Gartner's first secret computing: Aliyun is among them

Recently, Gartner, Hype Cycle for Cloud Security, 2019, Jay Heiser, Steve Riley, 23 July 2019), including Confidential Computing for the first time. Ali Cloud is listed as a typical vendor due to many practices in the field of confidential computing, and it is the only cloud service provider in the Asia-pacific region.

The Hype Cycle, also known as The technology Cycle, is a tool that companies use to assess The visibility of new technologies, using The timeline and visibility on The market to decide whether or not to adopt them. In 1995, Gartner began producing annual technology maturity curves for each area.

In 2019, Gartner included confidential computing for the first time, and it appeared as the most initial link in the cloud security technology model, indicating that confidential computing plays a fundamental role in the whole cloud security link. In 2017, Ali Cloud and Intel jointly released SGX encryption computing technology based on chip level (that is, confidential computing technology), advance layout, with the most cutting-edge technology to ensure the security of customer data on the cloud.

As is known to all, how to guarantee the system runtime environment confidence is an important challenge, traditional TPM technology at present only can finish the system start the credible measures in the process of start, not the memory after application startup environment provides the trusted execution environment, the protection of sensitive application and data effectively, so difficult to up to the requirement of run-time trusted.

Based on the Intel SGX encryption computing technology, ali cloud to cloud provide the credible ability of the system is running, the cloud developers can take advantage of the SGX technology provides the trusted execution environment, to guard the key code and data in memory, even with higher privilege system components including the BIOS, virtualization layer, the operating system kernel, And highly privileged processes can’t get access to critical code and data, freeing customers from cloud dependence and preventing data theft or tampering by having a trusted execution environment on the cloud.

Ali Cloud is the first cloud service provider in Asia Pacific to launch SGX (Software Guard Extensions) based encryption computing, and the first to commercialize SGX technology in the world, enabling cloud users to enjoy high-level data security protection in the simplest and most convenient way.

Gartner pointed out in the report that Ali Cloud provides Fortanix runtime encryption solution, which reduces the need for application modification through runtime abstract interface, which makes cloud service providers less dependent on specific implementation of a single hardware. Other CPU vendors are also choosing to provide trusted execution environment like SGX based on chips. Because of its obvious technical advantages, confidential computing is becoming common in most enterprise organizations.

Alicloud’s work on confidential computing goes beyond that:

In October 2017, Intel and Ali Cloud reached technical cooperation, and jointly released the encryption computing technology at the Computing Conference: based on SGX trusted execution environment, to protect customer data security.
In April 2018, Ali Cloud announced the formal commercialization of The DCP server supporting Ali Cloud encryption computing technology in RSA2018. At the same time, a large number of customers began to protect sensitive data through encryption computing, including Oasis Labs, a Silicon Valley blockchain startup.
In September 2018, at the Computing Conference, Ali Cloud released the FPGA encryption computing technology. Ali Cloud extended the encryption computing technology from processors to FPGA devices through cooperation with Intel. Through FPGA encryption computing technology, today’s mainstream machine learning computing model and data-related computing can be run in a trusted environment. This helps customers improve the data security level on the cloud.
In September 2018, in the cloud conference, released smart card encryption ali cloud computing, ali cloud with the world’s leading high performance computing, data center end-to-end interconnect solutions provider Mellanox company cooperation, encryption calculation based on the smart card introduced a smart card technology, thus the system reliable extension on the network, Trusted network is realized by intelligent network card encryption computing technology.
In October 2018, Ali Cloud officially announced that through the strategic cooperation with Fortanix company, ali Cloud will provide key management product solutions based on Fortanix products to ali Cloud users.
In October 2018, Ali Cloud’s blockchain service platform for digital key protection based on cryptographic computing technology was officially commercialized.
In April 2019, Ali Cloud and blockchain startup Oasis Labs announced strategic cooperation. Oasis Labs’ secure blockchain smart contract was officially launched, and relevant secure computing was automatically assigned to run on Ali Cloud encryption computing server.
In April 2019, Ali Cloud, as a representative of cloud vendors, was invited to explain the application practice of SGX technology in Ali Cloud in Intel conference room during RSA2019.
In July 2019, Ali Cloud and Intel jointly released Graphene Golang open source solution for cloud native Golang application protection, aiming to help cloud native applications developed on Ali Cloud based on Golang can be protected by SGX technology without modification, and further enrich the SGX technology ecosystem. So that more customers can enjoy the security capabilities of confidential computing.
In August 2019, Ali Cloud cooperated with Zhejiang University to hold the first SGX application Creative Competition, to train and dig out more SGX application developers in Chinese universities and enterprises, to dig out new business scenarios, and to build a new ecosystem and new force in the FIELD of SGX security technology through the combination of industry, learning and research.

Secret computing, which is based on chip hardware technology and virtual images and software tools on the cloud, enables users on the cloud to create a completely isolated trusted execution environment, also known as a security zone. Since secret computing can encrypt data in use/execution, Therefore, neither the host operating system nor the cloud service provider can identify sensitive information about these security zones, preventing any third party from tampering with the data in progress. It can be seen that confidential computing solves users’ concerns about data runtime security.

Author: Cloud security expert

The original link

This article is the original content of the cloud habitat community, shall not be reproduced without permission.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Gartner’s first secret computing: Aliyun is among them

Gartner’s first secret computing: Aliyun is among them

Related Posts

What is the structure of a JSON Web Token

What architectural changes have the system gone through from the initial stage to supporting hundreds of millions of flows?

Python3 crawler project set: douban top250 movies