Vidder Blog

How to Build a Secure Enclave on AWS

Posted by Greg Ness on Nov 27, 2017 6:00:00 AM

secure-enclave-blog.jpgOver the last few years there has been significant security improvements in public clouds.  For example, AWS now offers transparent data encryption, key management and secure compute features. Unfortunately, even with the advances in public cloud computing, organizations like financial institutions have been unable to leverage these services because many analysts work in secure facilities that have no Internet access.

By integrating Software Defined Perimeter and Trust Assessment technology, Vidder’s PrecisionAccess solution can unlock the agility and cost benefits of public clouds for organizations that must operate in secure facilities. Data analysts working in physically isolated locations can now connect to Secure Enclaves in public clouds without compromising the integrity of their environment.

Vidder’s solution utilizes the Software Defined Perimeter (SDP) to create a secure application layer encrypted connection from the authorized user’s device directly to the protected application in the public cloud.  The authorization for trusted connectivity is typically managed using Active Directory in the data center. Connectivity between the data center and public cloud is either via IPSec or MPLS (or more recently SD-WAN).

Secure Enclaves perform like an internal data center application from a performance and connectivity aspect.  Conceptually Secure Enclaves provide a new compute model in which the “cloud is migrating inside the regulated data center” versus the existing “migrating to the cloud” design. 



A Secure Enclave has many interesting security attributes that differentiate from existing hybrid public-private cloud designs. First, one of primary barriers that regulated entities have when utilizing public cloud is that access to cloud resources is not allowed due to the risk of unauthorized data access.

  • The Secure Enclave ensures only users at facilities controlled by the enterprise who also have valid data center access can access protected applications.

Second, a new generation of laterally moving malware which is able to destroy or steal data by pivoting thru the authorized user’s device needs to be blocked. 

  • Vidder’s PrecisionAccess utilizes a Software Defined Perimeter (SDP) application layer connection model that blocks laterally moving malware.

PrecisionAccess allows the strict partitioning and role based access that is a standard feature of regulated data centers to be re-created in public cloud environments

 For entities like financial and government agencies the Secure Enclave is a significant breakthrough as it allows them to benefit from the agility and cost benefits of the AWS commercial marketplace.

 What do you think? Feel free to send me your response (gnessatvidderdotcom) and I’ll post with attribution; or post on your blog and link to this blog and we will link back.

 Stay tuned as we share our lessons learned addressing challenges with confidentiality and the cloud by signing up for our updates.


Topics: software defined perimeter, secure enclaves, AWS secure enclave, confidential cloud, reinvent2017

About Vidder

Vidder is changing how modern day enterprises approach security in an increasingly untrusted IT landscape. PrecisionAccess™ enables secure, trusted access to critical business applications in today’s perimeterless enterprise. With PrecisionAccess, enterprises can continue to evolve their business ecosystem through major IT trends like cloud migration and outsourcing with assurance that their most valuable applications are safe.

Subscribe to Email Updates

Recent Posts