
Show Comments