Glossary

Secure enclaves key terms and concepts, as featured in Secure Enclaves for Dummies.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

A

 

AMD SEV (Secure Encrypted Virtualization):

An enclave-enabling technology developed by Advanced Micro Devices (AMD) to protect Linux KVM virtual machines by transparently encrypting the memory of each VM with a unique key.

Anjuna Security:

A provider of enterprise secure enclave software solutions.

AWS Nitro enclaves:

The secure enclave-enabling technology developed by Amazon Web Services (AWS) which enables customers to create isolated compute environments to further protect and securely process highly sensitive data within EC2 instances. Read More.

 

C

 

cloud services provider (CSP):

An organization that maintains a network of remote servers hosted on the Internet to store, manage, and process data. sample providers are Microsoft Azure, Amazon AWS, and Google Cloud.

confidential computing:

A term promoted by Microsoft Azure and others, it refers to the protection and encryption of data on public clouds utilizing a hardware-based secure enclave or trusted execution environment (TEE).

continuous integration/deployment (CI/CD):

The process by which developers send software to be integrated into larger systems for testing multiple times per day (or more). After being tested, the system is deployed at increasing scale by automated tools.

 

D

 

data residency:

Data residency is the process where an organization specifies that certain data must be stored in a specific geographical location, usually for regulatory, tax, or policy reasons. By contrast, data localization is implemented when it is legally required that data created within a certain territory remain within that territory. The degree of data control afforded by secure enterprise enclaves enables highly reliable data residency and localization.

 

E

 

enterprise enclave (or secure enterprise enclave):

A secure enclave solution designed to address the specific needs and requirements of enterprise IT organizations. Learn More.

 

F

 

full stack:

Refers to the complete set of basic components and functions that enable modern software to run: CPU, memory, all kinds of storage, and network communications. The “full software stack” also includes operating systems, virtual machines, and other applications (including security software) that support the final application.

 

H

 

hardware encryption:

Using hardware to cryptographically transform usable data into something not useful to those without the proper credentials or keys.

hardware root of trust:

A system element that verifies data integrity and confidentiality between trusted devices or software in a system or network. It assures that all components of an IT system (hardware, firmware, software, and so on) are secured.

 

I

 

intellectual property:

Creative works or inventions that should be protected from theft, such as data, application code, and algorithms.

Intel SGX (Software Guard Extensions):

A set of security-related instruction codes that are built into some modern Intel central processing units (CPUs) that enable the creation of secure enclaves.

 

K

 

Kubernetes:

Kubernetes is an open source platform that allows you to cluster together groups of hosts running Linux containers and easily and efficiently manage those clusters at scale.

 

L

 

“lift and shift:”

The ability to place an application within a secure enclave without the need to rewrite or recompile the application.

 

M

 

Microsoft Azure confidential computing:

Microsoft’s implementation of a secure computing platform that leverages secure enclave technologies, including Intel SGX-enabled CPUs.

 

O

 

on-premises (“on-prem”) computing:

Storing, managing, and processing data and applications at an organization’s own IT facility, rather than remotely.

 

P

 

proof of concept (POC):

A small pilot project to demonstrate that a technology solution is feasible.

 

S

 

security ecosystem:

The diverse set of security solutions implemented by an organization, and the interdependencies among components.

secure enclave technology:

A set of technologies that enable the creation of a trusted execution environment. This includes encryption/decryption within the CPUs, memory and data isolation and other security features that vary by vendor.

shadow IT:

Information systems and data deployed by groups other than the central IT department, to work around the perceived shortcomings of the main IT function.

software development kit (SDK):

A set of tools to allow developers to build software on top of a particular technology. Typically, these are unique to a particular hardware architecture.

 

T

 

trusted execution environment (TEE):

An isolated execution environment providing security features, such as isolated execution and integrity of applications executing within the TEE, along with encryption of data. Often used interchangeably with secure enclave.

 

V

 

virtual machine (VM):

An emulation of a computer system, based on computer architectures, that provides the functionality of a physical computer.

 

Z

 

zero trust security:

A security approach where no entity is trusted by default when accessing a resource such as networks, hosts, and data. Even when access is granted, it is continuously monitored and verified against least-privileged access policies. Zero trust is meant to counter the open nature of IT infrastructure, which until now has led data, for example, to be exposed by default.