Request A Demo

Glossary

Key terms and concepts related to Confidential Clouds and secure enclaves.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

 

A

 

AMD SEV (Secure Encrypted Virtualization)

An enclave-enabling technology developed by Advanced Micro Devices (AMD) to protect Linux KVM virtual machines (VMs) by transparently encrypting the memory of each VM with a unique key.

Anjuna Security, Inc.

A provider of Confidential Cloud Platform software that enables enterprises to simply build Confidential Clouds.

AWS Nitro Enclaves

A technology for creating isolated compute environments for Amazon EC2 instances using the same Nitro Hypervisor technology that provides CPU and memory isolation. Anjuna makes it simple for AWS customers to move existing applications and data into the AWS Nitro Enclaves environment for maximum privacy and security.

 

C

 

cloud services provider (CSP)

An organization that maintains a network of remote servers hosted on the Internet to store, manage, and process data. Examples include Microsoft Azure, Amazon AWS, and Google Cloud.

confidential cloud

A private and secure computing environment typically formed over public cloud infrastructure. Confidential clouds leverage secure enclave technology, encryption, key management, and other battle-tested security technologies as their foundation to create the most secure computing environments available.

confidential computing

A term promoted by the Confidential Computing Consortium, Microsoft, and others, it refers to the protection and encryption of data in use utilizing a hardware-based secure enclave or trusted execution environment (TEE). 

continuous integration/deployment (CI/CD)

CI/CD is a method used to frequently deliver application features to users by introducing automation into the stages of app development. The main concepts attributed to CI/CD are continuous integration, continuous delivery, and continuous deployment.

 

D

 

data residency

Data residency requirements define in which country an organization’s data is stored or processed. Local regulations require varying data types, including data about nations' citizens or residents, to be stored or processed inside that jurisdiction.

 

E

 

enterprise enclave (or secure enterprise enclave)

A secure enclave solution enhanced to address the specific needs and requirements of enterprise IT organizations. Enterprise enclaves provide enclave protection and management that extend beyond memory and compute to storage and network communications. They enable existing applications to run unchanged within an enclave, and they provide the functionally complete capabilities that enable a Confidential Cloud. Learn More.

 

 

 

F

 

full stack

Refers to the complete set of basic components and functions that enable modern software to run, including CPU, memory, storage, and network communications. The full software stack also includes operating systems, virtual machines, and other applications (including security software) that support the final application.

 

H

 

hardware-based encryption

The use of computer hardware to enable data encryption. Implemented using hardware security modules (HSMs) and within CPUs by both Intel and AMD, this is considered the strongest form of data encryption available.

hardware root of trust

A system element that verifies data identity, integrity, and confidentiality between trusted devices or software in a system or network. It assures that all components of an IT system (hardware, firmware, and software) are secured and can be trusted.

 

I

 

intellectual property

Creative works or inventions that should be protected from theft, such as private data, application code, and machine learning algorithms.

Intel SGX (Software Guard Extensions)

A set of security-related instruction sets that are built into modern Intel server central processing units (CPUs) that enable the creation of secure enclaves.

 

K

 

Kubernetes

A portable, extensible, open-source platform for managing containerized workloads and services. It enables clustering groups of hosts running Linux containers and the easy and efficient management of those clusters at scale.

 

L

 

“lift and shift ”

The ability to move a working application from its existing computing environment into another, most often virtualized environment, without modification. Confidential Cloud software enables enterprises to “lift and shift” their existing packaged and privately developed applications into highly secure enclave and Confidential Cloud environments at minimal cost and almost no effort.

 

M

 

Microsoft Azure confidential computing

Microsoft’s implementation of a secure computing platform that leverages secure enclave technologies. Anjuna makes it simple for Azure customers to migrate existing applications and data into the Azure environment for maximum privacy and security.

 

O

 

on-premises (“on-prem”) computing

Storing, managing, and processing data and applications at an organization’s own IT facility or data center, rather than remotely in public clouds.

 

P

 

proof of concept (POC)

A small pilot project to demonstrate that a technology solution is feasible.

 

S

 

security ecosystem

The diverse set of complementary and layered security solutions implemented by an organization, and the interdependencies among these solutions.

secure enclave technology

A set of technologies that enable the creation of a trusted execution environment (TEE). This includes encryption/decryption within the CPUs, memory, isolation, and other security features that vary by hardware and cloud vendor. Secure enclave technologies form the foundation for the Confidential Cloud.

shadow IT

Information systems and data deployed by groups other than the central IT department, in order to work around the perceived shortcomings of the main IT function.

software development kit (SDK)

A set of tools to allow developers to build software on top of a particular technology. Typically, these are unique to a proprietary hardware architecture.

 

T

 

trusted execution environment (TEE)

An isolated execution environment providing security features, such as isolated execution and integrity of applications executing within the TEE, along with encryption of data. Often used interchangeably with secure enclave.

 

V

 

virtual machine (VM)

A software emulation of a computer system that provides the functionality of a physical computer.

 

Z

 

zero trust security

A security approach where no entity is trusted by default when accessing a resource such as networks, hosts, and data. Even when access is granted, it is continuously monitored and verified against least-privileged access policies. Zero trust is meant to counter the open nature of IT infrastructure, which until now has led data, for example, to be exposed by default. Confidential clouds are strictly governed by zero trust principles.