SaaS Data Security: How to Ensure Your Data is Safe

Confidential Computing Use Cases with SafeLiShare Dynamic Data Security Platform

In a world where user data privacy is paramount, Confidential Computing has emerged as a powerful tool to better protect user data. Confidential Computing refers to the use of specialized hardware or software used in conjunction with cloud providers that stop third-party access to data and allows users to protect sensitive information while still using the cloud platform. It’s an important technology for organizations that need additional security measures beyond traditional encryption and cryptographic techniques.

Organizations need to process highly sensitive data without risking leakage or manipulation while preserving their intellectual property at all costs. Traditionally, it was difficult to keep such data secure when stored or processed within a cloud environment since the system is prone to be intercepted by potentially malicious actors. With confidential computing, organizations can use special hardware and software solutions designed specifically for enclaving (isolating) this type of workload from the rest of the cloud environment for better safety assurance. In this blog, we want to share some of the customer use cases with you. As the cloud instance and IaaS costs come down, this can be generalized into a common use case soon.

Confidential computing is a security mechanism that executes code in a hardware-based trusted execution environment (TEE), also called a secure enclave. Enclaves provide code integrity, attestation, isolate and protect code and data from the host system and system’s owners.

At SafeLiShare, we simplify, secure and streamline confidential computing usage in leading public cloud IaaS. Here are a few reference designs and case studies on SaaS solutions featuring data sharing and collaboration.

Case Study 1: Electronic Signature (e-Signature) and Document Management SaaS

Electronic signature systems are quite popular. In one embodiment, the service allows an individual user to create a workflow that takes a given document and passes it to multiple other identified users in the system. Users, upon receiving the document, affix their respective signatures to the document. At the completion of the workflow, the initiator and or other parties are notified and a copy of the document with the affixed signatures is provided to them.

There are multiple security, confidentiality, and privacy issues that arise from the above workflow. Some of these concerns are as follows.

Security Concerns: Is the execution of the workflow secure?

For example, has an unknown and unauthorized party been added to the workflow by a malicious entity? Could such a party alter the document? Receive a copy of the document? Sign the document by spoofing another party’s identity?

Confidentiality Concerns: Is the document accessible to an unauthorized party? Are the identities of the various signatories protected? How are the various signatories authenticated? Can the document be altered after all the signatures have been affixed? Privacy Concerns: Is a copy of the document being saved and available to any unauthorized party including the service provider?

Using SafeLiShare’s Dynamic Data Security platform answers most of the above questions. In one embodiment, the workflow is submitted in encrypted form by the initiator. The workflow remains encrypted at all times until it is injected into a secure enclave to begin processing. The enclave decrypts and executes the workflow. All processing of the workflow occurs inside the enclave.

During execution, all communication with the various signatories may use both secure encrypted channels and encrypted communication messages. Client software is used to decrypt the received communications from the workflow executing inside the secure enclave. Thus all content, outside the enclave or outputted by the enclave is always encrypted and can only be decrypted by the client software.

The answers to the above concerns are shown below.

Is the execution of the workflow secure?

Yes, since the workflow executes in a secure enclave and its immutable audit report is available to all parties. No party has access to the decrypted workflow and its contents inside the secure enclave.

Is the document accessible to an unauthorized party?

It is possible that an unauthorized party may gain access to the document but only in encrypted form.

Is the document accessible to the service provider or saved by the service provider?

Since the document remains encrypted outside the secure enclave, the service provider can only save an encrypted copy of the document. The service provider does not have access to the contents of the secure enclave.

Case Study 2: Private Querying

In private querying of databases, the concern is to keep the queries submitted to the database confidential. For example, users may be concerned that their queries concerning medications, treatments and drugs may compromise their private health information. Queries concerning financial information may reveal their financial plans or status, e.g., looking for a home mortgage or a loan.

This use case has been reported in the literature as being particularly suitable for using Homomorphic Encryption(HE). In HE-based systems, the user’s query is encrypted (using HE) and the query is submitted to the database. The contents of the database are also encrypted. The query processor does NOT decrypt the query; rather it is processed in encrypted form against the encrypted database and the results are returned to the user in encrypted form. Client software may then decrypt the received results.

