AWS Announces General Availability of Nitro Enclaves | Business


SEATTLE–(BUSINESS WIRE)–Oct 28, 2020–

Today, Amazon Web Services Inc., an Amazon.com company (NASDAQ: AMZN), announced the general availability of AWS Nitro Enclaves, a new Amazon EC2 capability that makes it easier for customers to securely process highly sensitive data. AWS Nitro Enclaves helps customers reduce the attack surface for their applications by providing a trusted, highly isolated, and hardened environment for data processing. Each Enclave is a virtual machine created using the same Nitro Hypervisor technology that provides CPU and memory isolation for Amazon EC2 instances, but with no persistent storage, no administrator or operator access, and no external networking. This isolation means that applications running in an Enclave remain inaccessible to other users and systems, even to users within the customer’s organization. With this isolation, the AWS Nitro Enclave owner can start and stop, or assign resources to an Enclave, but even the owner cannot see what is being processed inside of AWS Nitro Enclaves. AWS also announced the launch of AWS Certificate Manager (ACM) for Nitro Enclaves, a new Enclave application that makes it easy for customers to protect and manage Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for their webservers running on Amazon EC2. To get started with Nitro Enclaves, visit https://aws.amazon.com/ec2/nitro/nitro-enclaves/.

Many customers across all industries have asked for help to further protect their highly sensitive data like personally identifiable information, financial data, healthcare records, intellectual property, and more – including from internal users within their own accounts. Today, customers can protect their data with access controls and by using encryption while it is at rest and in transit, but encryption does not protect data when it is unencrypted at the point of use (e.g. a healthcare recommendations algorithm must have access to unencrypted patient data). One solution is to remove much of the functionality that an instance provides for general-purpose computing (e.g. networking, the ability to log into an instance, the capability to store and retrieve data,…

Source…