Looking for enclaive's confidential multi-cloud solution. Click here.


Lever­ag­ing enclaive’s Con­fi­den­tial Mul­ti-Cloud of Choice


As busi­ness­es become more reliant on dig­i­tal tech­nolo­gies, the risk of data breach­es and cyber­se­cu­ri­ty threats increas­es expo­nen­tial­ly. Giv­en the con­cerns about Infor­ma­tion and IP secu­ri­ty, busi­ness­es across indus­tries, even beyond the high­ly reg­u­lat­ed ones, such as health­care, fin­tech, and the pub­lic sec­tor, are increas­ing­ly con­cerned about their capa­bil­i­ty to cap­ture the ben­e­fit of mov­ing work­loads to the cloud. Now, while most eyes and ears are on Cloud Com­put­ing, a new­er, more pow­er­ful tech­nol­o­gy has emerged and made its way into the head­lines: Con­fi­den­tial Cloud Computing.

The Rise of Con­fi­den­tial Cloud Computing

Yes, cloud com­put­ing has become one of the most pop­u­lar meth­ods of IT deliv­ery, and with good rea­son: it offers busi­ness­es a num­ber of advan­tages, such as scal­a­bil­i­ty, cost-effec­tive­ness, and effi­cien­cy. How­ev­er, not all cloud envi­ron­ments are cre­at­ed equal. Con­fi­den­tial Com­put­ing is a new par­a­digm of cloud com­put­ing that offers a need­ed extra lay­er of secu­ri­ty and pri­va­cy pro­tec­tion for busi­ness­es data. Basi­cal­ly, Con­fi­den­tial Cloud Com­put­ing is an essen­tial cloud-enabling tech­nol­o­gy to base data-dri­ven SaaS and PaaS appli­ca­tions on sol­id foun­da­tions. Lever­ag­ing this tech­nol­o­gy, we can now change the con­ver­sa­tion from “mov­ing to the cloud at any cost” to “mov­ing to a con­fi­den­tial cloud with con­fi­dence and ease”. 

To ease and sim­pli­fy the devel­op­ment of Con­fi­den­tial Com­pute envi­ron­ments, and save devel­op­ers and busi­ness­es time and costs, enclaive has devel­oped an arse­nal of enter­prise-ready Con­fi­den­tial Com­pute Con­tain­ers and Services. 

A con­tain­er is the most essen­tial com­po­nent of a cloud appli­ca­tion. In its sim­plest form, it is an appli­ca­tion. Con­tain­ers can be effi­cient­ly start­ed, stopped, or migrat­ed and composed.

A Con­fi­den­tial Con­tain­er dif­fers from a nor­mal con­tain­er in that it is encrypt­ed and authen­ti­cat­ed. Appli­ca­tions are start­ed in an enclave. For this pur­pose, the CPU reserves an area of phys­i­cal mem­o­ry before the boot process. A process that the oper­at­ing sys­tem loads into the area is encrypt­ed by the CPU. Only the CPU knows the key, which is fresh­ly gen­er­at­ed after each boot process derived from a unique hard­ware key.

Putting it all togeth­er, our large port­fo­lio is a sol­id col­lec­tion of open-source appli­ca­tions and ser­vices to build, test, and deploy a pletho­ra of cloud appli­ca­tions. Enclaive enables busi­ness­es to take any con­tain­er appli­ca­tion or pro­gram and run it with just a few clicks in a ful­ly secure envi­ron­ment. And the best part: you do not need to change appli­ca­tion code, CI/CD build pipelines, and DevOps for this.

Why should busi­ness­es choose enclaive’s mul­ti-cloud environments?

With enclaive’s con­fi­den­tial mul­ti-cloud ecosys­tem, busi­ness­es can now build, deploy and scale any appli­ca­tions on a com­plete­ly Con­fi­den­tial Cloud Com­put­ing ecosys­tem. Its com­pute envi­ron­ments are so secure, even the cloud provider can’t see inside. By lever­ag­ing Con­fi­den­tial Com­pute, data, and code are now iso­lat­ed from the cloud provider, effec­tive­ly sep­a­rat­ing the infra­struc­ture lay­er from the appli­ca­tion log­ic. It brings a bun­dle of many impor­tant capa­bil­i­ties to any cloud infra­struc­ture, including

