Amazon Web Services announced that it is making AWS Nitro Enclaves generally available. The capability allows users to process sensitive data with ease securely. Nitro Enclaves was first announced as one of three new security products from Amazon last December.
It offers customers the ability to partition compute and memory resources within an instance to create a separate compute environment.
Nitro Enclaves was created to protect very sensitive data. Each of the enclaves is designed as isolated virtual machines with separate kernels, memory, and processor. Users select an instance type and then decide how much processor and memory they want it to have.
Isolation seems to be the answer
The virtual machine is created using Nitro Hypervisor technology, which offers CPU and memory isolation for Amazon EC2 instances. It has no persistent storage, no admin or operator access, and no external networking capabilities.
As Amazon puts it, the isolation ensures that apps running in the Enclave are inaccessible to other users and systems, including those in the customer’s own organizations, if that is how they want to run things.
An owner of the Nitro Enclave can start and stop or assign resources to the isolated Enclaves, but not even the owner can see what’s being processed inside them. Users can develop enclave apps and allow them to generate data keys and decrypt them inside the Enclave.
David Brown, the Veep for Amazon, EC2 says that customers tell them that robust protections like these are part of the primary reasons why they trust AWS with their workloads.
Nitro Enclaves builds on the same security and isolation models that have made AWS what it is.
AWS Nitro Enclaves was made publicly available on Wednesday on many of Intel Corp’s and AMD’s-based Amazon EC2 instance types built on AWS Nitro Systems.