Intel® Software Guard Extensions (SGX) for Confidential Computing
Strengthen your application security and data protection with a solution that gives you full control
Secure data while it is in use
Strengthen your Defence in-depth (DiD) strategy
Intel® Software Guard Extensions (SGX) is a powerful hardware security solution that enables users to isolate applications in encrypted memory enclaves. Intel® SGX is built into the processor, so applications are protected against malware and unauthorised users—even if the operating system or hypervisor layers are compromised. The result is superior data protection, which is perfect for companies that process sensitive information—particularly in the healthcare and financial service sectors.
Businesses can no longer rely on perimeter defences alone to keep their applications secure. This is why it is essential to adopt security solutions that protect the memory—where the applications are stored. Intel® SGX is the ultimate solution, as it partitions data and application code in encrypted, reliable enclaves. By using OVHcloud dedicated servers equipped with Intel® SGX, you get a protected memory size of up to 512 GB.
What is Intel® Software Guard Extensions (SGX)?
Vimeo conditions the playback of its videos on the deposit of tracers in order to offer you targeted advertising based on your browsing.
In order to watch the video, you need to accept the Sharing cookies on third-party platforms privacy category in our Privacy Center. You have the option of withdrawing your consent at any time.
For more information,visit the Vimeo cookies policy and the OVHcloud cookies policy .
Intel® SGX is available with 3rd generation Intel® Xeon E and Intel® Xeon Scalable processors. It is also included with our ADV-1, ADV-2 and ADV-6 dedicated servers.
Secure your data while it is in use
As software layer security gets improved, hackers are quick to jump into the stack in search of new vulnerabilities. Companies should start by securing the very first layer: the silicon.
Reliable enclaves provided by Intel® SGX are perfect for storing critical data, such as passwords, customer information, medical records, financial data, and encryption keys.
Intel® SGX protects against:
- Malicious insiders with administrative privileges
- Hackers who exploit hypervisor or OS bugs
- Third parties who access certain data without the consent of its owner
Your questions answered
What are Software Guard Extensions used for?
SGX (Software Guard Extensions) is used in several application solutions to improve data and operational security. Secure enclaves, created by this technology, are like protected islands of memory that shield code and data from malware.
Key uses of SGX include protecting personal data, trade secrets, and intellectual property—and fortifying the security of online financial transactions and cloud-based solutions. Service providers leverage this technology to ensure user data confidentiality. SGX also enhances security for blockchain smart contracts and transactions, and protects data and communications in IoT devices.
When should I enable or disable Intel Software Guard Extensions?
You should enable SGX to protect the privacy and security of the data processed by your solutions, especially in sensitive sectors like financial services, healthcare, cloud computing, or blockchain services. SGX is particularly valuable for shielding sensitive data from both internal and external threats.
You can disable SGX when you’re not using SGX-dependent services, if there are software compatibility issues, or if your system performance is heavily impacted. You can also disable it when patches and updates need to be applied.
Can Intel SGX affect the performance of my service?
Using SGX might impact your service’s performance. To what extent depends on your application and its environment. SGX enclaves, which are secure environments for executing sensitive code and data, cause performance overload from switching between unsecured code and enclaves. This fluctuates according to how often switches occur, and how complex the enclave’s operations are. SGX’s security mechanisms, including encryption, can cause latency, particularly when processing large datasets.
Overall performance in SGX enclaves can suffer when limited memory forces data transfer between secure and non-secure memory. Memory management and paging interruptions can also cause additional delays. Adapting and optimising code is often necessary to fully leverage SGX enclaves. Poor code optimisation can severely impact performance.
Some workloads, especially those demanding high processing power or involving frequent access to insecure data, will be slowed more noticeably than others. The processor generation and hardware configuration also affect how well SGX performs. The latest processors are optimised and improved compared to older models.
To accurately measure SGX’s effect on your service, compare its performance with and without SGX under realistic loads. Use profiling tools to pinpoint SGX-related bottlenecks and/or overloads, and optimise your code to minimise enclave/non-enclave switches.
Although SGX provides significant security benefits, it may impact performance. Proper analysis and optimisation are key to lessening these impacts and keeping your service running smoothly.