TECHNOLOGY
Enterprise-ready cyber security designed for developers
Understand what Confidential Computing is and how our solution helps to make this powerful technology accessible.
TECHNOLOGY
Enterprise-ready cyber security designed for developers
Understand what Confidential Computing is and how our solution helps to make this powerful technology accessible.
Confidential Computing
Confidential Computing protects applications and data in use by performing computations in so-called trusted execution environments (TEEs). These secure and isolated environments leverage security features provided by CPU vendors and prevent unauthorized access or modification of applications and data while in use, thereby increasing and solidifying the security for organizations that manage sensitive data or applications.
Confidential Computing
Confidential Computing protects applications and data in use by performing computations in so-called trusted execution environments (TEEs). These secure and isolated environments leverage security features provided by CPU vendors and prevent unauthorized access or modification of applications and data while in use, thereby increasing and solidifying the security for organizations that manage sensitive data or applications.
STAGES WITH EXISTING ENCRYPTION
NEW ENCRYPTION
STAGES WITH EXISTING ENCRYPTION
NEW ENCRYPTION
How can businesses leverage Confidential Computing?
Several steps are involved in the process of Confidential Computing. An environment in the form of an encrypted container has to be created around the application (1), so it runs inside a TEE. The encrypted container can then be deployed on Intel-SGX capable servers (2) using our pre-configured secure Kubernetes cluster (3). Finally, the integrity and genuineness of the TEE and the hash of the binary it is executing can be proven and verified (4).
At Securitee, we offer the secure infrastructure with pre-configured secure Kubernetes cluster (2) + (3), some pre-configured environments as well as support in the environment creation process as a service (1). We also cover the process of remote attestation (4) as a service.
Environment creation
Using docker and additional lines of code, a container is created that packages up code and all its depen-dencies, so the application runs seamlessly in a TEE.
Infrastructure deployment
Leveraging TEEs requires special servers that support Intel Software Guard Extension (SGX) technology – our bare-metal servers are hosted at OVHcloud in EU.
Environment management
Our infrastructure comes with pre-configured secure Kubernetes that orchestrates containers, ensuring that these run on TEE servers and can be scaled up.
Remote attestation
Clients can register with Intel or use our decentralized attestation service to authenticate TEEs and prove that the binary executed has not been tampered with.
How can businesses leverage Confidential Computing?
Several steps are involved in the process of Confidential Computing. An environment in the form of an encrypted container has to be created around the application (1), so it runs inside a TEE. The encrypted container can then be deployed on Intel-SGX capable servers (2) using our pre-configured secure Kubernetes cluster (3). Finally, the integrity and genuineness of the TEE and the hash of the binary it is executing can be proven and verified (4).
At Securitee, we offer the secure infrastructure with pre-configured secure Kubernetes cluster (2) + (3), some pre-configured environments as well as support in the environment creation process as a service (1). We also cover the process of remote attestation (4) as a service.
Environment creation
Using docker and additional lines of code, a container is created that packages up code and all its depen-dencies, so the application runs seamlessly in a TEE.
Infrastructure deployment
Leveraging TEEs requires special servers that support Intel Software Guard Extension (SGX) technology – our bare-metal servers are hosted at OVHcloud in EU.
Environment management
Our infrastructure comes with pre-configured secure Kubernetes that orchestrates containers, ensuring that these run on TEE servers and can be scaled up.
Remote attestation
Clients can register with Intel or use our decentralized attestation service to authenticate TEEs and prove that the binary executed has not been tampered with.
How to verify that everything is running securely and genuinely?
A crucial process step when using TEE technology is remote attesation, which verifies that you are deploying to an authenticated genuine TEE. Once a TEE is verified, the attestation service also enables to verify the genuiness of the data and process running within the enclave. Securitee’s offering is compatible with two remote attestation services:
Intel remote attestation service
Clients can register with Intel and use its remote attestation service, ensuring that the software is running
How to verify that everything is running securely and genuinely?
