We implemented the feature for ordering virtual machines with Intel Software Guard Extensions support.
Now both large companies and small development teams using our virtual machines and bare-metal servers can significantly improve their data security by leveraging Intel’s built-in cloud management tools.
What is SGX and who does this technology protect?
Intel SGX is a set of processor instructions that can be used by applications to isolate private areas of code and data, providing them with greater protection against disclosure or modification.
This technology allows user code to be moved to the so-called enclaves, or private memory regions. The enclaves are created to protect against external processes and software executed on more privileged levels, including operating systems and hypervisors.
- SGX enclave design
“The launch of Intel SGX in Gcore Cloud is great news for companies from various industries and organizations who work with sensitive data, including personal information. We’re talking primarily about the financial industry, medicine and healthcare, and retail. Developers working on video games and various media projects will also be able to appreciate the advantages of this technology. Intel SGX provides consistency and confidentiality of computation with extra security requirements that take place on the systems where privileged processes are considered unreliable. Neither the cloud service provider, nor anyone else from the outside can get into the encrypted area and gain access to the data stored there. Even if, let’s say, the servers were hacked.”
Gcore Cloud Platform Department Head
Vsevolod Vayner
How to make calculations private
The Intel SGX integration with Gcore Cloud is based on the SCONE confidential computing platform.
Unique advantages of SCONE
Transparent encrypting. SCONE transparently encrypts files, network traffic, and standard input/output streams (stdin/stdout), protecting data from unauthorized access through the operating system, hypervisor, or any other software.
Transparent software attestation. SCONE performs application attestation to ensure the authenticity of the executable code and whether it’s protected by SGX, as well as to detect malicious code in the software.
Secure Docker images. SCONE provides secure Docker images for popular services that automatically run in an SGX enclave.
Simpler use of secure enclaves. SCONE helps run applications in SGX enclaves. Enclaves allow an application to protect its data from being accessed by any other software—even the operating system and the hypervisor. In particular, the application can protect all of its data from intruders with root access. Root users can’t access application memory in order to access keys and other sensitive data.
Transparent configuration with sensitive data. SCONE allows to securely configure applications by protecting sensitive data (such as encryption keys) contained in configuration files. Attackers won’t be able to read or modify the data, even by controlling the operating system and the hypervisor. This is transparent to the application, that is, it doesn’t require any changes to the source code.
Applied security. SCONE ensures the confidentiality and integrity of applications even when running in untrusted environments.
Support for compiled programming languages. SCONE provides compilers for C, C++, Rust, Go, and Fortran.
“SCONE helps companies and organizations across the world launch apps in SGX enclaves. We’re happy about the cooperation with Gcore. Our platform allows programs to be executed in protected areas so that even intruders with root access can’t steal your confidential data. When you use SCONE solutions, there’s no need to change the apps’ source code: just a recompilation is enough. Many of the apps from the Alpine repository don’t require recompilation.”
co-founder and COO of SCONE
Christof Fetzer
How do I set up a trusted environment for data collaboration?
To ensure that the data doesn’t leave the perimeter of its owner, and joint operations are performed in special encrypted blocks, excluding the possibility of third-party access, we use the Aggregion software.
Aggregion solves the problem of secure data collaboration between different companies. To do this, we use our own developments based on distributed databases technology, blockchain, and secure enclaves.
Participants can create applications on a distributed data management platform to improve marketing efficiency, financial scoring, and insurance, integrate data of a group of companies, and organize ecosystems, market analytics, and custom services.
“Interest in Aggregion’s solutions has increased. A number of current and potential customers have requested the physical placement of the cloud in specific jurisdictions where Aggregion services operate. Gcore works in all key regions including the USA and European Union. Moreover, our clients need to be able to quickly deploy and scale a solution, as well as support secure data processing technologies, which is why we’ve chosen this company as our cloud partner.”
Aggregion CEO
Nukri Basharuli
“We’re happy to be Aggregion’s partners and we understand the requirements for protecting the sensitive data of our partner’s clients in finance, retail, telecom, media, and other industries. That is exactly why we now support the Intel SGX encryption standard. This solution provides hardware-based memory encryption. It creates enclaves to isolate code and app data that require protection. No one can enter an enclave without the owner’s permission, even by using the processes and software that function on the more privileged levels, including operating systems and hypervisors.”
Head of Gcore Cloud Platform Department
Vsevolod Vayner
What else can I use Intel SGX for?
Managing keys. Manage cryptographic keys and get access to HSM functionality with enclaves.
Blockchain. Enhance privacy and security in handling transactions, agreements, smart contracts, and key storage.
Better privacy. Get more privacy and the ability to isolate sensitive data in collaborative computing.
Real-time applications. Run unmodified applications inside enclaves.
Hardware-enhanced content protection. Protect your content by securing your IP address with immutable streaming.
Edge computing. Secure the interaction of IoT devices with cloud services and clients.
Online wallet. Get additional protection for your payments and transactions.
Messaging. Secure communications between sender and receiver.
How do I connect cloud servers with Intel SGX support?
Virtual machines and bare-metal servers with Intel SGX support are already available in Luxembourg and Ashburn, and will soon come to Singapore.
Use our cloud infrastructure to comfortably build your products, operate them safely, and grow quickly.