Conventional approaches to securing applications have relied primarily on software to provide protection. However good the software implementation may be, an attacker that can gain privileged access would conceivably be able to circumvent software defenses. Hardware technologies introduced into modern processors by Intel® (SGX) and AMD (SEV) can provide a significantly better security and privacy model. They essentially enables to run applications in a Secure Enclave — an environment that is isolated from the hypervisor and the host OS. It can help protect the confidentiality of sensitive data, and significantly raise the bar against attackers that exploit privilege escalation to obtain full control of the host.
Deploying application on bare-metal clouds requires you to take care of security from the hardware level up, including hardening and patching the operating system, managing access permissions, etc. Luckily, some providers like Packet give access to instances that support the Intel® SGX or AMD SEV technologies. Those can be used to secure your sensitive applications to the extent that even an attacker that gains root access to the bare-metal instance would not be able to access your data, or tamper with the produced output. Moreover, even the cloud provider itself would not be able to peek into it despite physical access to the hardware, and root access to the host OS.
Deploying an Intel® SGX enabled instance on Packet
Packet offers access to Xeon E3 processors supporting Intel® Software Guard Extensions (SGX) through c1.small.x86 instances. Here is documentation on how to deploy c1.small.x86 instances using a Packet account. Xeon E3 processors can power intensive workloads, and the security features can help ensure that data is protected, giving users the benefits of bare-metal with high-levels of confidentiality and privacy.
Securing Secrets and keys
One type of applications that requires particular attention is key-management applications. Key-management (sometimes also called secrets-management) solutions store, manage and provide access to secret parameters such as cryptographic keys, credentials, authentication tokens, etc. Development teams need to share data, configurations, and access keys across teams to cooperate on application development and testing. Automated build servers need access to source code control, API gateways, and user roles to accomplish their tasks. Servers need access to encrypted disks, applications need to access databases, and containers must be provisioned with privileges as they start up. Automated services cannot wait around for an administrator to type in passwords or provide credentials. Secrets management platforms address these requirements.
Some popular secrets management solutions include Hashicorp Vault, CyberArk Conjure, etcd and Square Keywhiz. These solutions are mostly open-source, with Hashicorp offering an enterprise version for Vault with features like HSM integration and more.
While the data used by secrets management platforms is typically secured at-rest and in-transit, secret information is in the clear and unprotected at runtime. Malicious actors can compromise secrets while the data is in use. For example, hackers or malicious insiders can parse data-in-use to obtain the encryption keys for data-at-rest or certificates for intercepting data-in-transit. To better understand the security model of Vault, and what is outside of it, refer to the Security Model in Vault's documentation , or to the following webinar on runtime protection for secrets management.
You can use secure enclaves to protect your keys and secrets on bare-metal instances using the Anjuna Runtime — a solution that enables seamless execution of applications inside enclaves, without the need to modify the application. As part of our Technology Partnership with Hashicorp, Anjuna provides a runtime-security solution for Vault, securing its master-key, unseal tokens and data in memory.