OC3 registrations are now open! Join the premier event for confidential computing online or in Berlin on March 27.
Blog
From small businesses to large enterprises, the public cloud has become an important driver for innovation and cost savings. But the rapid implementation of cloud-based services comes with compliance and security challenges, especially for those industries working with sensitive data.
At Edgeless Systems, we believe that data security is imperative. Our mission is to build easy-to-use, open-source tools that empower you to protect your most valuable data in a cloud-first world.
Today, we are excited to announce the latest addition to our product portfolio: EdgelessDB, the first true confidential database.
EdgelessDB is a full SQL database that runs entirely inside runtime-encrypted Intel SGX enclaves. In contrast to conventional databases, EdgelessDB ensures that all data is always encrypted --- in memory at runtime as well as on disk. It is protected even in the presence of rootkits or rogue cloud administrators. This makes EdgelessDB the most secure and most versatile option available for both storing and processing data.
Most secure database solutions today only encrypt data for storage, and at most use a hardware security module (HSM) to store the corresponding cryptographic keys. Such approaches can only protect data at rest. Once the data is decrypted for processing, the confidentiality of sensitive data is no longer guaranteed.
EdgelessDB is the logical next step in hardware-rooted security: the fusion of relational databases and HSMs to protect your keys and your data both at rest and at runtime.
EdgelessDB is tailor-made for confidential computing. It is based on the battle-proven MariaDB SQL database and the RocksDB storage engine. The file encryption of EdgelessDB is designed and built for the enclave. It provides confidentiality, integrity, freshness, auditability, and recoverability for data. All while delivering great performance and providing virtually unlimited storage capacity.
Another key feature of EdgelessDB is the concept of a manifest. The manifest is defined in JSON and is similar to a smart contract. It defines the initial state of the database, including access control, in an attestable way. It is a key ingredient for a confidential database.
We cannot wait to see the possibilities this technology will open up for your organization. If you would like to learn more about EdgelessDB, check out the documentation.