Preventing Insider Threats With Anjuna Confidential Cloud Software

Executive Summary

One of the biggest threats to enterprise IT security today is both inside your organization and the cloud. Insiders are dangerous because of the host access required to do their jobs and their implicit overexposure to host data. While most insiders, including employees, contractors and third parties are trustworthy, it only takes one bad actor to effect a serious breach.

Neutralizing insider threats has been a vexing problem since the dawn of computing. In an ideal world, insiders, including IT staff and cloud providers, would work productively, but remain isolated from the data and workloads they manage. Ideally, this protection would be invisible, operating as a service of the underlying infrastructure, allowing them to do their work unimpeded by user or application-level security controls.

Software encryption schemes have attempted to hide data from insiders with little long-term success. This is because computing hardware implicitly requires encryption keys to be decrypted and exposed in memory before they can be used—undermining security efficacy. Given this historic limitation in computing architecture, effective data and workload protection, may be temporarily achieved but is impossible to consistently maintain. Insiders and hackers can always find a way around these safeguards.

Thankfully, this situation has recently changed dramatically. New silicon-level technologies are now ubiquitously available on Intel and AMD CPUs, and within AWS, Azure and many other public clouds. These close the memory flaw, while enabling the creation of confidential computing environments within a host. 

But implementing confidential computing, especially in the cloud, is time-consuming and expensive. The effort required to rewrite applications puts secure enclave protection out of reach of most IT organizations. 

Until now. Anjuna Confidential Cloud software makes secure computing with existing workloads simple. Instead of re-coding applications, Anjuna enables any software to operate transparently in the secure confines of a Confidential Cloud running over public hosted infrastructure—no changes to applications or IT operations.

Secure Enclaves and Confidential Clouds

A secure enclave is a computing low-level (memory and CPU only) environment isolated from and invisible to all other users and processes on a given host. Code executed within a secure enclave can only reference itself. Proprietary secure enclaving features are built into all new CPUs from Intel and AMD and in AWS and Azure public clouds.

With additional software, secure enclaves enable the creation of a Confidential Cloud—a type of secure enclave suitable to process enterprise workloads and data in total privacy and without modification Anjuna Confidential Cloud software extends secure enclave capabilities to encompass storage and network data for full stack security over public cloud infrastructure. This means unmodified workloads can be run securely anywhere—completely isolated from insiders and hostile processes.

Learn More.

Prevention Not Detection

There will never be a foolproof way to be certain all threats to enterprise IT operations have been detected and mitigated. Moving from detection to prevention changes the focus from identifying and chasing malicious acts that have already occurred to preventing them from happening in the first place.

Secure Enclaves technologies, including Intel’s Software Guard Extensions (SGX), AMD’s Secure Encrypted Virtualization (SEV), and AWS Nitro Enclaves, are built into modern CPUs and cloud environments. These segment, isolate, and/or encrypt computer resources away from all other applications, privileged users and even the host itself. Application code and data located in these enclaves are decrypted only by the CPU when needed, and are rendered useless to anyone, even in the event of a complete host compromise. Enclave technologies have the potential to dramatically improve data security, and are being deployed widely by AWS, Azure, and other cloud providers.

The Confidential Computing Consortium, founded in 2019, is driving the adoption of confidential computing to protect data in use by performing computation in a hardware-based secure enclave, or Trusted Execution Environment (TEE). Secure instruction sets (and the second enclaves they enable) form the most direct, secure path to enabling an industry-standard solution.

For more information about secure enclaves, see the Anjuna white paper Securing Enclaves: The Powerful Way to Prevent Insider Threats.

The Tradeoff: Security vs. Productivity

Current cybersecurity practice focuses on controlling network access by outsiders or end-users, and to detect hacking and incursions as they occur. The problem with detection is that it’s after the fact, costly, ineffective, and incomplete. Infrastructure insiders—system administrators, network architects, system analysts, developers, and site reliability engineers—can easily misuse or abuse their level of access. Not only can they steal or damage sensitive data, they can cover their tracks by deleting detection logs or bypassing software security mechanisms, including security audits, which allows them to access data without being detected.

Software encryption schemes don’t offer sufficient protection because encryption keys are stored decrypted in memory, where insiders have easy access to them. Attackers can also exploit zero-day vulnerability to gain access to data and circumvent software defenses.

