The recent leak of classified Pentagon documents by Jack Teixeira, a U.S. Air Force National Guard airman with a top secret security clearance, highlights the risk of insider threats and the limitations of traditional defense tools. The leak has had serious ramifications and impacted various government agencies, including the US Department of Defense, NATO Allies, and Ukraine Defense. This incident raises the question of how many insiders like Teixeira exist in the private sector who present similar risks to sensitive data, code, and keys.
Teixeira's case can be compared to the risk posed by many insiders who are granted elevated administrative privileges in enterprises or outsourced service providers. Such privileges often give insiders more access to sensitive data than their job requires. Traditionally, such privileges could not be easily separated from the data being processed, especially when sensitive data is present in memory. Traditional security tools don't always prevent or detect insider threats like this either. For example, in February of this year, CISA published its Red Team Key Findings related to a simulated attack on a "large critical infrastructure organization with multiple geographically separated sites." They concluded that "despite having a mature cyber posture, the organization did not detect the red team's activity throughout the assessment, including when the team attempted to trigger a security response." One other intriguing aspect of this Red Team exercise was the theft of working keys from running memory from an application which could later be used to decrypt a database to access even more sensitive data without authorization.
In this scenario, the server administrator relied on a password manager, which stored credentials in a database file. The red team pulled the decryption key from memory using the open source KeeThief tool and used it to unlock the database. These insider-friendly tools are readily available, and a quick scan of GitHub reveals dozens of similar tools, often created for operational backup purposes to prevent data loss, but can easily be repurposed for theft. Examples include KeyExtractor, KeeThief, and KeyFinder. It's possible that new tools, possibly even built using generative AI, will emerge in the future.
Let’s consider workloads that process highly sensitive or regulated data in the cloud where the attack surface is much larger, and the responsibilities for securing the infrastructure, data, and applications are shared among an organization’s employees and the cloud provider. It can take just one insider to cause a similar data leakage scenario. The industry spends millions trying to prevent unauthorized root-level access to infrastructure, which can give attackers or insiders unfettered access to applications and data. Once an attacker gains root access to infrastructure, they can potentially steal data, code, and secrets such as encryption keys. If this happens, the attacker can perform a secondary, wider lateral attack. So the question is, is it possible to enable privileged users to manage infrastructure without granting root-level access to data that often comes with it? Traditionally, the answer is no, but with new technology and hardware, the answer is yes. Enter Confidential Computing.
Confidential Computing is a newer approach to data security that offers complete isolation of workloads from insider threats and even administrators with root-level access. This mechanism is specifically designed for cloud applications, enterprise applications, data processing, machine learning, analytics processing, and applications that handle sensitive data. These types of workloads are typically targeted by bad actors seeking to steal or compromise information.
Unlike the way operating systems, hypervisors, and software-only controls rely on implied trust, Confidential Computing uses hardware roots of trust to establish strong and provable trust of system and code before workloads run. This ensures that the workload runs as intended, without any malicious or modified code inserts. It also enables processing of data with full hardware-based isolation from the rest of the compute environment, protecting it from potential points of attack. This isolation can be achieved through hardware-based processing isolation or memory encryption, which only allows the trusted CPU to decrypt data and operate on it.
This approach enables us to create isolated compute environments that contain and protect code and data in use, allowing only the trusted ecosystem to process it. For example, imagine an AI algorithm processing sensitive military documents, real-time signals, and video data to enhance the safety of troops in the field. In this case, the data is encrypted so that only the trusted CPU inside the enclave running trusted software can decrypt and process it without human intervention. This is possible because from boot through execution over the life of the workload, the data is entirely contained in the widely available confidential CPUs in hardware in all major clouds today. The ability to create sealed compute environments that are bound to the hardware, along with proof of the sealing process and processing, provides enormous power to contain and isolate running code and data. Such an approach is not possible with software-only controls, which can always be compromised with access to running memory.
Confidential Computing fundamentally changes the game for cloud computing by applying a zero-trust model to application code and data, removing human risks from the equation. With this method:
- An insider with root-level admin privileges managing databases and repositories of sensitive data is blocked and isolated from the data itself, avoiding insider breaches.
- Applications running in enclaves can communicate only with other enclaves, creating an end-to-end security model with no gaps - enforced by hardware.
- Trust is established first by ensuring that the intended workload, including a hardened and minimal kernel, is operating on trusted confidential computing hardware before giving it any secrets or trusted data, such as PII, AI model data, or keys.
- Attacks attempting to steal keys would be blocked by the hardware, as the attacker can only access encrypted memory protected by a key held by the secure confidential CPU.
- Attempts to install malware to extract credentials, data, or other information would be blocked and rejected through the attestation mechanism and hardware roots of trust, avoiding supply chain issues, untrusted code or malware being injected.
- Data utilized by an enclave-based process can be encrypted exclusively for it, enabling sensitive outcomes to be processed then forwarded to another enclave for further processing without human interaction.
- Anjuna can eliminate 77 attack vectors right off the bat, allowing organizations to reduce the risks of insider threats, exploits, and vulnerabilities that are common in IT infrastructure.
Traditional security controls and data risk reduction methods add complicated processes to data handling, but are only partially effective in protecting data, often ignoring code and data in memory. These tools can impose performance overheads on processing or require costly application re-architecting, increasing time to market. They also burden developers with key and secrets management, leading to unmanaged processes and human errors. Confidential computing eliminates these issues, with hardware-based acceleration providing almost imperceptible performance impact even at massive scale. Anjuna's solution enables banking transaction applications serving 40 million customers, with overheads in low single digits.
A Confidential Computing approach dramatically reduces the risk footprint by preventing users with privileged access from accessing running code and data and providing proof and evidence of security. To protect your organization from insider threats and avoid data exposure and costly disruptions to your business, Anjuna Confidential Computing Platform is a powerful weapon in the fight against threats. Our software allows you to quickly and easily protect your workloads in the cloud of your choice without changing your application code or DevOps processes. Anjuna seamlessly supports containerized and Kubernetes-managed applications - there’s no reason to not take advantage of this next generation defense and business enabling capability today.
Don't wait until it's too late to secure your sensitive workloads. Visit our booth at a show near you to see Confidential Computing in action.