Increase confidence in public cloud security: Integrate Intel SGX, says G-Core Labs Cloud

Sponsored Cloud infrastructure has many advantages over a corporate server. It’s easier to set it up and to get access to almost any resources in a matter of minutes, and you only pay for the capacity used. However, businesses are often concerned about how secure cloud solutions are.

Therefore, in addition to the generally accepted types of protection, G-Core Labs decided to offer other security measures to large companies and small development teams. That’s why last December we were one of the first in the world to launch support for the Intel SGX encryption standard in our public cloud. This technology dramatically enhances data protection with built-in cloud management tools from Intel. Since then, it has been proven effective by our customers.

How Intel SGX works

The technology is a set of processor instructions that applications can use to isolate private areas of code and data, providing them with extra protection against disclosure or modification. Thus, with the help of Intel SGX, custom code can be placed in private memory areas, or enclaves. Enclaves help shield data from external processes and software running at more privileged levels, such as operating systems and hypervisors.

A diagram showing the layers of security from SGX to a virtual machine running on a host

Who can use it? First of all, companies working with personal data in the financial and medical sectors, healthcare, and retail. Game development and media companies can also find this technology useful. With it, it’s possible to ensure the integrity and confidentiality of computations with increased security requirements even in such systems where privileged processes are unreliable. This is due to the fact that no one, including the cloud provider, can get into the encrypted area—the enclave—and gain access to the information stored in it. The data in the enclave will remain protected even if the cloud servers are compromised. This approach to working with information is perfect for companies working with sensitive and confidential data.

How Intel SGX helps Aggregion customers collaborate on sensitive data

Our customer Aggregion develops solutions for data collaboration and for creating partner ecosystems. It’s assisted in this by G-Core Labs public cloud, which supports Intel SGX technology and is located in important jurisdictions for the company. It allows the Aggregion platform to enable users to collaborate securely and efficiently with massive amounts of anonymized data about purchases and audience parameters. As a result, partners—for example, a bank and a retailer—collaborate on the platform and use it to optimize cross-channel advertising campaigns, promote each other’s products and services among target audiences, manage customer loyalty, and launch various partner programs.

This approach allows Aggregion customers to reduce digital placement costs while increasing sales. However, for all this to work properly, the platform developers had to ensure that users can’t use the data to harm each other. In this, they are assisted by Intel SGX technology, which allows to open secure enclaves to collaborate on data—exactly what Aggregion customers wanted.

The G-Core Labs solution helped Aggregion quickly launch the required services. Tests have demonstrated that any of the customers can receive the necessary data instantly, and the infrastructure itself is available in all geographic jurisdictions where Aggregion operates. Each country has restrictions on the use of personal data, and, as a rule, Aggregion must store it within a specific country. G-Core Labs has succeeded in meeting this challenge.

How Intel SGX is integrated with G-Core Labs Cloud

The technology has been integrated using the SCONE confidential computing platform. We chose it for a number of advantages. First, this platform supports transparent file encryption, network traffic, and standard input/output streams (stdin/stdout), thus protecting data from unauthorized access through the OS, hypervisor, or other software. Secondly, SCONE implements transparent application attestation, which guarantees the authenticity of the executable code and its security using SGX, as well as the detection of malicious code in the software. In addition, the platform provides compilers for C, C++, Rust, Go, and Fortran, as well as secure Docker images for popular services automatically running in an SGX enclave. All this allows companies to easily launch applications and run programs in protected areas, preventing theft of sensitive data even in cases where attackers have root access.

How else you can use Intel SGX

The technology has many uses. For example:

• Manage cryptographic keys and provide HSM functionality through enclaves
• Enhance privacy and isolate confidential data in collaborative computing
• Ensure greater confidentiality and security when processing blockchain transactions, agreements, and smart contracts or storing keys
• Run unmodified applications inside enclaves
• Ensure secure interactions between IoT devices and cloud services or clients
• Establish secure communications between senders and recipients of messages
• Provide additional protection for payments and transactions between electronic wallets

How to sign up for cloud servers with Intel SGX support

Intel SGX-enabled virtual machines and bare metal servers are already available in Luxembourg, Amsterdam, Manassas (USA) and Moscow, and will soon be available in Singapore. Use our cloud infrastructure to comfortably build your products, operate them safely, and grow quickly.

Sponsored by G-Core Labs