Intel SGX Enables Magnit to Create a Trusted Computing Environment
October 14, 2020
Magnit, one of Russia’s leading food retail chains, implemented Intel SGX into its digital advertising data management platform. Developed by Aggregion and Scontain, the platform is built on Azure Confidential Computing and is designed to improve the accuracy of audience targeting in advertising campaigns by using anonymized customer data, such as purchases in Magnit supermarkets.
What’s New: Magnit, one of Russia’s leading food retail chains with more than 20,000 locations and 16 million daily visitors, has implemented Intel® Software Guard Extensions (Intel® SGX) into its digital advertising data management platform. The platform, developed by Aggregion and Scontain, is built on Azure Confidential Computing powered by Intel SGX. Designed to improve the accuracy of audience targeting in advertising campaigns by using anonymized customer data – such as purchases in Magnit supermarkets – the platform utilizes Intel SGX technology to protect the environment’s source data.
“Using Intel SGX has allowed us to build a platform that can securely and privately process data from a variety of partners. This allows us to all collaborate better and create more effective advertising campaigns for customers. Our team is extremely excited about the upcoming enhancements to Intel SGX that will allow the secure enclaves to handle even more data, meaning we can further scale our data management platform.”
–Fabian Schaefer, Director of Analytics and data management, Magnit
Why It Matters: Intel SGX gives organizations the ability to use hardware-based controls when securing data. More specifically, it delivers hardware-based memory encryption that helps isolate specific application code and data in memory. Organizations like Magnit can use these private regions of memory, called enclaves (or Trusted Execution Environments or TEEs) to increase the security of application code and data. These enclaves are designed to protect data by isolating it from the rest of the environment – for example, the operating system, hypervisor, other applications, virtual machine admin, host admin and physical memory access.
The transmitted information is also encrypted and decoded once inside the enclave, improving application integrity and helping to ensure data privacy. Finally, all applications running in a protected area are verified and signed by all data suppliers, which helps protect against malicious functions hidden in application code.
Magnit utilizes Intel SGX when working with partners who want to participate in campaigns through their data management platform but may have privacy and data-sharing concerns. Creating systems that securely process and share data from multiple parties (such as advertisers, Fast Moving Consumer Goods organizations and the actual retailers) has historically been a monumental challenge. By creating a confidential computing environment with Intel SGX, Magnit can improve the security of the data collaboration between participants that may have a need to keep data confidential and protect intellectual property, even if a lack of trust exists between parties. Magnit and its partners understand that as digitalization and the reliance on cloud continue to grow, improving code and sensitive data protection with confidential computing environments will be critical to help ensure the data will not be compromised.