  1. Data in Use Encryp­tion. Every con­tain­er shields appli­ca­tions and data dur­ing exe­cu­tion. In the event of a con­tain­er escape, an attack­er may esca­late priv­i­leges and gain root access to the under­ly­ing sys­tem. Nev­er­the­less, even with access to the host sys­tem, the attack­er can­not extract valu­able data and secrets from the oth­er con­tain­ers. The rea­son for this is, con­fi­den­tial con­tain­ers are ful­ly mem­o­ry encrypt­ed and pro­tect­ed through­out their exe­cu­tion. Dump­ing the mem­o­ry results in cipher­texts only. Attempts to alter the mem­o­ry or file sys­tem are detect­ed through cryp­to­graph­ic integri­ty pro­tec­tion. With enclaive, you can cre­ate secure envi­ron­ments to keep your work­load encrypt­ed while in use.
  2. Con­tain­er Secret Key Pro­vi­sion­ing. Secrets like envi­ron­ment vari­ables, files, pass­words, or cryp­to­graph­ic keys are nev­er stored in a con­fi­den­tial con­tain­er. A key man­age­ment ser­vice (KMS) pro­vi­sions the secrets into the con­fi­den­tial con­tain­er through a TLS-like pro­to­col. The KMS ver­i­fies the authen­tic­i­ty of the con­tain­ers and ensures only the right con­fi­den­tial con­tain­ers obtain the secrets.
  3. Con­tain­er Authen­ti­ca­tion & Attes­ta­tion. Con­fi­den­tial Con­tain­ers have a cryp­to­graph­ic iden­ti­ty. The author­ship is ver­i­fi­able, allow­ing the imple­men­ta­tion of fin­er-grained white-label­ing mech­a­nisms as well as proac­tive user pro­tec­tion: Remote attes­ta­tion allows for on-the-fly scan­ning of out­dat­ed or vul­ner­a­ble con­tain­ers in use based on their cryp­to­graph­ic identity. 
  4. Per­for­mance-dri­ven. Data-in-use encryp­tion comes with no per­for­mance over­head due to hard­ware-accel­er­at­ed encryp­tion. enclaive’s con­fi­den­tial prod­ucts pro­vide a unique lev­el of iso­la­tion and pro­tec­tion of work­loads. Thanks to its con­fi­den­tial capa­bil­i­ties, enclaive makes sure that any appli­ca­tion or data­base can be quick­ly and eas­i­ly set up with­in a high-per­for­mance and high-secure clus­ter, with min­i­mal input from your DevOps. This enables your devel­op­er teams to focus on busi­ness val­ue, while enclave pro­vides you with a secure solu­tion that meets demand­ing per­for­mance standards.
  5. Inte­grate with mul­ti­ple clouds. enclaive inte­grates with hyper-scaler and major region­al cloud providers to deliv­er effi­cient, reli­able, and secure cloud envi­ron­ments for all customers.

Use Case: Enclaive’s Con­fi­den­tial Con­tain­ers for Azure’s DCs-Series

While the Azure team did some won­der­ful work to pro­vide CC-ready com­pute infra­struc­tures, the miss­ing build­ing blocks are CC-ready appli­ca­tions. To ease and sim­pli­fy the devel­op­ment of CC appli­ca­tions, and save devel­op­er time and costs, enclaive has devel­oped an arse­nal of con­fi­den­tial com­pute con­tain­ers cov­er­ing what we call “The Base” stack. 

Get­ting Start­ed: 3 steps to a Con­fi­den­tial Cloud

Enclaive’s “The Base” Con­tain­ers are a sol­id col­lec­tion of open-source appli­ca­tions to build, test and deploy a pletho­ra of cloud appli­ca­tions. They are com­pat­i­ble with DevOps best prac­tices like Dock­er, Kuber­netes, and Open­Shift. All they require to be exe­cut­ed is a VM sup­port­ing Intel SGX tech­nol­o­gy (DCsv2/D­Csv3-series).

Quick­start: Avail­able on Azure Marketplace

The Base is also avail­able on the Azure Mar­ket­place

Build via GitHub

To run a con­fi­den­tial com­pute base con­tain­er, set up a VM and pull the image:

      1.  Con­fig­ure an Azure DCs-series VM

Note, in the con­fig­u­ra­tion, all dri­vers are upstreamed.

      2.  Pull the con­fi­den­tial con­tain­er from the enclaive’s GitHub repository

      3.  Start (build­ing) the container


Enclaive’s mis­sion is to ease the devel­op­ment of con­fi­den­tial com­pute envi­ron­ments and help devel­op­ers, DevOps, and busi­ness­es to deploy con­fi­dent­ly in con­fi­den­tial clouds. The enclaive mul­ti-cloud plat­form pro­vides busi­ness­es with a pow­er­ful solu­tion for iso­lat­ing and pro­tect­ing work­loads from exter­nal or inter­nal threats. For the very first time, infra­struc­ture and appli­ca­tion log­ic are sep­a­rat­ed. Lever­ag­ing con­fi­den­tial com­put­ing, data, and code are iso­lat­ed from the cloud provider at all times. By lever­ag­ing con­fi­den­tial com­pute tech­nol­o­gy, enclaive enhances stan­dard cloud lay­ers with a pre­vi­ous­ly miss­ing secu­ri­ty attribute. By default, your data and appli­ca­tion are encrypt­ed at rest, in tran­sit, and while in use. 

Get in touch via contact@enclaive.io to explore how enclaive tech­nol­o­gy helps you. Join us on Dis­cord to become part of the grow­ing open-source enclaive community.


The respec­tive trade­marks men­tioned in the offer­ing are owned by the respec­tive com­pa­nies, and their use of them does not imply any affil­i­a­tion or endorsement.

Contact us

Cookie Consent with Real Cookie Banner