A crucial process step when using TEE technology is remote attesation, which verifies that you are deploying to an authenticated genuine TEE. Once a TEE is verified, the attestation service also enables to verify the genuiness of the data and process running within the enclave. Securitee’s offering is compatible with two remote attestation services:
Intel remote attestation service
Clients can register with Intel and use its remote attestation service, ensuring that the software is running
Features
Our patented solution allows unmodified applications to be run inside docker containers within Intel SGX enclaves. These secure and isolated environments prevent unauthorized access or modification of applications and data in-use, while providing the necessary system support for complex applications and for programming language runtimes.
Runtime Encryption
Data and applications during runtime are exposed to significant risks, as malware can attack the contents of memory at this stage. Our solution protects your digital asssets when they are at their most vulnerable.
Unmodified Applications
Our solution uses latest intel SGX hardware enclave technologies to protect sensitive information of a wide field of applications as well as the conversion of existing docker images.
Maximum Flexibility
Whether you would like build an environment for a specific app or leverage a pre-configured one. Whether you need few RAM, storage etc. or significant capacities – our solution is fully configurable to meet your needs.
Hardware-Based Security
Rather than relying on software alone to manage access to resources, our solution provides security as part of a hardware platform. This is what we call a trusted execution environment (TEE) – using Intel SGX hardware.
Regulatory Adherence
The development and rapid change of regulatory requirements for data privacy represents a significant challenge. This is particularly true in Europe with the GDPR legislation. Our solution provides security by design, thereby promoting regulatory compliance.
Ease & Simplicity of Use
With our intuitive client portal, which includes comprehensive user guides, you can easily book and manage the secure infrastructure that suits your needs best. Seamlessly scale up by adding additional server capacity at anytime – enabled by our secure Kubernetes cluster setup.
Features
Our patented solution allows unmodified applications to be run inside docker containers within Intel SGX enclaves. These secure and isolated environments prevent unauthorized access or modification of applications and data in-use, while providing the necessary system support for complex applications and for programming language runtimes.
Runtime Encryption
Data and applications during runtime are exposed to significant risks, as malware can attack the contents of memory at this stage. Our solution protects your digital asssets when they are at their most vulnerable.
Unmodified Applications
Our solution uses latest intel SGX hardware enclave technologies to protect sensitive information of a wide field of applications as well as the conversion of existing docker images.
Maximum Flexibility
Whether you would like build an environment for a specific app or leverage a pre-configured one. Whether you need few RAM, storage etc. or significant capacities – our solution is fully configurable to meet your needs.
Hardware-Based Security
Rather than relying on software alone to manage access to resources, our solution provides security as part of a hardware platform. This is what we call a trusted execution environment (TEE) – using Intel SGX hardware.
Regulatory Adherence
The development and rapid change of regulatory requirements for data privacy represents a significant challenge. This is particularly true in Europe with the GDPR legislation. Our solution provides security by design, thereby promoting regulatory compliance.
Ease & Simplicity of Use
With our intuitive client portal, which includes comprehensive user guides, you can easily book and manage the secure infrastructure that suits your needs best. Seamlessly scale up by adding additional server capacity at anytime – enabled by our secure Kubernetes cluster setup.
Contact Us
Impressum
Securitee UG (haftungsbeschränkt)
c/o WeWork
Kemperplatz 1, DE-10785 Berlin
HRB 233040 B (Amtsgericht Charlottenburg)
USt-IdNr.: DE347053443
Geschäftsführer: Waldemar Scherer
info@securitee.tech
Contact Us
Impressum
Securitee UG (haftungsbeschränkt)
c/o WeWork
Kemperplatz 1, DE-10785 Berlin
HRB 233040 B (Amtsgericht Charlottenburg)
USt-IdNr.: DE347053443
Geschäftsführer: Waldemar Scherer
info@securitee.tech
