Page cover image

Enclaive Multi Cloud Platform

EMCP is a platform to create, manage and maintain confidential workload in multi-cloud settings. Within seconds you can launch confidential workload. This documentation covers the main concepts.

This documentation is a work in progress and subject to updates and revisions. Keep an eye out for version changes and new additions to ensure you have the latest information.

Introduction

Any developer, handling sensitive data, particularly in cloud environments, faces the challenge of potential data exposure and compromise when relying solely on software-based security controls and the measures cloud service providers currently deploy. It is well-known software vulnerabilities persist, especially for those with access to lower layers of the computing stack only the cloud/data center is exclusively in charge of. Individuals with host access can easily retrieve data, rendering software-only security inadequate. Without hardware-backed roots of trust and trusted execution environments, software-based security remains the weakest link even in resilient infrastructures. This inadequacy fails to adequately protect data from attackers, insiders, or even cloud operators, hindering the migration of sensitive workloads to the cloud for many organizations.

Confidential Computing, an innovative technology, introduces a revolutionary approach to data protection. It secures the processing and handling of sensitive data through hardware-level technologies integrated into modern CPUs such as AMD-SEV, Intel SGX, Intel TDX, and ARM CCA. Cloud service providers like Azure, AWS, GCP have embraced these advancements in chip technology, making Confidential Computing features readily available. This enables organizations to securely process workloads using trusted hardware.

However, relying solely on hardware is not sufficient for widespread adoption of this new approach. Developers would need to restructure their applications and be proficient in kernel and cryptographic domains. Additionally, the diverse nature of Confidential Computing hardware could result in operational silos and increased management complexity.

Enclaive's Multi-Cloud Platform

Enclaive's Multi-Cloud Platform (EMCP) streamlines this process by providing a software platform that abstracts the underlying confidential CPU hardware. It directly interfaces with customers' applications at runtime, ensuring comprehensive protection of data in use, at rest, and in transit without necessitating application modifications. Furthermore, EMCP enables developers to fully leverage Confidential Computing while maintaining a consistent approach across various cloud platforms and processors.

Enclaive's multi cloud platform empowers developers to establish highly secure environments in the cloud, ensuring continuous encryption of data and verification of code authenticity. With EMCP, workloads remain confidential and trustworthy during execution, enabling enterprises to embrace cloud technology and drive innovation without fear of eavesdropping or tampering by attackers or insiders. Unlike traditional data security solutions, Confidential Computing, anchored in chip hardware, provides significantly heightened levels of trust, integrity, and security. EMCP enables enterprises to harness these advantages through its platform, safeguarding applications with minimal performance impact. Organizations can promptly secure all facets of data, memory, storage, networks, and cloud infrastructure without requiring application recoding.

Furthermore, EMCP supports multi-cloud and hybrid environments, requiring no specialized deployment or operational skills, thereby offering flexibility and ease of use. Enterprises rely on EMCP to migrate existing applications to the cloud with complete privacy, security, and isolation. It seamlessly integrates with applications, containers, and Kubernetes, executing workloads on trusted hardware processors or enclaves. Leveraging the robust attestation capabilities of the hardware, facilitated by EMCP, organizations can easily demonstrate the authenticity and integrity of their workloads, ensuring they operate on secure hardware. This capability enables organizations to establish the highest levels of trust in their applications.

Getting Started

DocumentationTutorials

Learn more

Key and Identity Access Management

Workload Identity Management

Confidential Virtualization

Confidential Kubernetes

Confidential Serverless Functions

Last updated