Skip to main content
banner image
venafi logo

Start Protecting Machine Identities in Memory Today [Intel + Venafi]

Start Protecting Machine Identities in Memory Today [Intel + Venafi]

October 19, 2021 | Bridget Hildebrand

Digital transformation is accelerating at a rapid pace. This brings increased efficiencies and profits, but also opens organizations up to new and dangerous online risk. It’s encouraging, though, that many businesses embracing the digital world have come a long way—from security ignorant to security conscious to security vigilant. As a result, we’ve witnessed the gradual but rapidly accelerated adoption of solutions that manage and protect machine identities such as TLS certificates.

To be successful, organizations must employ machine identity management solutions that operate at scale with automation and intelligence across various environments. One important challenge for many organizations to accomplish that goal has been to secure the private cryptographic keys that are used to prove the authenticity of the server identified by digital certificates. Often, these private keys are protected in a suboptimal manner that incurs either prohibitively expensive overhead or undesirably high risk.

For customers of Venafi and Intel, this is a challenge no more! Combined with the best machine identity management from Venafi, Intel® Software Guard Extensions (Intel® SGX) secures private keys with an enclave-based solution that significantly reduces hardware cost and overhead while dramatically improving security.

Click Here to Discover More Partner Integrations in the Venafi Ecosystem!
Understanding the Risk

Machine identities can be compromised when they are vulnerable in two scenarios: at rest and in use.

A highly discouraged, yet popular practice, is to store private keys at rest on the file system and rely on OS-provided controls to secure them. This outdated defense has little to no power with today’s sophisticated attackers. Of course, these keys are technically protected through encryption and more stringent access controls offer even higher protection, but that’s still not quite enough in today’s digitally transformed world.

What about the lack of protection for sensitive data in use in memory?

Imagine a TLS certificate on a web app. Any time the application is up, and people can access it, the certificate exists both in-memory and at-rest on the file system somewhere. If the app were offline or down, it would only exist at-rest.

This is significant because there is great risk from memory targeting attacks such as memory-scraping. And that risk only worsens as businesses move workloads to third-party cloud infrastructures, introducing additional humans to the operational mix. The fact that these peripheral humans hold the least stake in securing an enterprise customer’s business interest highlights the need for the strictest protections against human error in the public cloud.

In-memory protection from Intel and Venafi

Intel® SGX provides CPU encryption for a portion of memory to fend off unauthorized access to protected data in use. The integration of the Venafi Trust Protection with Intel SGX protects the private keys—or machine identities—when they are loaded on to the RAM of a shared cloud instance or a remote machine that's under control by another entity. Coupled with a hardware security module (HSM), the joint solution delivers end-to-end protection of the private keys while they are generated, stored, transported, and in use—in memory—and even in an untrusted sharing cloud environment.

How? The Intel SGX enabled server is not much different from a regular server equipped with Intel CPU in all other aspects of the computing. While Intel SGX servers are designed for general computing purposes, with added security enclave capability and Venafi’s collaboration, Intel SGX helps to eliminate any exposure of the private key through the full lifecycle of a machine identity. All this with little to no management or additional operational overhead or cost.

The Venafi Trust Protection Platform supports Intel SGX security enclave functionality without any changes to deployment and configurations. The Intel SKC service and the Venafi platform run on independent servers and connect through standard authentication protocols.

Try this unique security solution today – for FREE

Want to try it out in your lab? Venafi customers and prospects who have an interest in testing the solution out are invited to participate in our Early Bird Access Program, which provides Intel SGX hardware and Venafi Adaptable Driver. Participation is on a first-come-first-serve basis. This is a great opportunity to experience this unique solution firsthand and provide both Intel and Venafi valuable feedback on future development. Learn more and apply to the Early Bird Access here.

Visit the Venafi Marketplace for information on the Venafi Adaptable Driver for Intel SGX.

This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.

Related Posts

Like this blog? We think you will love this.
Featured Blog

Moving PKI to the Cloud: Overcoming 3 Tough Challenges [Axiad and Venafi]

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Bridget Hildebrand
Bridget Hildebrand

Bridget is Sr. Manager, Ecosystem Marketing at Venafi. She has over 20 years of experience managing technology partnerships and global channel programs for a broad range of technology organizations.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more