Many customers across all industries have asked for help to further protect their highly sensitive data like personally identifiable information, financial data, healthcare records, intellectual property, and more – including from internal users within their own accounts. Today, customers can protect their data with access controls and by using encryption while it is at rest and in transit, but encryption does not protect data when it is unencrypted at the point of use (e.g. a healthcare recommendations algorithm must have access to unencrypted patient data). One solution is to remove much of the functionality that an instance provides for general-purpose computing (e.g. networking, the ability to log into an instance, the capability to store and retrieve data, etc.), but doing so renders the rest of the instance less useful. To protect unencrypted data during processing, customers often set up separate instance clusters for secure data configured with limited connectivity, restricted user access, and other strict isolations. However, the possibility of human error in the setup and administration of such complex custom systems can lead to availability issues or security oversights, and managing these extra instances is an operational burden, an organizational bottleneck, and expensive.
With AWS Nitro Enclaves, customers simply select an instance type and decide how much CPU and memory they want to designate to the Enclave. AWS Nitro Enclaves provides the flexibility to partition varying combinations of CPU cores and memory, enabling customers to match resources to the size and performance demands of their workloads. Customers can develop Enclave applications using the open source AWS Nitro Enclaves SDK set of libraries. The AWS Nitro Enclaves SDK also integrates with AWS Key Management Service (KMS), allowing customers to generate data keys and to decrypt them inside the Enclave. With ACM for Nitro Enclaves, customers can easily isolate SSL/TLS certificates within an Enclave, making them usable by webservers on the instance while protecting them from access by other users or applications in the customer’s environment. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet or resources on private networks. ACM for Nitro Enclaves ensures that sensitive data associated with these certificates never leaves the Enclave, while also managing the revocation and renewal of certificates to reduce the need for manual monitoring and webserver reconfigurations when a certificate expires.
“Customers often tell us that powerful built-in protections like the locked-down security model of the Nitro System are among the primary reasons why they trust AWS with their workloads,” said
AWS Nitro Enclaves is available on the majority of Intel and AMD-based
Anjuna provides simple, secure, enterprise-ready application and data protection against malicious software, IT insiders, and bad actors. “Our customers come to Anjuna because they want a simple way to get their applications up and running in a secure, isolated compute environment,” said
castLabs pioneers software and cloud services for digital video markets worldwide. “As a globally operating cloud service provider handling our clients’ most valuable data and encryption keys, we’re striving to achieve the highest levels of data security, isolation, and trust,” said
Evervault provides simple SDKs for developers to encrypt sensitive data as it enters their infrastructure, and to process that data without ever exposing it. “Our mission is to encrypt the internet,” said
Discussion about this post