Despite the well-recognized benefits of public cloud, the majority of enterprise workloads still reside in on-premises data centers. Fundamentally, enterprise concerns over security, privacy, and compliance remain top-of-mind among the C-suite, and are stated as key blockers to cloud adoption. That is because root access to infrastructure and, more specifically, the compute layer, exposes data, code, and secrets in memory. For years, protection of data-in-use posed a high-stakes security challenge that evaded solution. Even as advancing technology enabled the safeguarding of data at-rest and in-transit, the problem of securing data while it is being processed by an application seemed insurmountable, until the emergence of Confidential Computing.
Data in-use represents a unique security gap that places the most valuable and sensitive information at high risk, including transaction data, sensitive intellectual property, proprietary AI models, and top-secret defense or intelligence agency data, to name several. Achieving total control and ownership of information in the cloud called for unprecedented new levels of capability and sophistication. Confidential Computing is the breakthrough that finally closed the gap.
While AWS innovated confidential computing instances to deliver the highest isolation and run-time protection of memory with the Nitro System and Nitro Enclaves, Anjuna stepped in to accelerate time to market for application developers with an easy-to-use, application-agnostic platform that helps enterprises accelerate high-priority cloud transformation projects without compromising security and privacy.
Anjuna Makes Confidential Computing on AWS Nitro Enclaves Easy
To take advantage of the protection offered by AWS Nitro Enclaves, companies are usually confronted by the obstacle of re-architecting existing applications and building additional operational layers to manage critical secrets for every application, over its whole lifecycle. This complexity poses technical challenges with both skilled staff and investing in undifferentiated development activities that can otherwise be put to business innovation and cloud strategic transformation goals.
With the support of Anjuna Confidential Computing Platform, customers can easily embrace AWS Nitro Enclaves and achieve the highest possible level of data privacy in a matter of minutes, and lift and shift their existing applications without any need for code changes — be those traditional EC2 or cloud-native apps managed with a Kubernetes service such as AWS EKS. This level of simplicity means businesses can proceed confidently toward cloud transformation for their critical data.
The Anjuna platform also helps leading organizations further improve their security posture by extending data protection to all three states. Data is fully protected while in use inside the Nitro enclave, and Anjuna helps the customer ensure that data remains protected and encrypted in transit as it leaves the secure enclave to connect with external systems and at rest as it moves to persistent storage.
Highly regulated enterprises, especially financial services organizations, are particularly susceptible to a span of security risks that threaten their operations, solvency, and public brand. The following real-world case study illustrates some of these challenges, explaining how the AWS and Anjuna partnership overcame them to unblock the bank’s cloud transformation and deliver a broad spectrum of benefits.
A Major Bank Face Scalability Challenges
A UK-based multinational bank faced a set of unique challenges. Opportunities for growth abounded as mobile and web channels generated hot demand spurred by the pandemic. But along with this dynamic activity came growing pains and risk. New cloud applications pressured the bank’s systems, and raised the cost of mainframe transactions, while latency and consequent unmet customer expectations loomed to invite churn.
Technologically, the bank’s hybrid infrastructure faced multiple obstacles in handling its rapidly scaling cohort of online customers. Though it had embraced partial cloud transformation, the bank, like many top financial firms, still operated a substantial IBM z/OS Mainframe core banking platform in its data center. This high cost approach lacked scalability, agility, and elasticity. In typical mainframe fashion, as customer activities expanded, costs climbed, and customer experiences suffered increased latency. As a result, the customer digital experience suffered, presenting the risk of customer frustration and retention concerns.
Moving more components to the cloud would overcome these obstacles, but the bank was held back by data protection and regulatory compliance roadblocks. The bank carried a burden of particularly sensitive data in the form of consumer accounts worth tens of millions of pounds. Protection of data-in-use could not be assured under the bank’s current system, which was a necessity under new regulatory guidance issued by the Bank of England’s Prudential Regulation Authority (PRA), tasked with safeguarding the entire retail customer database. This inability to safely store personally identifiable information (PII) in the cloud hampered the bank from leveraging cloud scalability to solve its growth needs.
AWS and Anjuna Synergize to Turn Security into an Enabler
AWS Nitro Enclaves is particularly suited to highly regulated enterprises like banks. Anjuna’s platform was identified as the most effective complementary solution to solving the bank’s multiple challenges and further streamline the deployment of the application leveraging Nitro Enclaves.
Anjuna was selected because its Confidential Computing approach would not require modifications to the bank's existing applications. This meant the bank was able to rapidly lift and shift its critical Operational Data Store (ODS) layer to the cloud without having to invest in the deep technical expertise otherwise required to operationalize a DIY deployment. Anjuna was also selected thanks to the platform's ability to safely connect the confidential Nitro Enclaves environments to other parts of the bank’s systems.
The enhanced ability to offload data to the cloud has added a generous set of benefits. The bank gained the required elasticity to scale this part of its architecture, which has helped to optimize the customer digital experience, increase loyalty and reduce the risk of churn. The bank can now safeguard PII and keys on their ODS while ensuring they are separated from root level entry by unauthorized users or processes. The bank’s new approach fundamentally enables compliance to the newer Prudential Regulation Authority rules around protection of data in memory, and gives the confidence to comply with emerging data security and privacy mandates. The new solution lightens the mainframe load substantially, which the bank expects to translate into millions in savings. And it also solves worrisome competitive concerns faced by the bank against aggressive new market entrants, thanks to modernizing and boosting its digital banking capabilities, attaining new levels of agility and speed to market.
AWS Certifies Anjuna to Streamline High-Trust Data Security
In 2023, AWS announced its landmark certification of Anjuna as the first Confidential Computing software provider to qualify as a Security Competency Partner. Inclusion in this exacting program called for Anjuna to meet high standards of technical expertise and data protection required by Amazon Web Services (AWS) Security Competency. Anjuna earned this highly competitive distinction by passing a rigorous technical competency audit and demonstrating profound, consistent customer success.
A number of additional factors determined AWS’s decision to single out Anjuna as a program partner. AWS has developed powerful security and access controls, but for customers, the challenge of migrating certain classes of workloads may represent a significant challenge. Architects can encounter a gamut of challenging regulations, tasks, and code changes that slow the process, which also demands strict control and governance standards. For these customers, gaining the full benefit of Nitro Enclaves remained a complex hurdle. Through this certified partnership, AWS acknowledges Anjuna’s ability to empower AWS customers to streamline the use and implementation of Nitro Enclaves.
AWS & Anjuna Better Together
The Anjuna Confidential Computing Platform integrates quickly and easily with AWS Nitro Enclaves to establish a data protection standard of unrivaled rigorousness for sensitive workloads. That means enterprises can leverage Nitro Enclaves to keep data protected at all times without heavy lifting. This milestone relationship between AWS and Anjuna enables organizations to speed cloud transformation dramatically; execute total lock-down of data, encryption keys, and applications; attain critical regulatory compliance—and at last achieve complete confidentiality for their most vulnerable workloads. Contact us if you are interested to learn more.
Try free for 30 days on AWS, Azure or Google Cloud, and experience the power of intrinsic cloud security.
Start Free