Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Oct 28, 2020
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Oct 2020
Assess ?

Secure enclaves, also identified as trusted execution environments (TEE), refer to a technique that isolates an environment — processor, memory and storage — with a higher level of security and only provides a limited exchange of information with its surrounding untrusted execution context. For example, a secure enclave at the hardware and OS levels can create and store private keys and perform operations with them such as encrypt data or verify signatures without the private keys leaving the secure enclave or being loaded in the untrusted application memory. Secure enclave provides a limited set of instructions to perform trusted operations, isolated from an untrusted application context.

The technique has long been supported by many hardware and OS providers (including Apple), and developers have used it in IoT and edge applications. Only recently, however, has it gained attention in enterprise and cloud-based applications. Cloud providers have started to introduce confidential computing features such as hardware-based secure enclaves: Azure confidential computing infrastructure promises TEE-enabled VMs and access through the Open Enclave SDK open-source library to perform trusted operations. Similarly, GCP Confidential VMs and Compute Engine, still in beta, allow using VMs with data encryption in memory, and AWS Nitro Enclaves is following them with its upcoming preview release. With the introduction of cloud-based secure enclaves and confidential computing, we can add a third pillar to data protection: in rest, in transit and now in memory.

Even though we're still in the very early days of secure enclaves for enterprise, we encourage you to consider this technique, while staying informed about known vulnerabilities that can compromise the secure enclaves of the underlying hardware providers.

Download the PDF

 

 

English | Español | Português | 中文

Sign up for the Technology Radar newsletter

 

Subscribe now

Visit our archive to read previous volumes