# Use Cases

SEV, centered on the concept of hardware VMs, offers enhanced security across various use cases. Leveraging main memory encryption, SEV provides the same security advantages as SME, safeguarding against physical attacks as discussed earlier. Additionally, SEV can be employed to protect environments in the following scenarios:

### Cloud

<img src="/files/dijVNbG5TE1tejxjfFh4" alt="Encrypted VMs in the Cloud" class="gitbook-drawing">

With the exponential growth of cloud computing, especially Infrastructure as a Service (IaaS) data centers, computational power has become more affordable. However, this growth has brought security challenges, particularly concerning the trustworthiness of cloud infrastructure and personnel. Handling sensitive data like health records or trade secrets raises concerns, and sharing hardware among multiple customers may compromise various workloads. Despite the efforts of software designers, there have been instances where isolation measures have failed, leading to the exposure of sensitive code or data.

SEV addresses these challenges by elevating security in IaaS clouds, providing robust security isolation rooted in the hardware itself. While existing technologies like Microsoft's BitLocker® and LUKS protect data-at-rest on hard drives, SEV goes a step further by protecting data-in-use. This cryptographic protection ensures that customer workloads remain isolated from each other and are shielded from potential threats posed by the hosting software. Even a malicious administrator at a cloud data center would be unable to access data within a hosted VM.

### Sandboxing

<img src="/files/kj4Jnk2IG1uUfVhOR4nf" alt="Sandboxing" class="gitbook-drawing">

SEV utilizes hardware VM constructs to establish secure sandbox environments where software can execute while being protected from all other software on the system. These sandboxes can be as large as a full VM with its own disk and OS, or they can be smaller, providing more fine-grained isolation. For instance, SEV hardware can cryptographically isolate Docker containers from the host system, providing better protection for confidential data.

In both cloud and sandboxing scenarios, SEV brings hardware-based security measures that complement existing software-based protection, creating a more robust and resilient security environment.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/amd-sev/technology/fundamentals/use-cases.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.