Aggregion Adds Intel SGX To Secure Enclave Matching

July 07, 2020

Moscow, July 7, 2020 – Magnit and Aggregion have launched Russia’s first trusted data collaboration environment based on the SCONE platform. The environment has now implemented Intel® Software Guard Extensions (Intel® SGX) technology to additionally protect against leakage of confidential information.

Developed by Magnit and Aggregion, the digital advertising management environment improves the accuracy of audience targeting in advertising campaigns by using anonymized customer data — such as purchases in Magnit supermarkets. The system operates as a Data Management Platform (DMP) and is able to process any type of customer information, making it possible to create audience segments from dozens of behavioral attributes and thousands of product categories.

Magnit has launched over 200 of its own advertising campaigns since the new data management platform was announced in December 2019. Improved precision of audience segmentation and the personalized self-service UI allowed the company to reduce costs associated with digital placement by 20-30%. The sales of goods and projects promoted through the system grew by an average of 1-2%. The environment is founded on the principles of an open consortium where other companies may join the network with their customer data.

Cooperation with partners on joint data makes it possible to significantly enrich analytical models and increase the effectiveness of advertising campaigns, but it requires a reliable solution to protect the environment from possible leakages of source data. This solution is Intel® Software Guard Extensions (Intel® SGX) technology, which organizes joint processing of partners’ data in secure enclaves that are inaccessible to any of the participants.

Intel® Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data by allocating to them protected areas in memory. Such enclaves are isolated from the environment in which they are placed – the operating system, hypervisor, BIOS server. Information is protected at the processor microarchitecture level, so that neither the developer, nor administrator, or the owner of the server would be able to access data and scripts inside the protected area. The transmitted information is securely encrypted using modern protocols and is decoded only once inside the enclave, improving the integrity of the application and data.

Applications running in a protected area are verified and signed by all data suppliers in the platform. This approach helps protect against malicious functions hidden in the application code. Magnit’s DMP environment is powered by the SCONE platform, which takes full advantage of Intel® SGX. The DMP allows launching production solutions in enclaves and provides additional protection for the interface of protected areas.

“Intel® SGX hardware-based trusted runtime environment is a big step toward solving the fundamental trust problem in the cloud. The data management platform developed by our partners Magnit and Aggregion is a great example of how this technology can be used for collaboration between system participants who want to keep data confidential and protect their intellectual property, even when there is a lack of trust between the parties. Creating secure data processing systems is a very difficult task, even with extensive hardware support. The SCONE platform simplifies the use of secure enclaves, allowing our partners to focus on business logic while maintaining an unprecedented level of security. We are pleased to share with them the experience gained over the years of protecting applications and data in cloud environments,” said professor Christof Fetzer, co-founder and COO Scontain.

Magnit has signed partnership agreements with leading advertising groups to use the joint data and analytics for the purpose of increasing the effectiveness of advertising campaigns by FMCG manufacturers. Joint data strategies are being discussed together with leading brands, to include not only the optimization for advertising purposes, but also a wider roadmap for marketing optimization, managing customer loyalty and development of new products. Secure use of big data with this approach is impossible without first creating a trusted data processing environment. Intel® SGX technology and SCONE platform give participants the confidence that their data will not be compromised.

“This is a very important technology for the Magnet DMP. It will be the cornerstone for many of our large big data projects. Many partners showed an active interest in the DMP, seeing significant potential in working with the joint data, but none of the parties were ready to share data with each other. Intel® SGX technology allows to remove this barrier and open up the opportunities for solving previously unsolvable problems, ”commented Andrei Spivak, director of the Big Data project in Magnit.

Russia’s first secure data collaboration protocol using Intel® SGX technology is now available to all participants of the Magnit open digital advertising management platform developed by Aggregion.

“We see a great demand for such solutions, and it grows along with the growth of digitalization. We have integrated Intel® SGX technology in our environment and now we can confidently solve such problems,” said Nukri Basharuli, CEO of Aggregion.

According to McKinsey, from 2017 to 2019 the number of data collaboration projects doubled. About 40% of respondents plan to implement such projects in the future, and the total effect of introducing such solutions will be more than $3 trillion. According to analysts, the data economy will rely on the organization of partner ecosystems, as well as improving the efficiency of supply chains and digital marketing.

Protection of valuable code and sensitive data as well as preventing information leakage becomes ever more crucial as more companies move to the cloud.

“Clients of cloud services need tools to reduce the attack surface and help protect valuable data using encryption,” says Sergey Zhukov, Intel Corporate Business Development Director in Russia. “Confidential computing with Intel® SGX enables companies to better leverage the benefits of cloud computing and multi-stakeholder computing models to uncover the value of their sensitive data. Intel, Scontain, and Aggregion share the same approach to building secure computing platforms which help our customers succeed.”

View source