eperi & Intel SGX – Confidential Computing on a new Level

More and more companies – even in highly regulated industries – adopt a cloud-first and serverless architecture approach. But this process is slowed down by data security concerns and the need to comply with legal regulations.

With the eperi Data Protection Solution combined with Intel SGX, Confidential Computing is brought to a new level. Sensitive data is protected in the cloud at any time – even while running analytics on this protected data.

This enables you to use all advantages of the cloud while staying in control of your data.

Privacy Preserving Analytics in the Financial Sector – a Challenge

One of our reference customers, a company in the financial sector, is faced with the challenge of complying with extremely strict guidelines and laws (such as the GDPR and BaFin) and at the same time mastering the use of the cloud. The solution seems obvious. Most cloud providers offer their own security solutions. Apart from the necessary trust in the cloud provider, these systems usually reach their limits when it comes to running analytics on the secured data within the cloud.

Without granting the cloud provider – at least temporarily – access to the unencrypted data, no analytics can take place. However, decrypting the data within the cloud, while the cloud provider technically has access to the data, is neither GDPR compliant nor does it fulfil the regulatory requirements for the financial sector.

A real challenge for companies with a cloud-first approach.

Confidential Computing with eperi & Intel SGX – the Solution

With the combined solutions from eperi and Intel, you regain full control over your data. The eperi Gateway ensures secure encryption under the sole control of the customer even before the data is stored in the cloud.

No one – neither the cloud provider nor unauthorized persons inside or outside the company – can access the unencrypted data. Within the cloud, the secure Intel SGX enclave ensures that individual functions, the so-called micro services, of the eperi Gateway can be moved to the cloud. This enables you to decide individually which data is required for analytics in the cloud. You as customer can easily define which services are executed on the eperi Gateway under your direct control or in the secure Intel SGX enclave in the cloud.

Due to the high security of the Intel SGX enclave in combination with the eperi Gateway, sensitive data is protected at all times in the cloud and can be analyzed compliant with data protection regulations.

Infographik eperi Gateway Intel SGX Cloud Micro Services
Benefits

The combination of the eperi Gateway & Intel SGX

Remote Control

Full control

The customer alone controls the encryption process and  the critical data.

Pseudonymization

Pseudonymization & Anonymization

All sensitive data is encrypted / tokenized by the eperi Gateway before it is sent to the cloud.

Security

Highest Security

Within the cloud, the unencrypted data is only available in the secure Intel SGX enclave.

eperi Gateway flexible deployment

Flexibility

All arithmetic operations and complex (analytics) algorithms can be securely performed.

Building

Compliance

Companies comply with international compliance requirements for cloud data security.

Key

Confidence

Cloud data is useless to any attackers, unauthorized persons, the cloud provider and eperi.

Learn more

Joint eperi & Intel Whitepaper

Intel SGX

About Intel SGX Confidential Computing

Logo intel SGX Tool

Confidential computing is an emerging industry initiative focused on helping to secure data in use.

The efforts can enable encrypted data to be processed in memory while lowering the risk of exposing it to the rest of the system, thereby reducing the potential for sensitive data to be exposed while providing a higher degree of control and transparency for users.

In multi-tenant cloud environments, where sensitive data is meant to be kept isolated from other privileged portions of the system stack, Intel® Software Guard Extensions (Intel® SGX) plays a large role in making this capability a reality.

Intel® Software Guard Extensions (Intel® SGX) is a set of security-related instruction codes that are built into Intel CPU’s. They allow user-level as well as operating system code to define private regions of memory, called enclaves, whose contents are protected and unable to be either read or saved by any process outside the enclave itself, including processes running at higher privilege levels. This allows application developers to partition sensitive information typically keys, code or data into enclaves for protection. Once protected in an enclave this sensitive data is protected from untrusted users even on compromised systems.

As computing moves to span multiple environments – from on-prem to public cloud to edge – organizations need protection controls that help safeguard sensitive IP and workload data wherever the data resides.