Making Data Secure By Default
Keeping data secure while putting it to work has been an ongoing challenge since the beginning of modern computing.
Ever since computing systems were able to store large amounts of data, individuals with no right to that data have been exposed to it—resulting in breaches and data loss by both bad actors and trusted insiders.
Current methods and technologies only detect IT insider threats after the fact. While detection technologies continue to improve, the problem is detection usually happens long after your data has been compromised--and then it’s too late. All the layers of security and processes implemented by IT aren’t able to prevent hackers an unauthorized insiders from gaining access to sensitive data.
That’s because there’s a fundamental flaw in today’s computing infrastructure:Data cannot be simultaneously used and secured.
Why? All data—including applications, algorithms, and cryptographic keys—must be exposed and unencrypted in memory for the CPU to use them. This unencrypted memory, which may hold decrypted encryption keys and certificates, can be easily dumped without detection.
This means malicious insiders, unauthorized third parties, and other bad actors can gain easy and unfettered access.
The Most Effective Approach to Data Security
Now, there’s a new hardware-level approach being implemented by nearly every major hardware and cloud vendor. Secure enclaves establish a more secure, comprehensive solution that protects data, applications, and storage by default, wherever they’re executed and stored—on-premises, and in both private and public clouds.
A secure enclave provides CPU hardware-level memory encryption on every server, by isolating application code and data from anyone--regardless of administrative privileges--and encrypting its memory. With additional software, secure enclaves enable the encryption of both storage and network data for simple full stack security.
Prepare for the Move to Secure Enclaves
Ask your team these questions:
- How do you protect your sensitive applications and data in the public cloud?
- What are your cloud providers doing to address this ongoing insider threat?
- Do you have third party exposure? How do you protect your applications and data in untrusted geographies?
- Are you concerned with the possibility a government subpoena might demand access to customer data?
- Are you prepared to re-write applications to take advantage of secure enclaves?
- How important will it be to have a solution that can automatically move applications and data into a secure environment?
Hardware Support for Secure Enclave Technology
Hardware support in the form of secure enclaves was introduced by Intel as Software Guard Extensions (SGX). AMD also offers enclave functionality with its SEV technology, built into Epyc. Secure enclaves are being supported by nearly every server and cloud platform, including Intel, AMD, AWS Nitro Enclaves, Microsoft Azure confidential computing, VMware, Google Cloud, Docker, Red Hat, and more.
Keeping data secure by default changes the focus from identifying and chasing malicious acts that have already occurred to preventing them in the first place. It’s the difference between watching your data go out the door and preventing someone from ever being able to access the data at all.
Anjuna Makes it Simple
Until now, implementing secure enclaves was complex and costly. Applications had to be significantly rewritten and changes to IT processes were often needed. Each chip and cloud provider has its own SDK, requiring significant design, development, and testing resources—which makes the process expensive and time-consuming.
Anjuna’s “lift and shift” approach makes the deployment of secure enclaves simple and straightforward—without the need to rewrite or recompile the software.