Glossary

Secure enclaves key terms and concepts, as featured in Secure Enclaves for Dummies.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

 

A

 

AMD SEV (Secure Encrypted Virtualization)

An enclave-enabling technology developed by Advanced Micro Devices (AMD) to protect Linux KVM virtual machines by transparently encrypting the memory of each VM with a unique key.

Anjuna Security, Inc.

A provider of enterprise enclave and Confidential Cloud Platform software.

AWS Nitro Enclaves

AWS Nitro Enclaves create isolated compute environments for Amazon EC2 instances. Nitro Enclaves use the same Nitro Hypervisor technology that provides CPU and memory isolation. Anjuna makes it simple for AWS customers to move existing applications and data into the AWS Nitro Enclaves environment for maximum privacy and security.

 Read More.

 

C

 

cloud services provider (CSP)

An organization that maintains a network of remote servers hosted on the Internet to store, manage, and process data. Examples include Microsoft Azure, Amazon AWS, and Google Cloud.

confidential cloud

A confidential cloud is a private and secure computing environment typically formed over public cloud infrastructure, leveraging enterprise enclave software as its foundation. Confidential Clouds are among the most secure computing resources available.

confidential computing

A term promoted by the Confidential Computing Consortium, Microsoft, and others, it refers to the protection and encryption of data on public clouds utilizing a hardware-based secure enclave or trusted execution environment (TEE). 

continuous integration/deployment (CI/CD)

CI/CD is a method used to frequently deliver apps to users by introducing automation into the stages of app development. The main concepts attributed to CI/CD are continuous integration, continuous delivery, and continuous deployment.

 

D

 

data residency

Data residency requirements define in which country an organization’s data is stored or processed. Local regulations, require varying data types, including data about nations' citizens or residents, to be stored or processed inside that jurisdiction.

 

E

 

enterprise enclave (or secure enterprise enclave)

A secure enclave solution enhanced to address the specific needs and requirements of enterprise IT organizations. Enterprise enclaves provide enclave protection and management that extend beyond memory and compute to storage and network communications. They enable existing applications to be run unchanged within an enclave, and they provide the functionally complete capabilities that enable a Confidential Cloud. Learn More.

 

F

 

full stack

Refers to the complete set of basic components and functions that enable modern software to run CPU, memory, all kinds of storage, and network communications. The “full software stack” also includes operating systems, virtual machines, and other applications (including security software) that support the final application.

 

H

 

hardware-based encryption

Hardware-based encryption is the use of computer hardware to enable data encryption. Hardware is faster and less prone to exploitation than traditional software implementations, which eventually expose sensitive information, such as encryption keys in memory.

hardware root of trust

A system element that verifies data integrity and confidentiality between trusted devices or software in a system or network. It assures that all components of an IT system (hardware, firmware, software, and so on) are secured and can bet trusted.

 

I

 

intellectual property

Creative works or inventions that should be protected from theft, such as data, application code, and algorithms.

Intel SGX (Software Guard Extensions)

A set of security-related instruction sets that are built into some modern Intel central processing units (CPUs) that enable the creation of secure enclaves.

 

K

 

Kubernetes

Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services. It enables clustering groups of hosts running Linux containers and the easy and efficient management of those clusters at scale.

 

L

 

“lift and shift ”

The ability to move a working application from its existing computing environment into another, most often virtualized, computing environment with little or no modification. Confidential cloud software enables enterprises to “lift and shift” their existing packaged and privately developed applications into highly secure enclave and Confidential Cloud environments at minimal cost. 

 

M

 

Microsoft Azure confidential computing

Microsoft’s implementation of a secure computing platform that leverages secure enclave technologies. Anjuna makes it simple for Azure customers to migrate existing applications and data into the Azure environment for maximum privacy and security.

 

O

 

on-premises (“on-prem”) computing

Storing, managing, and processing data and applications at an organization’s own IT facility, rather than remotely in public or private clouds.

 

P

 

proof of concept (POC)

A small pilot project to demonstrate that a technology solution is feasible.

 

S

 

security ecosystem

The diverse set of complementary and layered security solutions implemented by an organization, and the interdependencies among these solutions.

secure enclave technology

A set of technologies that enable the creation of a trusted execution environment. This includes encryption/decryption within the CPUs, memory, isolation and other security features that vary by vendor. Secure enclave technologies form the foundation for the Confidential Cloud which enterprises can easily deploy and manage.

shadow IT

Information systems and data deployed by groups other than the central IT department, to work around the perceived shortcomings of the main IT function.

software development kit (SDK)

A set of tools to allow developers to build software on top of a particular technology. Typically, these are unique to a proprietary hardware architecture.

 

T

 

trusted execution environment (TEE)

An isolated execution environment providing security features, such as isolated execution and integrity of applications executing within the TEE, along with encryption of data. Often used interchangeably with secure enclave.

 

V

 

virtual machine (VM)

An emulation of a computer system that provides the functionality of a physical computer.

 

Z

 

zero trust security

A security approach where no entity is trusted by default when accessing a resource such as networks, hosts, and data. Even when access is granted, it is continuously monitored and verified against least-privileged access policies. Zero trust is meant to counter the open nature of IT infrastructure, which until now has led data, for example, to be exposed by default. Confidential clouds are strictly governed by zero trust principles.