Consider the highest end databases that store the world’s most valuable data. The keys used to encrypt and decrypt this data, whether to achieve transparent data encryption or to achieve geo-replication, have to be protected at all costs. The keys have to be stored securely and also used securely, i.e., the keys should never be available in plaintext and should be used by audited cryptographic algorithms that are executed in a secure runtime environment. The world’s highest end databases use Hardware Security Modules (HSMs) with FIPS 140-2 validated hardware cryptographic modules for secure storage and use of cryptographic keys.
HSMs with hardware cryptographic modules can be used to provide secure cryptography as a service. However, this concept has not penetrated the cloud environment. While CloudHSMs1 can be used to perform key management services, they are not used to perform cryptography as a service. One reason for this is that cryptographic operations are so commonplace that invoking an over the network service each time significantly degrades system performance.
“Working together with Microsoft and Intel to Make ADV available in Azure marketplace is a significant achievement that allows us to better serve our customers. In fact, we made hardware rooted trust technology accessible in the cloud space”, said Assaf Cohen, CEO of Anqlave.
Anqlave Data Vault (ADV) helps solve the secret management problem by allowing users to securely create, store, transport and use secrets. By leveraging Intel SGX enclaves, ADV helps ensure that secrets are never available in plaintext whether at rest, in motion or in use.
Start using ADV through Azure marketplace today by following the link here.
If you’d like more information about ADV you can read our whitepaper here.
ADV FIPS 140-2 certification is currently underway.
Anqlave mission is to secure digital assets. Anqlave builds platforms based on hardware rooted trust technology, that allows customers to store, transfer and process data in the cloud without trusting the cloud. Those components can be used to solve data security and data privacy issues existed when moving data or applications to the cloud