Maintaining security without impacting IT productivity has been a classic security challenge. Cloud-based computing only compounds the problem, since there is limited accountability and control over the personnel at IT cloud platform providers. What’s needed is an approach that keeps data protected and businesses in control of their data and applications without constricting IT insiders from doing their jobs.

Adoption Has Been Limited by the Need to Recode Applications

Implementing confidential computing can be a daunting challenge. Applications have to be significantly rewritten, and changes to IT processes are often needed. Each chip provider offers its own software developer kit (SDK), providing low-level tools that require considerable understanding of intricate design details, as well as knowledge of cryptography concepts.

Because existing applications were not designed to be used in conjunction with this technology, implementation requires significant design, development, and testing resources. SDKs change with every chip revision, and applications need to be rewritten on an ongoing basis to keep up with those changes. This is both complicated and costly.

Given this situation, most enterprises won’t realistically have the resources and expertise to take advantage of the full potential of this powerful technology.

Bringing Confidential Clouds to the Enterprise - With No Recoding

To be ready for large-scale deployment within an enterprise, confidential clouds must meet several criteria.

First, adoption must be simple and straightforward. There should be no need to either rewrite applications or reengineer IT processes. That means having a path to implementation that does not rely on ever-changing SDKs from individual hardware suppliers.

Protecting data at-rest is extremely important, but not sufficient. Today’s applications are highly distributed and elastic. They may run across multiple systems or virtual machines. Storage and networks must be protected as well, and this protection should extend beyond on-premises systems to both public and private clouds.

The solution should offer cross-platform support for all cloud platforms, rather than be limited to one or two hardware suppliers. And it should include support for such critical enterprise functions as disaster recovery, high availability, and data sharing between applications running on different machines, as well as the ability to easily upgrade the application and the hardware when necessary.

Anjuna Makes Confidential Clouds Simple and Enterprise-Ready

Anjuna meets these criteria to take enclaves to the enterprise Level by supporting five main requirements for enclaves in the enterprise:

secure-enclaves-easy-security-applications-data-anjuna

Simple Application Lift & Shift

Adoption should be simple and straightforward.

Anjuna Confidential Cloud Software enables enterprises to “lift and shift” applications and data to secure enclaves quickly and easily in minutes. There is no rewriting of applications, no recompilation, no change to operating processes, and no need for training the IT team. Within seconds, Anjuna automatically creates an isolated and ironclad hardware-encrypted confidential cloud in which applications run. All types of applications, including proprietary or legacy programs, run unmodified within the enclave. Even privileged users on the guest operating system, hypervisor, or the host operating system cannot access the data or applications.

Full Stack Coverage

Anjuna software extends protections beyond memory to automatically protect storage and networks with full stack encryption. The full stack is secured—both hardware and software. Data is isolated and completely inaccessible to any other entities while running an application, while memory is completely isolated from anything else on the machine, including the operating system. Neither root nor physical system access enables data access. The host will simply and automatically encrypt data written to storage—with no changes to applications or operations. Anjuna ensures TLS connections are terminated in trusted secure enclaves at both ends of the connection—securing the network from full stack.

Fullstackcoverage
attestation

Transparent to IT Operations

No enterprise wants to add complexity or additional processes to their IT environment. It’s important that confidential clouds will secure applications “as is.” Anjuna software deploys instantly and simply—with no changes to applications or IT processes. This means there’s no reconfiguration, recompiling, recoding, SDKs, or additional hardware required. In fact, Anjuna Confidential Cloud software operates undetected by workloads or operations staff.

Ecosystem Integrations

Enterprises also need to ensure confidential clouds will work within their environments and with established processes. They need to support high availability and disaster recovery scenarios, to scale in the cloud, to access files and applications running on different machines, and to easily upgrade the application, firmware, and hardware. Anjuna Confidential Cloud software offers options to protect security and business continuity in these scenarios by integrating with existing key management solutions.

Screen Shot 2020-05-05 at 4.57.17 PM

Multi-Platform and Multi-Cloud Support

Enterprises can’t afford to be locked into one hardware platform or cloud. Anjuna supports Intel, AMD, and AWS Nitro Enclaves platforms.

