Secure Enclaves: Foundation For The Cloud-Based Enterprise

Junaid Islam April 17, 2018

This is the first in a series of blog posts examining a cloud-based enterprise. In this post we’ll introduce how a Secure Enclave can help enterprises migrate to a cloud-based model.

The two dominant themes in enterprise architecture today is the desire to save money by utilizing cloud services and threat of state-sponsored cyberattacks. The goal of a Secure Enclave is to help enterprises meet both objectives by implementing a trusted access control solution in the cloud.

All IaaS and SaaS providers utilize a shared security model in which they take responsibility for the data inside their boundary but expect the enterprise to be responsible for everything outside their perimeter. For example, enterprises are responsible for all damage due to stolen passwords or unauthorized access to compute instances. Thus the security challenge for cloud-based enterprises to how to enable perimeter security when all they have is the cloud?

A Secure Enclave utilizes a Software Defined Perimeter (SDP) security model to create a protected IaaS instance inside which role-based access control, trust assessment, certificate management and addressing functions can be deployed. Additionally a Secure Enclave can also protect IaaS and SaaS applications from network-based cyberattacks including self-propagating malware.

Looking at the high level architecture below we see Secure Enclaves supporting trusted access control functions for IaaS and SaaS applications.

The first task of a Secure Enclave is to implement trusted access control to IaaS and SaaS applications. Trusted access control combines role-based access control with device trust assessment. Trust assessment allows enterprises to conduct a remote posture check on user devices before granting access to cloud services. For example, enterprises can verify if a device has updated software and is running endpoint protection. If the device is acceptable then one or more SAML assertions are generated based on the role of the individual.

Secure Enclaves can also be used protect IaaS instances from network-based cyberattacks. Only authorized users and their devices are granted TCP connectivity to IaaS compute instances. Moreover to block the new generation of self-propagating malware, only application layer connectivity is granted to authorized devices.

One of the unique features of a Secure Enclave is how it protects SaaS applications from stolen passwords. Enterprises can utilize the federation capabilities to SaaS apps to re-direct sign-in requests to their SAML IdP. However only users who have access to the protected IdP can get the SAML assertion. Thus Secure Enclaves can be used to provide transparent multi-factor authentication to SaaS.

In the next post we’ll take a deeper look at the trusted access control functions of the Secure Enclave.

About Junaid Islam

Junaid Islam, veteran Counter Terror Operations, Secure Communications Expert

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

Give Your Career A Boost By Learning From Experienced Decision Makers

Our video and audio podcast, the OODAcast, provides content that can help accelerate your career and improve your decision making. The series is based on interviews of some of the greatest most accomplished enterprise technologists we can find. We ask questions designed to pull out lessons applicable to accelerating the career of any professional. We […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Please help spread the word: USNI and NIP Essay Contest: This year’s challenge area a key one for the nation

Please help share the content at this link to any thinker/writer you know: 2020 Information Warfare Essay Contest This contest is open to all contributors, active-duty, military, reservists, veterans, and civilians. Generally the winners have had a solid understanding of the nature of modern conflict, but really any thinkers/writers should look over the contest and […]

Centripetal wins historic $2.6-$3.2 Bil vs. Cisco Systems; largest US patent infringement award to date

Editor’s note: I am proud to say I have a history with Centripetal Networks serving on their board and then later as an advisor. It was horrible to learn that a Tech Titan like Cisco was infringing on their patents. It is good now to see when the facts were reviewed justice was done. -bg […]

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

All Enterprise Techies Should Watch HBO’s SciFi Epic Westworld: It will help us dialog over shared experiences on what we will not be creating

Westworld season one was a great mix of science fiction and drama and action and it was done in a way that should help people think through many tech ethics questions, like how do we want to treat our robots? Does treating robots with violence change our nature? Can robots become sentient? HBO has a […]

Related