Bringing the security-first pledge to life with new Intel product assurance and security group

Working within Intel and Beyond to Help Safeguard Customers, Drive Security Innovation

By Leslie Culbertson

At Intel, security has long been one of our highest priorities. For years, we have built security into every product we create and worked to deliver break-through security technologies. Intel Authenticate, offering hardware-enhanced identity protection, is just one example of what we have done to advance security within the industry.

We recently renewed our commitment with a security-first pledge – one that emphasizes our focus on customer-first urgency, and transparent and timely communications. This pledge also highlights our commitment to ongoing security assurance. You saw those principles in action with the recent announcement of changes we are making at the hardware level to strengthen the security of our products in the future.

Less visible but no less significant, is the creation of a new group at Intel called Intel Product Assurance and Security (IPAS). As the new leader of IPAS – and as someone who is deeply committed to delivering technologies that protect customers and their data – I want to share more information on this new organization and our vision.

While IPAS was initially formed as part of Intel’s response to the side channel methods disclosed by Google Project Zero earlier this year, our charge is much broader. Our vision is to deliver unparalleled security, privacy and assurance in Intel products – products that customers know they can trust. And, we recognize that trust is something that must be earned daily, through responsiveness, accountability and transparency.

With that in mind, IPAS is designed to serve as a center of security excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead. While we have centralized some of our best security talent under the new IPAS umbrella, we have also ensured that there are dedicated product security experts throughout Intel, so this expertise is embedded throughout the company.

Looking beyond Intel’s walls, I believe there is also an opportunity for us to accelerate security innovation throughout the entire industry. This includes deeper partnerships with academia as well as heightened engagement with the security community – topics you will hear us talk more about in the coming weeks.

The Google Project Zero vulnerabilities certainly presented many challenges. A positive outcome however, was the unprecedented collaboration among so many in the ecosystem. Security researchers, operating system and software vendors, system manufacturers, cloud providers, even other chip makers – all of us came together to protect the interests of end users. I hope this collaboration is a blueprint for the future.

We expect bad actors will continuously pursue increasingly sophisticated attacks, and it will take all of us – working together – to deliver solutions. To that end – and in the spirit of our pledge – we have also provided more detailed information on our security site about how we approach industry engagement on issues such as these. As we’ve stated before, we believe strongly in the value of coordinated disclosure and we want to be as transparent as possible about the methodology we follow.

As I embark upon this new role, my commitment is to work within Intel and beyond, to help safeguard customers and ensure we live up to our security-first pledge. My challenge to the industry is to maintain the same level of collaboration we demonstrated is possible earlier this year. If we can continue to work together at that scale, imagine the possibilities.

Leslie Culbertson is executive vice president and general manager of Product Assurance and Security at Intel Corporation.