Intel® SGX - KryptoGuard™ Brand

In our previous post I talked about leveraging Intel® SGX towards data loss prevention.  In this post I will talk about the relevance of Intel® SGX to our KryptoGuard™ Brand.

KryptoGuard™ brand is currently focused on providing services towards enhancing data security, leveraging the latest technologies.  This also sets the stage towards delivering products focused on data loss prevention.  To that end, we have already covered some of the use cases KryptoGuard™ brand targets.

We expect our potential clients/customers to handle sensitive data like payment card data, health information, personally identifiable information(PII), all of which are required to abide by varied regulations.  In an earlier post we talked about how PCI-DSS is woefully inadequate in enforcing in-memory requirements for payment card data, which is a frequent target.

Sensitive and/or confidential data could use more sophisticated technologies to better protect them.  Intel® SGX makes for a perfect candidate to capitalize on to accomplish just that.  Not only can sensitive data be earmarked as resources for secure access within Intel® SGX's enclave, access control checks to enforce that restriction is performed at hardware level thus forbidding compromised software at any other layer, including higher privilege software from accessing those resources.  This helps protect sensitive data from infractions which target that data while it is being processed, a stage where it is most vulnerable because of lack of maturity in current protection systems to better handle this stage.
​
To top it, Intel® SGX also provides relatively seamless and easy ways to encrypt sensitive data before it is stored on disk.  Cryptography key maintenance which would otherwise be a hassle is alleviated by its in-built cryptography feature that could be leveraged towards protecting sensitive data at rest.
As you might have realized by now, all of this is very conducive for our KryptoGuard™ targeted use cases !  In a future post, possibly next, I will take a scenario to better explain how we were able to use Intel® SGX towards better protecting sensitive data as it is being generated and processed.