Putting Confidential Computing to Work for the Enterprise
Confidential computing is positioned to quickly become the ubiquitous standard for securing enterprise applications and data.
But until now, implementing this technology has been both time-consuming and expensive. The need to rewrite applications with vendor-specific SDKs has put the hardened protection of secure enclaves out of reach of most IT organizations. Anjuna Confidential Cloud software brings a “lift and shift” approach that creates a secure environment in the public cloud without requiring changes to applications or operations.
Large-scale deployment of confidential computing within an enterprise or cloud environment will require key criteria to be met to ensure enclaves are enterprise-ready:
- Adoption should be simple
- Protection should be full stack
- Multiplatform, multicloud coverage
- Enterprise-class management capabilities
- Integration with the enterprise IT ecosystem
Key Requirement #1
Adoption should be as simple as "lift and shift"
There should be no need to rewrite or recompile applications, or to re-engineer IT processes. This means implementation should not rely on ever-changing SDKs from hardware suppliers and others. Anjuna’s “lift and shift” approach facilitates moving applications to secure enclaves without SDKs, recompilation or other operational changes. This includes the full range of applications--including especially vulnerable legacy applications or applications purchased from outside vendors.
Key Requirement #2
Protection should extend full stack
Protecting data in memory is not enough to support even the simplest enterprise applications. Data protections must protect storage and communications as well. Full stack protection secures applications from compromised operating systems, virtual machines, containers, and more—while also encrypting memory, storage, and network communication. All elements of an application and data are protected, with the smallest possible attack surface.
Key Requirement #3
Multiplatform and multicloud support
No enterprise can afford to be locked into a single hardware platform or cloud service. Yet, developing software for multiple technologies is not viable. Secure confidential cloud solutions must offer transparent support across multiple technology platforms—enabling applications to run on any public cloud or datacenter without modification.
Today’s enterprise operations include a mix of systems on-premise, as well as in public, private, and hybrid clouds. Anjuna Confidential Cloud software enables applications and data to be securely deployed anywhere enclave-based technologies are supported.
Anjuna supports AWS Nitro Enclaves, Microsoft’s Azure confidential computing, and numerous other clouds that deploy Intel and AMD enclave technology. Workloads can be executed across any enclave platform without modification.
Key Requirement #4
Enterprise-class deployment capabilities
The value of a confidential cloud is related to its ability to seamlessly integrate with your business and IT processes. Enterprises need to ensure confidential computing works in high availability and disaster recovery scenarios, to scale in the cloud, to access files and applications running on different machines, and to easily upgrade applications, firmware, and hardware. Anjuna Enterprise Confidential Cloud software offers options to protect your security and business continuity in these scenarios by integrating with existing key management solutions.
Key Requirement #5
Integrating with the enterprise IT ecosystem
In an enterprise, applications are developed and deployed, IT infrastructure built, and operations continuously managed. Confidential cloud software needs to integrate with the delivery processes and management systems that make up today’s enterprise IT ecosystem. Anjuna Confidential Cloud software works transparently with container infrastructure and operations systems, such as Kubernetes, with minimal configuration needed.
"A new generation of data security is here with Anjuna Confidential Cloud software. Their cloud -agnostic full stack data protection solution is so easy to deploy and use, it brings an obvious productivity boost to an enterprise by simplifying strong encryption of sensitive data."