Cloud applications must trust that the accuracy and security of the cloud infrastructure, and associated code, will ensure their classification and uprightness. For example, most of our banks host our transaction data in the cloud.
What if the infrastructure itself is compromised, or a hidden gateway in the OS/hypervisor is discovered that could compromise the application’s security or control its state? If that were to happen, the entire security of any sensitive data could be compromised.
So where can an enterprise turn? One proven approach is encryption. Encryption is an effective tool for data protection in the cloud and on premise; however, its use has been limited to protecting data at rest and data in motion. If security of the application or network is compromised, data at rest and data in motion remain encrypted and useless to an attacker.
When an application starts to run, its data in use becomes vulnerable to a variety of attacks – including malicious insiders, root users, credential compromise, OS zero-day exploits, and network intruders to name a few.
To protect applications and data at runtime, an isolated memory location called a secure enclave can be used to run the application in a trusted execution environment (TEE). A secure enclave is protected by locked-down hardware in the CPU that safeguards data being processed from attack and attempted access outside the TEE, and make it difficult for attackers to unscramble private data without legitimate approval even with the physical access to the infrastructure.
Think of secure enclaves as the magic boxes where sensitive data and application can be run without worrying about security, integrity and confidentiality. Even if the attacker has the root access or the infrastructure is compromised, the sensitive data remains secure. Examples of TEE include ARM’s TrustZone, AMD’s Secure Encrypted Virtualization (SEV), and Intel’s Trusted Execution Technology (TXT) and Software Guard Extensions (SGX).
Data breaches have long raised concerns about privacy and security of sensitive data in the cloud, but confidential computing powered by secure enclaves allows a variety of enterprise use cases to run in the cloud without compromising security.
A secure enclave guarantees confidentiality, integrity, and security for the application running within it. This is because a secure enclave enables applications to process encrypted data without the possibility of exposing plain-text data to the operating system or any other running process – including any form of malicious attack. In any cloud infrastructure, the data and applications running within the secure enclaves become inaccessible even to the cloud service provider.
Secure enclave-based computing covers a wide range of enterprise use cases. Some examples include:
- Containerized application: Containers make applications portable, increase resource efficiency, and improve developer productivity. The secure enclaves provide effective isolation to mitigate security risks in a production environment. Secure enclaves also protect containerized applications at runtime from host-level attacks.
- Secure and Private Analytics on Multi-Party Data Sources: Sensitive data (PII, PHI, trade secrets, confidential information, and so on) processed by certain applications (including Hadoop, R, Python, and TensorFlow) resides within tightly secured and controlled production environments within the trust boundary. Now, privacy and security of the data can assured in outside environments as well with secure enclaves.
- Key Management: Encryption is an effective tool to protect data; however, the risk then transfers to the encryption keys. A secure enclave-based key management solution delivers unmatched security by ensuring that only authorized users have access to the keys.
To conclude, this futuristic approach to cloud security is here today and has the potential to become the fundamental security building blocks for the enterprise. The fundamental value of enclaves is the ability to isolate the software and data from the underlying infrastructure (hardware or OS) by means of hardware-level encryption.
This means you can now run your sensitive applications and data on an untrusted infrastructure; namely public clouds and all other hosted environments. That’s right — you control the security and privacy of your applications and data when they run anywhere. You don’t have to trust your cloud provider.