This is an elegant approach but only works if the queries are simple in the sense that they do not require what is known as Full Homomorphic Encryption (FHE). The latter is known to be computationally intensive to the point of being impractical.

In a secure enclave-based system, like SafeLiShare’s Dynamic Data Security platform, the database contents are encrypted using a publicly available algorithm. The user query is also encrypted using a standard encryption algorithm, but not HE. For example, AES GCM (Advanced Encryption System Galois Counter Method) is a well-known encryption algorithm provided by NIST that is used by the SafeLiShare system.

The encrypted query is submitted to a query processor running in the SafeLiShare system which injects the query into a secure enclave wherein it is decrypted and executed against the encrypted database. The outputs are encrypted using a user-provided key that can only be decrypted by the user’s client.

Thus the database contents, the user query, and the output are encrypted, i.e., everything outside the secure enclave is always encrypted. Furthermore, the contents of the secure enclave are not accessible to any party. Therefore, the query and its results are kept private.

Case Study 3: Secure Browsing SaaS

Consider a use case in which access to a cloud account is provided through a proxy that effectuates browsing policies. For example, the proxy may impose restrictions on what data (files) can be copied or browsed. A typical embodiment of this use case implements a two-legged connection: the first leg is a connection from the user to the proxy, and the second leg is the connection from the proxy to an agent of the proxy in the user’s account. In this arrangement, the proxy, for example, may also rotate access keys on both connections.

However, a privacy risk in this implementation is that in principle the proxy has full access to the browsing data of the user which allows the provider to access all the browsing traffic of the user.

To obviate this concern, the proxy can be run inside a secure enclave wherein the data and the policies being enforced inside the secure enclave are not visible to the service provider. The proxy may access the data and enforce the policies whilst the service provider remains oblivious to the contents available to the proxy.

Confidential Computing for SaaS Deployment

Confidential computing is a type of secure computing technology that protects data while in use. This technology is made possible by application-independent trusted execution environments (TEEs). Confidential computing can be used to improve the security of software-as-a-service (SaaS) solutions and why it’s becoming essential for cloud deployments.

Using confidential computing to protect software and data stored in the cloud has been gaining considerable attention. Unlike traditional security approaches, which rely on protecting data at rest or in transit, confidential computing offers protection when running applications and services. A TEE ensures that code and data remain safe from interference and intrusion even when the system is running in an untrusted environment.

The use of TEEs with SaaS applications brings high levels of protection against threats such as malicious insiders, outages due to cyberattacks, and more. The extra layer of security offered by confidential computing also helps address regulatory compliance issues. For example, some companies have reached agreements with regulatory agencies to keep sensitive personal data inside a trusted processing environment if it’s used within an approved service provider’s tools―this way no other user or even the service provider can access it.

Although confidential computing may mean higher upfront costs than traditional non-secure solutions, it can offer longer-term cost savings by preventing costly data breaches or enforcement actions without fear of compromised cloud service providers, admins, or hackers accessing their data. Additionally, companies that deploy confidential solutions enjoy reduced complexity as they don’t need to worry about frequent patching and updating every single component of their applications or infrastructure as they would otherwise.

To conclude, TEEs provide organizations using SaaS with high levels of security while reducing their overall IT burden. By deploying confidential computing to safeguard customer information and transactions hosted within a cloud platform, organizations gain complete control over who accesses what parts of the application―ensuring those interactions remain private between only authorized parties.

SafeLiShare provides runtime secure enclave provisioning that is designed for modern SaaS providers to securely encrypt and protect their customer assets — applications, code, and data. SasS providers can utilize SafeLiShare’s Safelet and SafeStream to turn public cloud workflows into private cloud workflows with encryption in use and offer a premium tier of service with high confidentiality in major cloud environments with TEE support.

For SaaS providers interested in seeing how the integration works and a demo of SafeLiShare’s confidential computing solution, contact us at https://www.safelishare.com/contact.