In addition, Anjuna Confidential Cloud software supports native Kubernetes Key management solutions on public clouds. Workloads can be executed across any enclave platform without modification. This provides the flexibility to secure data—no matter what server or cloud on which they are running.

Anjuna uses attestation to develop a hardware root of trust by authenticating the hardware inside which the secure enclave is running as genuine, and attesting to the integrity of enclave memory to a remote party. This allows secure enclaves to protect applications, data, and storage—locally, across the network, and in the cloud—simply and effectively.

Cloud Instance On-Prem Server

A Single Solution for All Environments

Until now, an enterprise was never completely secure. Existing solutions are expensive and difficult to deploy. Some required computationally intensive software hardware and software add-ons. Only limited applications were protected because of complexity and cost. Separate solutions were required for networks, data at rest, and data in use.

Anjuna Confidential Cloud software enables applications to be securely deployed anywhere enclave-based hardware is supported. This includes all clouds—public, private and hybrid—as well as containers, virtual machines, and bare-metal servers. Enterprises are never locked into a given technology. Anjuna allows enterprises to execute anywhere—on premises or in the cloud—and still maintain secure control. 

Anjuna protects high value applications, such as secrets management, service mesh and web services, databases, and machine learning applications. Anjuna Confidential Cloud software also helps enterprises more effectively manage and mitigate high exposure situations. This includes high-risk geographies (where there is significant potential for bad state actors), geographies where it’s not possible to monitor employees due to privacy concerns (such as the European Union), and areas of high data concentration.

Anjuna Confidential Cloud Use Cases

Confidential clouds can be used to protect enterprise data and applications in many ways, including:

Databases

  • Protect in-memory databases without losing speed or functionality
  • Extend protection to data at rest with the same solution
  • Maintain performance with minimal
    latency impact

Machine Learning Algorithms

  • Protect high-value algorithms stored in memory
  • Secure the algorithms and data at rest or on the network
  • Protect financial trading applications and other sensitive intellectual property (IP) from prying eyes

Application-to-Application Communications

  • Validate applications with secure enclave keys
  • Restrict communications to only specified applications
  • Ensure applications run on the expected target server
Secret/Key Management Applications
  • Secure both data and applications within secrets management platforms
  • Protect encryption keys, tokens, and passwords while data is in use
  • Solve the secret-zero problem

Sensitive Information Repositories and Applications

  • Safeguard personally identifiable information (PII)
  • Protect private keys, such as those used with Transport Layer Security (TLS), against bad actors

Simple and Secure, Confidential Clouds Are the Future

Confidential computing is well on the way to becoming standard practice in enterprise security, just as TLS (including https) and FileVault have become integrated into today’s IT environments. More than 20 industry leaders have come together to form the Confidential Computing Consortium to advance the adoption of secure enclaves in trusted execution environments (TEEs).

Confidential computing technology is now supported by nearly every server and cloud platform, including Intel, AMD, AWS Nitro Enclaves, Microsoft Azure, VMware, Google, Docker, Red Hat, and others.

Over time, enterprises will use confidential clouds to protect all of their assets. Why take the risk of running an insecure application or network, when a much more secure alternative is available that can be implemented simply and cost effectively?

Confidential Computing

The Confidential Computing Consortium was founded in 2019, under the auspices of the Linux Foundation to define and promote the adoption of confidential computing—the protection of data in use by performing computation in a hardware-based secure enclave, or Trusted Execution Environment (TEE).

More than 20 industry leaders have joined the group, including Alibaba, Anjuna, ARM, Baidu, Facebook, Google Cloud, IBM, Intel, Microsoft, Oracle, Red Hat, Tencent, and VMware.

Preparing for Confidential Cloud Adoption

IT teams will not want to take the risk of rolling out new technologies across an entire enterprise simultaneously. That’s why enterprises are now creating pilot programs that will test the viability of secure enclaves with a few critical applications, before moving to larger scale deployments.

Given that confidential clouds are becoming the industry standard, it makes good business sense to start exploring implementation strategies now. Anjuna can be your partner in deploying confidential clouds quickly and simply without impacting the productivity of your team.

About Anjuna

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily breached by insiders and malicious code, Anjuna leverages the strongest secure computing technologies available to make the public cloud the most secure computing resource available anywhere. Anjuna is based in Palo Alto, California.