Originally published 4/29/2021 by Intel Communities
Author: Tom Garrison, VP & GM of Intel Client Security Strategy & Initiatives
Intel is committed to Corporate Responsibility. While we strive to ‘do the right thing’ for our customers, partners, environment, employees, and the community, corporate responsibility is more than that. It is a management approach that looks at and proactively manages diversity, inclusion, supply chain responsibility, environmental compliance and more.
There is a societal value and a business value to corporate responsibility. There’s an evolution in the corporate responsibility space. Companies are realizing that many of these things do impact the bottom line. They impact how customers feel about the company and how employees feel about working for the company.
Intel’s Corporate Responsibility Report is published each May, reviewing our efforts, goals and performance. It provides detailed information on each of these core components:
- Intel’s Business
- Environmental Sustainability
- Supply Chain Responsibility
- Diversity and Inclusion
- Social Impact
CLA Helping CISOs
In my previous blog “The Security Challenges Compute Lifecycle Assurance Is Helping CISOs Address,” I discussed the Compute Lifecycle Assurance (CLA) initiative Intel leads to align the industry around security assurance throughout the lifecycle of a compute device. Today, I want to talk about how Corporate Responsibility aligns with the Compute Lifecycle Assurance Initiative.
Intel’s commitment to customers and suppliers includes conflict-free sourcing and training processes for continuous improvement with suppliers, a key element to more secure sourcing. Intel’s Logistics Risk management and tracking technologies along with counterfeit detection and deterrent policies help ensure that customers receive original items on time and with high quality—direct supply chain assurance. The foundational offering of Compute Lifecycle Assurance, Transparent Supply Chain, enables end customers to better determine the origin of processors and other components and helps keep track of them and the entire platform from manufacturing through on-site provisioning. This allows end customers to better verify themselves that tampering has not occurred between completion of manufacturing and delivery at the site of operation. Transparent Supply Chain is now working with suppliers and ODMs to incorporate blockchain technology in component tracking. When a platform helps provides traceability of components at a batch level or a component level, customers can understand the impact of a bad component on their fleet of PCs or servers and quickly identify and correct the issue instead of waiting for a catastrophic failure.
Investment in Security
Intel’s commitment towards more responsible design and better product security goes beyond the manufacturing process. Every engineer at Intel is trained on Security Design principles and Intel products—both hardware and software— go through the Secure Development Lifecycle (SDL) process.
Externally, Intel engages with offensive researchers, runs a bug bounty program, and partners with academic researchers and institutions, to stay abreast of emerging trends and security threats.
When a vulnerability is identified, our teams work with researchers and the rest of the ecosystem to coordinate vulnerability disclosures, and where appropriate to provide updates, and do so in a predictable cadence to minimize impact to end customers.
Our hope is the entire industry will prioritize product security and invest in key programs as part of their Corporate Responsibility goals. For more information, listen to the Cyber Security Inside Podcast ‘What That Means: Corporate Responsibility’ with Intel’s Camille Morhardt and Suzanne Fallender to learn more.
If you are interested in learning more, check out intechnology.intel.com for a list of podcasts and YouTube videos. Content includes topics from security careers, supply chain security, AI, NLP, digital transformation, and more. Follow me on Twitter at @tommgarrison.