AWS introduces Nitro Enclaves to protect Highly Sensitive Workloads

AWS announced the general availability of AWS Nitro Enclaves, a brand New Amazon EC2 capability which makes it simpler for clients to securely process extremely sensitive information. 

AWS Nitro Enclaves is available on the majority of both Intel and AMD based Amazon EC2 instance types built on the AWS Nitro System. AWS Nitro Enclaves is currently available in the United States East, US East, US West, Europe, Europe, Europe, Europe, Europe, Asia Pacific, Asia Pacific, Asia Pacific, Asia Pacific, Asia Pacific, and South America regions, notes the announcement.

AWS Nitro Enclaves gives the option of varying mixtures of CPU cores and memory, allowing clients to match resources to the dimensions and performance requirements of their workloads. Customers can develop Enclave applications utilizing the open-source AWS Nitro Enclaves SDK set of libraries. 

The AWS Nitro Enclaves SDK also incorporates with AWS Key Management Service, allowing clients to create data keys and also to decrypt them within the Enclave. With ACM for Nitro Enclaves, clients may easily isolate SSL/TLS certificates within an Enclave, which makes them useable by web servers on the case whilst protecting them from access by other users or applications in the customer's environment. 

ACM for Nitro Enclaves ensures that the sensitive information associated with SSL/TLS certificates never leave the Enclave. Thus helping the revocation and renewal of certificates to reduce the demand for manual monitoring and webserver reconfigurations when certification expires. 

Vice President, Amazon EC2, AWS, David Brown, said, "Customers often tell us that powerful built-in protections like the locked-down security model of the Nitro System are among the primary reasons why they trust AWS with their workloads. Nitro Enclaves builds on those same security and isolation models that have separated AWS for so many customers, delivering a more efficient method for securely processing highly sensitive data. This means customers can build and innovate faster in a way that still meets the highest bar for security."

AWS Nitro Enclaves also helps clients reduce the attack surface due to their applications by providing a reliable, extremely isolated, and safe environment for information processing. 

Each Enclave is a virtual server created utilizing the exact same Nitro Hypervisor technology that gives Processor and Memory Isolation for Amazon EC2 cases, however with no persistent storage, no administrator or operator accessibility, without any external networking. This isolation implies that applications running within an Enclave stay inaccessible to other users and systems, even to consumers inside the customer's organization. 

The isolation capability of Nitro Enclaves ensures that the owner of the AWS Nitro Enclave can start and stop or assign resources to an Enclave. But the owner can't see what's being processed inside of AWS Nitro Enclaves. 

AWS also announced the launch of AWS Certificate Manager for Nitro Enclaves, a brand New Enclave application that makes it easy for clients to safeguard and manage Secure Sockets Layer/Transport Layer Security certificates due to their webservers running on Amazon EC2, notes the announcement.