Intel Software Guard Extensions (SGX)
Intel Software Guard Extensions (SGX) is available with Intel Xeon E processors. This technology delivers advanced hardware and RAM security encryption features. This means you can isolate parts of the code and data that are specific to each application. By signing up for this option, you will protect your software and most sensitive data against divulgation and modification.
Why use the SGX feature?
Data security is an increasingly significant subject for businesses hosting applications in the cloud. Only the data stored and in-transit data get encryption mechanisms. DATA and Rest Encryption is used for storing resting data, and TLS protocol for encrypting network communications. However, there is still another important part that needs to be secured: access control for data that is being processed.
Securing data that is in use
Intel Software Guard Extensions is a set of instructions that increase the security of data and code. SGX is available for servers in the Infrastructure range, including the Intel Xeon E processor.
Enabling this option will give you a secure runtime environment by isolating part of your server’s physical memory, called a security enclave. This way, you will protect access to data that is being processed, or code that is being run.
Your applications can use these enclaves to protect critical data, such as passwords, encryption keys and sensitive data, for your users. Even if your operating system or hypervisor is compromised, your data will still be protected.