Last week, Amazon introduced AWS Nitro Enclaves as a new feature of EC2.  Enclaves are separate virtual machines, hardened, and highly constrained.  They have no persistent storage, no external networking, or interactive access.  AWS created this as an answer for customers who utilize access controls, encryption while at rest and transit but have had difficulty locking down data while in use.

Enclave applications can be developed using the AWS Nitro Enclaves SDK set of libraries.  It can also integrate with AWS Key Management Service.  This provides encryption and decryption of data using isolated SSL/TLS certificates within an Enclave.

Shane Curran, CEO of encryption startup Evervault, said, "Our mission is to encrypt the internet.  Nitro Enclaves provides the perfect platform to make this happen, because it's the best way to protect data in use".

Odoo • Image and Text

Jeff Barr, chief evangelist for AWS 

Wrote in a blog post that you can use enclaves today on Intel and AMD-based processors in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (São Paulo) Regions today at no extra charge, with more regions and support for Graviton-based processors coming soon.


Create Additional isolation to protect sensitive data

Join us and make your company a more secure place.