Secure Data By Default
Keeping data secure while putting it to work has been an ongoing challenge since the beginning of modern computing.
Those with no right to that data have been unintentionally exposed to it by default—resulting in data over exposure, breaches and loss to bad actors, malware and trusted insiders.
That over exposure is the result of a fundamental flaw in today’s computing infrastructure:Data cannot be simultaneously used and secured.
Why? All data—including applications, algorithms, and cryptographic keys—must be exposed before a CPU can use them. Exposed memory, which holds, for example, encryption keys and certificates, can be easily dumped without detection using commonly available software tools.
This means malicious insiders, unauthorized third parties, and other bad actors can gain easy and unfettered access no matter how many layers of perimeter security put in place.
The Most Effective Approach to Data Security
Now, there’s a new hardware-level approach being implemented by nearly every major hardware and cloud vendor.Secure enclaves establish a more secure, comprehensive solution that protects data, applications, and storage by default, wherever they’re executed and stored—in public and private cloud sand even on-premise.
A secure enclave provides CPU hardware-level memory isolation and/or encryption on every server, by isolating sensitive application code and data from everyone regardless of administrative privileges. With additional software, secure enclaves enable the encryption of both storage and network data for simple full stack security across multiple cloud providers.
Prepare for the Move to Confidential Cloud
Ask your team these questions:
- How do you protect your sensitive applications and data in the public cloud?
- What are your cloud providers doing to address this ongoing insider threat?
- Do you have third party exposure? How do you protect your applications and data in untrusted geographies?
- Are you concerned with the possibility a government subpoena might demand access to customer data?
- Are you prepared to re-write applications to take advantage of secure enclaves?
- How important will it be to have a solution that can automatically move applications and data into a secure environment?
Hardware Support for the Confidential Cloud Technology
Hardware support in the form of secure enclaves was introduced by Intel as Software Guard Extensions (SGX). AMD also offers enclave functionality with its SEV technology, built into Epyc, and AWS includes it with Nitro Enclaves. This technology is being supported by nearly every server and cloud platform, including AWS Nitro Enclaves, Microsoft Azure confidential computing, VMware, Google Cloud, Docker, Red Hat, and more.
Keeping data secure by default changes the focus from identifying and chasing malicious acts that have already occurred to preventing them in the first place. It’s the difference between watching your data go out the door and preventing someone from ever being able to access the data at all.
Anjuna Makes it Simple
Until now, implementing confidential computing was complex, disruptive and costly. Applications had to be significantly rewritten and changes to IT processes were often needed. Each chip and cloud provider has its own SDK, requiring significant design, development, and testing resources—which makes the process expensive and time-consuming
Anjuna’s “lift and shift” approach makes the deployment of confidential clouds simple and straightforward—without the need to rewrite or recompile the software. Because Anjuna software is deploys invisibly, applications, data, IT staff and processes work without disruption or modification even as data is fully secured.