Why use the SGX feature?
Data security is an increasingly significant subject for businesses hosting applications in the cloud. Only the data stored and in-transit data get encryption mechanisms. DATA at Rest Encryption is used for storing resting data, and TLS protocol for encrypting network communications. However, there is still another important part that needs to be secured: access control for data that is being processed.
Securing data that is in use
Intel Software Guard Extensions is a set of instructions that optimize security for code and data. SGX is available for servers in the Infrastructure range, including the Intel Xeon E processor.
Enabling this feature will give you a secure runtime environment by isolating part of your server’s physical memory, called a security enclave. This way, you will protect access to data that is being processed, or code that is being run.
Your applications can use these enclaves to protect critical data, such as passwords, encryption keys, and sensitive data for your users. Even if your operating system or hypervisor is compromised, your data will still be protected.