By Ambuj Kumar, co-founder and CEO, Fortanix
Development and deployment of container-based software has become a popular movement in technology. Docker, and container technology in general, has redefined cloud computing and offers significant benefits to developers and companies, including efficiency, cost savings, consistency, reliability, and scalability for the entire DevOps processes. However, for enterprises running sensitive applications at scale using Docker, securing and maintaining the integrity of cloud containers is a critical aspect of DevOps.
A new approach proving effective is to run the cloud containers in a trusted execution environment (TEE), also known as a secure enclave, a technology that removes the risk associated with trusting the infrastructure or a user. Even if the infrastructure is comprised or the root user is hacked, the application remains secure and encrypted, unusable by attackers.
As an example: An employee, Bill, has decided to roll out a hotel reservation website using Kubernetes to scale and handle peak loads. Since the website will also collect guests’ personal information, security is a prime concern for Bill, so he reaches out to Lori, the CISO, with a plan for security that includes database encryption and TLS. Lori offers the tough question: “What about data in use?” She knows that even if data is carefully safeguarded while at rest and when exchanged over secure channels such TLS, data gets decrypted for use in memory, making software containers a good attack target for hackers in the cloud.
Bill does his homework and decides that running security-critical services in secure enclaves is the only way to satisfy Lori’s security requirements. However, this also introduces various challenges to system administrators and developers.
Secure enclaves involve making OCALLS (a new set of hardware instructions), instead of standard system calls, so now the applications need to be heavily refactored. This is almost impossible if applications are written in popular programming languages such as Java or Python.
Simply running an application (or its sensitive parts) within an enclave is not entirely sufficient. To fully utilize the security guarantees of a secure enclave, the user must also verify the integrity of the application, including whether it is running unmodified inside a secure enclave. Some secure enclaves provide a way for users to achieve this using remote attestation. The remote attestation flow is complex, depends on an external attestation service, and requires modifications to the application setup. When running applications at scale, it becomes difficult to track the attestation status of every instance and apply software patches.
The security guarantees delivered by some secure enclave technology are promising, but by themselves introduce a level of cost and complexity. Another new technology called confidential computing is proving to be a successful approach to addressing these challenges. Confidential computing platforms, when combined with secure enclaves, enable data in containers to be securely executed inside the secure enclave without the cost and complexity of using a secure enclave alone.
The confidential computing approach involves decrypting and analyzing data only when it is within a secure enclave protected by certain hardware technologies. Confidential computing enables software to safely run in a secure enclave, creates keys to decrypt data, runs the analysis, and encrypts the result. Other than cloud computing, there are practically no solutions available which let organizations run containers in the cloud securely, while adhering to regulations and privacy.
Confidential computing can help organizations meet compliance requirements for regulations such as GDPR, CCPA (the California Consumer Privacy Act), and other similar regulations. It also provides fine-grained access controls for the datasets in use in containers. With this new approach, the aggregate data is never exposed outside the secure enclave. Private analytics with confidential computing are easy to use, efficient, and offer a scalable approach which is critical for deploying containers.
Organizations can monitor the lifecycle of secure enclaves that run the container applications with confidential computing, which provides unique features such remote attestation, geolocation enforcement, DRM, secret injections, and more. In addition, the platform seamlessly integrates with existing container orchestration technologies, including Kubernetes, Docker Swarm, and OpenShift.
Containerization offers significant advantages to organizations, but only if they can keep their cloud data safe. Confidential computing leveraging secure enclaves technology offers an effective, easy-to-use and low-cost solution to what was previously an unaddressed inhibitor to securely migrating to the cloud.
About the Author
Ambuj Kumar is co-founder and CEO of Fortanix, creator of Runtime Encryption® technology. In his career, Ambuj has built technologies and products that secure billions of devices. Ambuj is a prolific inventor with more than 30 patents. He holds degrees from Stanford University and IIT Kanpur (Gold Medalist).