High Assurance Edition
Concerns about the security of cloud computing environments top the list of reasons for customers delaying or avoiding adoption of cloud computing services. This can be seen in studies published by Forrester Research, IDC, and many others.
On the other hand, security can be a key competitive advantage for service providers when competing for cloud services customers. With Enomaly’s patented security functionality, a service provider can deliver a unique, high security Cloud Computing service – commanding a higher price point than commodity public cloud providers.
The cloud-based infrastructure-on-demand model has some clear security benefits -- it brings the potential for better and more standardized security configuration management and hardening, for better patch and change management, and for a better managed network environment than many businesses would be able to provide for themselves.
However, IaaS clouds have a security Achilles heel. In a conventional hosting environment, customers are concerned about network security, configuration management, malware protection, etc., but they do not need to worry about whether they can trust the servers -- trust the servers to execute their applications without modification, to store data only where and when the application code does so, to transmit data over the network only when and how the application code requires. But due to these new risks in the cloud, all bets are off unless new solutions are implemented -- servers are no longer hardware assets, but are instead software-based virtual machine instances under the total control of the cloud management and hypervisor software. When combined with the fact that cloud servers exist in a shared environment potentially containing hackers and other threats, this creates a new and severe security risk that, until now, has remained unmanaged. Worse, there is nothing users can do to protect themselves -- software can't protect itself if the CPU it is running on has been compromised and reprogrammed to steal or corrupt data.
In the cloud, you can't trust the server you're running on. Until now.
Enomaly ECP High Assurance Edition delivers, for the first time, cloud servers you can trust.
ECP High Assurance Edition builds on the featureset of our Service Provider Edition, adding a unique set of high-security capabilities to meet the needs of customers who require a higher level of security than that offered by any of the commodity cloud computing services available in the marketplace.
As enterprise users increasingly deploy security-sensitive applications on the cloud, ECP High Assurance Edition provides the previously-missing security capabilities enabling enterprises to trust your public cloud environment to the same degree that they are able to trust the computing platforms within conventional datacenters.
Full Integrity Verification
Enomaly’s Trusted Cloud platform provides continuous security assurance by means of unique, hardware-based mechanisms that leverage technologies including Intel's Trusted Execution Technology (TXT) and secure storage via the Trusted Platform Module (TPM). Enomaly ECP High Assurance Edition provides both initial and ongoing Full-Stack Integrity Verification to enable customers to receive cryptographic proof of the correct and secure operation of the cloud platform prior to running any application on the cloud.
Full-Stack Integrity Verification provides the customer with hardware-verified proof that the cloud stack (encompassing server hardware, hypervisor, and even ECP itself) is intact and has not been tampered with. Specifically, the customer obtains cryptographically verifiable proof that the hardware, hypervisor, etc. are identical to reference versions that have been certified and approved in advance. The customer can therefore be assured, for example, that:
- The virtual hardware has not been modified to duplicate data to some storage medium of which the application is not aware
- No unauthorized backdoors have been inserted into the cloud management system
- The hypervisor has not been modified (e.g. to copy memory state)
- No hostile kernel modules have been injected into the underlying OS
This capability therefore enables customers to deploy applications to your cloud service with confidence that the confidentiality and integrity of their data will not be compromised. That means more customer opportunities, and a better-differentiated cloud offering.
HAE uses a mechanism called remote attestation, which until now has only been explored in experimental research settings. Enomaly has taken the bold step of making attestation practical by integrating it into the ECP system. Enomaly takes care of all the complexity of making the attestation requests, ensuring that the requests cannot be tampered with and distilling the result of the attestation requests into a simple and easy to understand safe / not safe message.