In the beginning of electronic data management, data was relatively secure. After all, you owned all the hardware. The data servers were on premise. The person sitting in front of the computer was your trusted employee. And of course, you hired only good people. You vetted them directly, and you paid them well. They had no reason to act in bad faith.
Today, the world of data has changed. Security breaches that were once unthinkable are happening all the time, and it is important to secure not only the software but the hardware, too. Our data landscape has evolved to be vast, connected, and interdependent. People you don’t know—well beyond your corporate walls—have an impact on your security.
With cloud computing, your job is just one of a great number of jobs running on massive servers in hyperscale data centers, likely located far away from your core operations. These data centers have an abundance of virtual machines running jobs from an untold number of different clients, all using different devices. Within the data center, you are allocated a specific amount of memory and number of processor cores so you can accomplish your jobs and tasks.
Because you don’t directly control these operations, you don’t know if someone inside the data center is rolling up to a server with an oscilloscope and logic analyzer to probe “your” server’s internal signals. You don’t know that a data center employee doesn’t also work for a foreign government. You don’t know if they’ve been tasked to snoop around your hardware and the virtual machines.
This is why you need hardware encryption inside virtual servers—the ability to communicate between virtual machine and hardware using a secure encryption key exchange where a third party, even one who owns, manages, and runs the data center day-to-day, doesn’t have access to the encryption itself.
TEE Device Interface Security Protocol (TDISP) is a new framework and architecture to secure I/O virtualization, which was introduced by way of an ECN that makes it part of the most recent PCI Express® (PCIe®) 6.0 specification. Even though the PCIe 6.0 specification introduced the new 64GT/s signaling speed, TDISP can be utilized at any speed. The standardized interface framework defines how to secure the interconnect between the virtual machine host and the device, regardless of where your data center resides or who has access to the servers inside of it.