Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Enclave technologies from silicon... to software... to the data center

By Ayal Yogev
data center
November 9, 2020

Data must be protected. There’s no argument about that. Solutions to protect data at rest and data in motion have been around for decades. The problem is that for data to be useful, it has to be processed, and, until recently, processing left data wide open to theft or attack. 

There is a fundamental architectural weakness that requires data to be exposed and unencrypted in memory for processing. This means that even data that may be fully encrypted over a network or when stored will be unencrypted when it’s processed. Bad actors know this, which is why they target memory to retrieve unencrypted certificates, keys, and, of course, valuable data whether it is in memory, on disk, or stored on the network. This weakness affects virtually every computer and all software ever made. 

The leading microprocessor vendors knew that this issue is critical. That’s why they’ve added specialized security features and instruction sets to their CPUs. These enable the creation of enclaves - certified secure regions of a host, instantiated by software, that are isolated from every other process and user. Enclaves solve the memory encryption issue - data can’t be seen outside the enclave. Memory is decrypted and thus rendered usable only within the enclave itself.

Many different kinds of enclaves can be created leveraging this technology. Some - like the hardware enclaves present on many computers and phones - simply store data such as keys and certificates. Still others store small amounts of critical code in memory. More recently, the market is seeing the arrival of more general-purpose secure enclaves, sometimes referred to as “enterprise enclaves,” that create complete computing environments. 

Within these secure enclaves, both applications and data are protected from theft or attack. Even more important, these general-purpose enclaves protect not just application data in use, but stored data (data at rest) and data on the network (data in motion) as well. With these protections, even if an insider or attacker gains full administrative control over a server processing such data, enclave-enabled security features fully protect and encrypt computer memory, keeping both data and code out of reach. 

Unfortunately, while enclave-enabling technologies solve the secure computing problem, using them is neither easy nor practical. Applications need to be rewritten and recompiled to support specialized machine instructions to enclave applications. Each proprietary enclave technology implementation requires application-specific versioning to take full advantage (Intel, AMD, and AWS each have their own implementations). New software development requires making multiple complex environments and struggling with vendor-specific software developer kits (SDKs) to transition applications. Such obstacles present a fundamental roadblock, making secure enclaves a non-starter for all but the most motivated DIY hobbyists and deep technologists, and then even for only the most important applications.

Fortunately, this last hurdle has been addressed by leveraging the same virtualization approach that hastened the accelerated transition of workloads from on-premise data centers to the public cloud. With virtualization, applications transparently move new and legacy applications into secure enclaves without rewriting or re-compilation. 

This “lift and shift” approach makes cloud migration simple and attractive for virtually all applications. An application or code base can be simply taken out of one environment and placed in another (in this case, into a secure enclave environment) without significant underlying design change.

As this lift and shift approach becomes popular for secure enclaves, the objections to not using these hardware protections for data disappear.

The incentive to transition applications into the protected confines of a secure enclave only increases with each new data breach, whether on-site or in the cloud. Enterprise enclave technologies virtually eliminate this risk anywhere data and applications reside.  

Microsoft, Google, AWS,  Baidu, Alibaba, and other cloud services already support enclave technologies, making it possible to execute workloads,  reach new customers, or store data in untrusted geographies without the risk of breach or data loss. This also means organizations can transition everything--including even their most sensitive applications and data--to the cloud, eliminating the need to maintain costly redundant onsite and cloud IT organizations.

Enclaves are a powerful compliance control. Enclave data protections ensure that data can’t be seen or accessed unless explicitly authorized. Even then, with access vigilantly monitored and tracked from a zero-trust posture, compliance becomes much simpler.

Even better, with the risk of data exposure eliminated, the organization no longer needs to maintain a costly, complex security infrastructure. In many cases, privileged access management (PAM), data classification systems, network security, and other expensive host, network, perimeter, and physical security solutions become redundant. Implementing secure enterprise enclaves can reduce both cost and overall system complexity. 

The rationale for the move to enclaves is compelling. The opportunities for IT to dramatically simplify and improve security are immense. Fortunately, momentum is building, with hardware, software, and cloud vendors driving enclave technology into the mainstream--paving the way for a new and significantly more secure era of computing.

KEYWORDS: cyber security data protection risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ayal yogev headshot

Ayal Yogev is the CEO and co-founder of Anjuna, with 20 years of experience building enterprise security products. Ayal has held multiple senior product management positions including VP of product management at SafeBreach, a Sequoia-backed enterprise security startup, managing the OpenDNS Umbrella product management team that was acquired by Cisco for $635M, and managing a product line at Imperva for the 3 years leading to its IPO.  Ayal holds an MBA with honors from UC Berkeley and Electrical Engineering and Computer Science from Tel Aviv University.  

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Migrating to IP-Based Physical Security in the Data Center

    See More
  • Regulatory Compliance: Financial Services Firm Uses Video to Protect Data Center

    See More
  • Data Center Security Finds Solutions in Software as a Service

    See More

Related Products

See More Products
  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

  • The Complete Guide to Physical Security

  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing