This week, Amazon Web Services Inc. (AWS) announced the general availability of AWS Nitro Enclaves. AWS Nitro Enclaves makes it easy for customers to create isolated compute environments within Amazon Elastic Compute Cloud (Amazon EC2) instances to protect their highly sensitive workloads. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.
This week, Amazon Web Services Inc. (AWS) announced the general availability of AWS Nitro Enclaves. AWS Nitro Enclaves makes it easy for customers to create isolated compute environments within Amazon Elastic Compute Cloud (Amazon EC2) instances to protect their highly sensitive workloads. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.
According to Amazon, many customers across all industries have asked to further protect their highly sensitive data like personally identifiable information, financial data, healthcare records, intellectual property, and more on the AWS Cloud. The current options they have are protecting their data with access controls and using encryption while it is at rest and in transit. This problem with this method is that encryption does not cover data when it is unencrypted at the point of use. To protect unencrypted data during processing, customers often set up separate instance clusters for secure data configured with limited connectivity, restricted user access, and other strict isolations. When AWS customers do this, they need to protect against internal and external threats. They need to deal with complex situations involving multiple, mutually untrusted partners, vendors, customers, and employees.
AWS is addressing this challenge with the launch of AWS Nitro Enclaves. AWS Nitro Enclaves helps customers reduce the attack surface for their applications by providing a trusted, highly isolated, and hardened environment for data processing. Each Enclave is a virtual machine created using the same Nitro Hypervisor technology that includes CPU and memory isolation for Amazon EC2 instances, but with no persistent storage, no administrator or operator access, and no external networking. Applications running in an Enclave remain inaccessible to other users and systems, even to users within the customer’s organization.
Nitro Enclaves uses the same Nitro Hypervisor technology that creates the CPU and memory isolation among EC2 instances to create the isolation between an Enclave and an EC2 instance.
Customers can develop Enclave applications using the open-source AWS Nitro Enclaves SDK set of libraries. The AWS Nitro Enclaves SDK also integrates with AWS Key Management Service (KMS), allowing customers to generate data keys and decrypt them inside the Enclave. Nitro Enclaves also includes cryptographic attestation for customers’ software to be sure that only authorized code is running and integration with the AWS Key Management Service so that only their enclaves can access sensitive material.
AWS has also announced ACM for Nitro Enclaves. With this solution, customers can quickly isolate SSL/TLS certificates within an Enclave, making them usable by webservers on the instance while protecting them from access by other users or applications in the customer’s environment. SSL/TLS certificates are used to secure network communications and establish websites’ identities over the Internet or resources on private networks. ACM for Nitro Enclaves ensures that sensitive data associated with these certificates never leaves the Enclave, while also managing the revocation and renewal of certificates to reduce the need for manual monitoring and webserver reconfigurations when a certificate expires.
There are no additional charges for using AWS Nitro Enclaves other than the use of Amazon EC2 instances and any other AWS services that are used with Nitro Enclaves.
Availability
AWS Nitro Enclaves is available on most Intel and AMD-based Amazon EC2 instance types built on the AWS Nitro System (AWS Graviton2-based instance support is coming in the first half of 2021).
AWS Nitro Enclaves is now available in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with more regions coming soon.
Engage with StorageReview
Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed