Runtime Encryption Overview
Encryption is an effective data protection control, however it’s use is currently limited to data at rest and data in motion. When, an application starts to run, it’s data in use is vulnerable to a variety of attacks including malicious insiders, root users, credential compromise, OS zero-day, and network intruders.
Runtime Encryption provides deterministic security with runtime memory encryption for applications to protect data in use. Runtime Encryption enables a fundamentally new level of security and privacy allowing organizations with sensitive data to operate in untrusted environments.
Transparently Protect Your Apps
Fortanix Runtime Encryption (RTE) uses Intel® SGX to enable general purpose computation on encrypted data without ever exposing plaintext application code or data to the operating system or any other running process. Therefore even if the infrastructure is compromised or malicious insiders have root passwords, the application remains cryptographically protected.
However, applications do not work out of the box with Intel SGX. Application developers need to rewrite or restructure their application code. Furthermore, developers have limited choice in toolkits and lack the ability to readily create secure distributed applications.
Fortanix RTE includes EnclaveOS™ that is designed to transparently run any application within the trusted execution environment of Intel® SGX. EnclaveOS creates a portable security envelope to run applications in completely protected states without requiring modifications. RTE secures the entire lifecycle of the application.