Putting Enclave Technology to Work for the Enterprise
Secure enclaves are positioned to quickly become the ubiquitous standard for securing enterprise applications and data.
But until now, implementing them has been both time-consuming and expensive. The need to rewrite applications with vendor-specific SDKs has put the hardened protection of secure enclaves out of reach of most IT organizations. Anjuna Enterprise Enclaves bring a “lift and shift” approach that harnesses the power of secure enclave technology without requiring changes to applications or operations.
Large-scale deployment of secure enclaves within an enterprise or cloud environment will require key criteria to be met to ensure enclaves are enterprise-ready:
- Adoption should be simple
- Protection should be full stack
- Multiplatform, multicloud coverage
- Enterprise-class management capabilities
- Integration with the enterprise IT ecosystem
Key Requirement #1
Adoption should be as simple as "lift and shift"
There should be no need to rewrite or recompile applications, or to re-engineer IT processes. This means implementation should not rely on ever-changing SDKs from hardware suppliers and others. Anjuna’s “lift and shift” approach facilitates moving applications to secure enclaves without SDKs, recompilation or other operational changes. This includes the full range of applications--including especially vulnerable legacy applications or applications purchased from outside vendors.
Key Requirement #2
Enclave protection should extend full stack
Protecting data in memory is not enough to support even the simplest enterprise applications. Data protections must protect storage and communications as well. Full stack protection secures applications from compromised operating systems, virtual machines, containers, and more—while also encrypting memory, storage, and network communication. All elements of an application and data are protected, with the smallest possible attack surface.
Key Requirement #3
Multiplatform and multicloud support
No enterprise can afford to be locked into a single hardware platform or cloud service. Yet, developing software for multiple enclave technologies is not viable. Secure enterprise enclave solutions must offer transparent support across multiple enclave technology platforms—enabling applications to run on any confidential cloud or system without modification.
Today’s enterprise operations include a mix of systems on-premise, as well as in public, private, and hybrid clouds. Anjuna Enterprise Enclaves enable applications and data to be securely deployed anywhere enclave-based technologies are supported.
Anjuna supports Intel, AMD, and AWS Nitro Enclaves. Anjuna Enterprise Enclaves run with Microsoft’s Azure confidential computing and numerous other clouds that deploy Intel and AMD enclave technology. Workloads can be executed across any enclave platform without modification.
Key Requirement #4
Enterprise-class deployment capabilities
The value of an enclave is related to its ability to seamlessly integrate with your business and IT processes. Enterprises need to ensure enclaves work in high availability and disaster recovery scenarios, to scale in the cloud, to access files and applications running on different machines, and to easily upgrade applications, firmware, and hardware. Anjuna Enterprise Enclaves offer options to protect your security and business continuity in these scenarios by integrating with existing key management solutions.
Key Requirement #5
Integrating with the enterprise IT ecosystem
In an enterprise, applications are developed and deployed, IT infrastructure built, and operations continuously managed. Secure enterprise enclaves need to integrate with the delivery processes and management systems that make up today’s enterprise IT ecosystem. Anjuna Enterprise Enclaves work transparently with container infrastructure and operations systems, such as Kubernetes, with minimal configuration needed.
"A new generation of data security is here with Anjuna Enterprise Enclaves. Their cloud agnostic full stack data protection solution is so easy to deploy and use, it brings an obvious productivity boost to an enterprise by simplifying strong encryption of sensitive data."