According to a recent industry study, two-thirds of executives consider cybercrime their most significant threat ahead in 2023. And while new security tools can help mitigate these risks, they often only offer a temporary solution, as threats are constantly emerging in new places.
To truly gain security, organizations are looking for broader protection and privacy safeguards for the very bedrock of their online presence: their infrastructure. And as more organizations move to the cloud, they want to make sure their applications and data are completely private and secure. This is where Amazon Web Services (AWS), the first and largest cloud provider, innovates daily, with some of the most data-sensitive and highly-regulated organizations, from governments to healthcare providers and financial markets, all built and running on AWS.
One way that AWS continues to innovate is by continuously raising the bar on confidential compute. This includes pioneering the use of specialized hardware and associated firmware to protect customer code and data during processing from unauthorized access. These confidential compute solutions are enabled by the AWS Nitro System, the underlying platform for all modern AWS compute instances. AWS designed the Nitro System to offload virtualization functions to dedicated hardware and firmware, which enables AWS to deliver a higher level of security to customers.
AWS has three main types of protection it offers to customers using its Nitro System: protection from cloud operators, protection from AWS system software, and protection of sensitive computing and data elements from customers’ own operators and software.
Protection from Cloud Operators
AWS designs its systems to ensure confidentiality not only between different AWS customers, but also between customers and AWS. As a result, there’s no mechanism for any AWS system or operator to log in to cloud servers or access any data stored on instance storage, encrypted block storage, or in memory.
The Nitro System—which enables this security—consists of three main parts: the Nitro Cards, the Nitro Security Chip, and the Nitro Hypervisor. The Nitro Cards are dedicated hardware components with compute capabilities that perform I/O functions, such as the Nitro Card for Amazon Virtual Private Cloud (Amazon VPC), the Nitro Card for Amazon Elastic Block Store (Amazon EBS), and the Nitro Card for Amazon EC2 instance storage. Nitro Cards enable AWS to move key virtualization functionality off servers running EC2 instances.
AWS engineered the Nitro System with a hardware-based Nitro Security Chip. The Nitro Security Chip, along with the Nitro cards, delivers a secure cloud platform with a minimized attack surface, due to virtualization and security functions being offloaded to dedicated hardware and software. Overall, the Nitro System is designed so that only authorized updates from AWS are permitted. Additionally, a locked-down security model prohibits all administrative access, including that of AWS employees, reducing the possibility of human error and tampering.
AWS cryptographically checks to ensure that Amazon EC2 instances run authorized software by verifying the digital signature of all boot components, and will halt the boot process if verification fails. This is a simple solution, one that allows AWS to achieve a hardware root of trust and prevent customers from doing something to permanently alter the system.
“The Nitro System was engineered with a hardware-based root of trust using the Nitro Security Chip, allowing us to cryptographically measure and validate the system,” states David Brown, Vice President, Amazon EC2. “This provides a significantly higher level of trust than can be achieved with traditional hardware or virtualization systems.”
Protection from AWS System Software
The AWS Nitro System has a unique design that utilizes low-level, hardware-based memory isolation to eliminate direct access to customer memory, as well as the need for a hypervisor on bare metal instances. This level of security is enabled by the Nitro Hypervisor, a lightweight hypervisor that manages memory and CPU allocation, delivering performance that is indistinguishable from bare metal. AWS’s approach to security here is truly unique. With a typical off-the-shelf hypervisor, an administrator has full access to the system and can modify any component. In contrast, with the Nitro System, the only interface for operators is a restricted API, removing any mechanism for customers or operators to interact with the system in unapproved ways. There is no equivalent of a “root” user, and as a result, the Nitro System provides a level of security that cannot be obtained by simply locking down a traditional hypervisor.
Not only does the isolated environment enhance security, it also allows AWS to update systems in the background, fix system bugs, monitor performance, and even perform upgrades without impacting customer operations or customer data. This means that customers are unaffected when there are system upgrades, and their data remains protected. This isolation also protects the customer applications that were not prepared for an upgrade.
Protection From Customers’ Own Operators and Software
The AWS Nitro System’s baseline security and isolation meet many customer requirements. But while working with customers across various industries who required maximum protection of their most confidential information—even from themselves—AWS realized there was a need to create isolated environments to further protect some data and processes. In response, AWS introduced Nitro Enclaves, which allows customers to create isolated compute environments to further protect and securely process highly sensitive data.
This isolated compute environment is ideal for organizations that need to process personally identifiable information (PII), as well as healthcare, financial, and intellectual property data within their compute instances. Nitro Enclaves provides additional isolation that is hardened and highly constrained, reducing the attack surface for security-critical applications and highly sensitive data.
A Nitro Enclave protects sensitive elements of customer code and data not just from AWS operators, but also from the customer’s own operators and other software—sharing no memory or CPU cores with the customer instance. In addition, a Nitro Enclave has cryptographic attestation capabilities that allow customers to verify that all of the software deployed to that enclave has been validated and not compromised. Customers can even use AWS Nitro Enclaves to perform multi-party computation, gaining insights from the results without having to see the data itself.
Ultimately, security threats are constantly evolving. As a result, AWS will continue to develop new ways of helping customers protect their sensitive data—and the AWS Nitro system, which provides customers with confidential computing by default, is just one of these latest innovations.
This article was produced by WIRED Brand Lab on behalf of Amazon Web Services.
