TECHNOLOGY

Enterprise-ready cyber security designed for developers

Understand what Confidential Computing is and how our solution helps to make this powerful technology accessible.

TECHNOLOGY

Enterprise-ready cyber security designed for developers

Understand what Confidential Computing is and how our solution helps to make this powerful technology accessible.

Confidential Computing

Confidential Computing protects applications and data in use by performing computations in so-called trusted execution environments (TEEs). These secure and isolated environments leverage security features provided by CPU vendors and prevent unauthorized access or modification of applications and data while in use, thereby increasing and solidifying the security for organizations that manage sensitive data or applications.

Confidential Computing

Confidential Computing protects applications and data in use by performing computations in so-called trusted execution environments (TEEs). These secure and isolated environments leverage security features provided by CPU vendors and prevent unauthorized access or modification of applications and data while in use, thereby increasing and solidifying the security for organizations that manage sensitive data or applications.

STAGES WITH EXISTING ENCRYPTION
NEW ENCRYPTION
STAGES WITH EXISTING ENCRYPTION
NEW ENCRYPTION

How can businesses leverage Confidential Computing?

Several steps are involved in the process of Confidential Computing. An environment in the form of an encrypted container has to be created around the application (1), so it runs inside a TEE. The encrypted container can then be deployed on Intel-SGX capable servers (2) using our pre-configured secure Kubernetes cluster (3). Finally, the integrity and genuineness of the TEE and the hash of the binary it is executing can be proven and verified (4).

At Securitee, we offer the secure infrastructure with pre-configured secure Kubernetes cluster (2) + (3), some pre-configured environments as well as support in the environment creation process as a service (1). We also cover the process of remote attestation (4) as a service.

How can businesses leverage Confidential Computing?

Several steps are involved in the process of Confidential Computing. An environment in the form of an encrypted container has to be created around the application (1), so it runs inside a TEE. The encrypted container can then be deployed on Intel-SGX capable servers (2) using our pre-configured secure Kubernetes cluster (3). Finally, the integrity and genuineness of the TEE and the hash of the binary it is executing can be proven and verified (4).

At Securitee, we offer the secure infrastructure with pre-configured secure Kubernetes cluster (2) + (3), some pre-configured environments as well as support in the environment creation process as a service (1). We also cover the process of remote attestation (4) as a service.

How to verify that everything is running securely and genuinely?

A crucial process step when using TEE technology is remote attesation, which verifies that you are deploying to an authenticated genuine TEE. Once a TEE is verified, the attestation service also enables to verify the genuiness of the data and process running within the enclave. Securitee’s offering is compatible with two remote attestation services:

Intel remote attestation service

Clients can register with Intel and use its remote attestation service, ensuring that the software is running

  • inside an Intel® Software Guard Extension (Intel® SGX) enclave

  • on a fully updated system at the latest security level
  • genuinely, i.e., that the software has not been tampered with

Integritee public attestation

Integritee Attesteer – a decentralized remote attestation service. We take care of the process and register a confirmation of the attestation on our blockchain, providing you with the following benefits:

  • Obtain the same information as with the Intel attestation service
  • Fully automated, effortless process
  • Transparency by design, as the result is registered on the blockchain – immutable and verifiable for everyone

How to verify that everything is running securely and genuinely?

A crucial process step when using TEE technology is remote attesation, which verifies that you are deploying to an authenticated genuine TEE. Once a TEE is verified, the attestation service also enables to verify the genuiness of the data and process running within the enclave. Securitee’s offering is compatible with two remote attestation services:

Intel remote attestation service

Clients can register with Intel and use its remote attestation service, ensuring that the software is running

  • inside an Intel® Software Guard Extension (Intel® SGX) enclave

  • on a fully updated system at the latest security level
  • genuinely, i.e., that the software has not been tampered with

Integritee public attestation

Integritee Attesteer – a decentralized remote attestation service. We take care of the process and register a confirmation of the attestation on our blockchain, providing you with the following benefits:

  • Obtain the same information as with the Intel attestation service
  • Fully automated, effortless process
  • Transparency by design, as the result is registered on the blockchain – immutable and verifiable for everyone

Features

Our patented solution allows unmodified applications to be run inside docker containers within Intel SGX enclaves. These secure and isolated environments prevent unauthorized access or modification of applications and data in-use, while providing the necessary system support for complex applications and for programming language runtimes.

Runtime Encryption

Data and applications during runtime are exposed to significant risks, as malware can attack the contents of memory at this stage. Our solution protects your digital asssets when they are at their most vulnerable.

Unmodified Applications

Our solution uses latest intel SGX hardware enclave technologies to protect sensitive information of a wide field of applications as well as the conversion of existing docker images.

Maximum Flexibility

Whether you would like build an environment for a specific app or leverage a pre-configured one. Whether you need few RAM, storage etc. or significant capacities – our solution is fully configurable to meet your needs.

Hardware-Based Security

Rather than relying on software alone to manage access to resources, our solution provides security as part of a hardware platform. This is what we call a trusted execution environment (TEE) – using Intel SGX hardware.

Regulatory Adherence

The development and rapid change of regulatory requirements for data privacy represents a significant challenge. This is particularly true in Europe with the GDPR legislation. Our solution provides security by design, thereby promoting regulatory compliance.

Ease & Simplicity of Use

With our intuitive client portal, which includes comprehensive user guides, you can easily book and manage the secure infrastructure that suits your needs best. Seamlessly scale up by adding additional server capacity at anytime – enabled by our secure Kubernetes cluster setup.

Features

Our patented solution allows unmodified applications to be run inside docker containers within Intel SGX enclaves. These secure and isolated environments prevent unauthorized access or modification of applications and data in-use, while providing the necessary system support for complex applications and for programming language runtimes.

Runtime Encryption

Data and applications during runtime are exposed to significant risks, as malware can attack the contents of memory at this stage. Our solution protects your digital asssets when they are at their most vulnerable.

Unmodified Applications

Our solution uses latest intel SGX hardware enclave technologies to protect sensitive information of a wide field of applications as well as the conversion of existing docker images.

Maximum Flexibility

Whether you would like build an environment for a specific app or leverage a pre-configured one. Whether you need few RAM, storage etc. or significant capacities – our solution is fully configurable to meet your needs.

Hardware-Based Security

Rather than relying on software alone to manage access to resources, our solution provides security as part of a hardware platform. This is what we call a trusted execution environment (TEE) – using Intel SGX hardware.

Regulatory Adherence

The development and rapid change of regulatory requirements for data privacy represents a significant challenge. This is particularly true in Europe with the GDPR legislation. Our solution provides security by design, thereby promoting regulatory compliance.

Ease & Simplicity of Use

With our intuitive client portal, which includes comprehensive user guides, you can easily book and manage the secure infrastructure that suits your needs best. Seamlessly scale up by adding additional server capacity at anytime – enabled by our secure Kubernetes cluster setup.

Contact Us

Impressum

Securitee UG (haftungsbeschränkt)
c/o Web3hub
Möckernstrasse 120, 10963 Berlin
HRB 233040 B (Amtsgericht Charlottenburg)
USt-IdNr.: DE347053443
Geschäftsführer: Waldemar Scherer
info@securitee.tech

Contact Us

Impressum

Securitee UG (haftungsbeschränkt)
c/o Web3hub
Möckernstrasse 120, 10963 Berlin
HRB 233040 B (Amtsgericht Charlottenburg)
USt-IdNr.: DE347053443
Geschäftsführer: Waldemar Scherer
info@securitee.tech