Say Yes to a Secure Presence in the Cloud
The move to cloud computing has been slowed by the legitimate concern about security. Before trusting sensitive data, applications, and algorithms to a cloud platform provider, enterprises want assurance that their intellectual property will remain secure.
The more third parties that can access your IT data and networks, the higher the risk of a breach. The nature of cloud deployments exposes enterprises to potential hacking and unauthorized incursions by individuals beyond the control of your own company. Employees and contractors of the IT cloud platform provider, as well as third parties who work with that provider, have authorized access to your data, network, and applications. Bad actors or nation-states can also present credentials that make them appear to be insiders.
Until now, cybersecurity solutions focused on detecting hacking and incursions, but detection is incomplete and not timely. A data breach at Capital One in early 2019 exposed the personal data of over 200 million bank customers and applicants. The perpetrator was a former employee of a cloud platform provider, who boasted online about what she’d done months earlier.
Yes: Prevention, Not Detection
Now there’s a way to say yes to the move to cloud computing. Preventing threats changes the focus from chasing malicious acts that have already occurred to maintaining secure resources and networks. Protecting data and applications is not sufficient. Memory and networks need to be protected as well.
Confidential clouds create an environment where the cloud provider, third parties, system administrations, and other can do their job--without keeping data and applications secure by default. This reduces the attack surfaces and creates an environment that is more secure than on-premises systems.
Confidential clouds start with secure enclaves delivered by cloud providers like AWS and Azure. Secure enclaves leverage CPU-level security features to deliver hardware-level encryption. Applications and data residing in these encrypted enclaves are rendered useless, even in cases when the host is completely compromised and the encrypted data is in hand. Enclaves can provide similar hardware protection for storage and network data—including that stored in clouds—for full stack security coverage of data, networks, and application.
Anjuna Enterprise Enclaves make these environments both secure and simple to implement, so that applications to be securely deployed anywhere enclave-based hardware is supported. Yes, this includes ALL clouds—private, public and hybrid—as well as containers, virtual machines, and bare-metal servers. Anjuna allows enterprises to execute anywhere—on premises or in the cloud—and still maintain secure control.
With Anjuna, moving to secure enclaves is fast and simple. No recoding or recompilation of applications is required, and there’s no need to use an SDK. Within just a few minutes, a secure enclave is established—without changes to applications or operations.
Yes: Multi-Platform and Multi-Cloud Support
Anjuna supports Intel and AMD platforms today and will shortly add support for Amazon Nitro Enclaves.
Workloads can be executed across any enclave platform without modification. Anjuna Enterprise Enclaves also run on Microsoft’s Azure confidential computing, with Azure Kubernetes Services (AKS), and integrated with Azure Key-Vault. This provides the flexibility to secure data and applications—no matter what server or cloud on which they are running.