Securitee

A cybersecurity dilemma continues to pose a major problem for users and providers alike: data is only efficiently protected when it is at rest, in storage or in transit - but not while in use. The innovative solution brought to the market by Berlin start-up SECURITEE changes this outlook: with the help of patented technology, the company creates so-called Trusted Execution Environments (TEE) based on Intel Software Guard Extensions (SGX), which reliably protect all sensitive data against attacks - even when the data is in active use. By isolating computations in a hardware-based TEE, SECURITEE solves a key problem that users have faced for a long time using "Confidential Computing" - both in the cloud and on-premise. SECURITEE's solution is available to users as a Platform-as-a-Service (PaaS) model. 

As a leading European cloud provider, OVHcloud provides the necessary secure cloud infrastructure. In addition to the high data protection and security standards, the key factor in choosing OVH as the infrastructure provider was the large cloud capacities that are quickly available and enable easy scaling. The infrastructure of OVHcloud forms the foundation on which SECURITEE can build its own seamless infrastructure. Bare metal servers that support Intel SGX enclaves form the core of this combined service offering.

The search for a suitable infrastructure

SECURITEE's patented new solution marks a breakthrough: it enables sensitive data to be protected as effectively during runtime as was only previously possible in idle and transit states. Encryption during use increases security and allows important data protection functions, giving developers and users a decisively higher level of protection. The TEEs are impenetrable, protecting all proprietary information from an attack in the cloud just as securely as from an attack on any on-premise resources. The infrastructure provider also has no access to the enclaves.

A ground-breaking solution like this needs a to be built on a strong foundational layer, i.e.: a powerful infrastructure that allows the SECURITEE offering to be provided quickly, efficiently and on demand. The cloud instances previously used by SECURITEE in combination with databases and services did not sufficiently meet these requirements. There was a lack of flexibility and significant concerns raised by SECURITEE and potential customers with regards to the integrity of non-European third-party providers in terms of data security and data protection standards. The decisive factor, however, was the fact that complex modifications had to be made to the previously used solution in order to be able to provide the services on Kubernetes clusters.

The alternative had to guarantee - in addition to comprehensive security and absolute GDPR compliance - simple scalability above all else and allow the construction of a unique infrastructure within the infrastructure of the cloud provider. In the final analysis, this was and is about much more than "just" individual technical parameters: What is really crucial is to be able to offer customers and users an product that is trustworthy in every respect, that complies with the principles of the GAIA-X initiative and allows data sovereignty at every level of infrastructure. 

“Above all, we were looking for ways to be able to operate as flexibly as possible. In addition, both we and our users place much higher trust in cloud providers that are based in the European area and operate according to European values - the high standards according to the GDPR, which stand for security and solidity. This is guaranteed with OVHcloud."

Christian G. Junger, CEO of  SECURITEE

 

Maximum flexibility - with bare metal servers and services from OVHcloud

After extensive research and analysis, SECURITEE decided to partner with OVHcloud to set up the joint Confidential Computing offering. The SECURITEE PaaS product model is hosted in the open, reversible, scalable and reliable cloud infrastructure of OVHcloud. So, for the first time, a scalable cybersecurity product is available that combines cloud resources with confidential computing and thereby has made one of the most secure opportunities in the cloud computing a reality.

SECURITEE requires consistent server capacities to support the Intel SGX enclaves. The dedicated servers of OVHcloud offer the best conditions for processing single-core applications. The Intel Xeon E-2288G processors used in these servers have a particularly high base frequency and enable the use of Intel SGX.

In addition, SECURITEE also uses the OVHcloud Managed Kubernetes service for bare-metal servers. As an open source system for automating, deploying, scaling and managing containerized applications, Kubernetes forms the basis for the SECURITEE product. With the help of the load balancers from OVHcloud and additional integrated hard disks, the start-up can scale flexibly, always update its offering with little effort and concentrate on its core business accordingly.

Another building block which allows for maximum functionality and the broad provision of the SECURITEE product is the OVHcloud Public Cloud Block Storage. This allows SECURITEE to increase the available storage capacity during operation on demand and as required. The integrated replication function ensures added security.

“We can only really make our products available with their full performance potential if the servers used comprehensively support the enclaves. This is the case with OVHcloud - and we can simultaneously  expand the company's ecosystem and open up new sales channels with OVHcloud.”

Christian G. Junger, CEO of  SECURITEE

Shared vision and broad support expand growth potential

As a result, the choice of SECURITEE to partner with OVHcloud has proven to be beneficial in several respects: After the seamless implementation of its own infrastructure in that of OVHcloud, the startup can expand its market with its unique product. The participation in the OVHcloud start-up program also contributes to this, as does the support at a business level, so that the growth potential of the innovative solution can be realized fully.

Direct access to the SGX hardware in the bare metal cloud and the scalable, easily accessible services which are available in the public cloud of OVHcloud enable SECURITEE to scale its own infrastructure as precisely and transparently as demanded from both a security and a user perspective.

Both companies also share a common vision of a sovereign data infrastructure and a secure digital ecosystem in Europe. SECURITEE's customers can host their data on OVHcloud servers while the information is processed in end-to-end secure environments. Effective encryption of data even as it is processed is at the core of SECURITEE's unique product, while OVHcloud provides the framework for delivering the solution directly to potential users. So OVHcloud provides the overarching framework to enable users have to create and manage secure environments - and even set up new enclaves as needed - using the SECURITEE Enclave Manager.

OVHcloud's German data centre in Limburg an der Lahn, close to the German internet hub DE-CIX, where the solution is hosted, is fully owned by the cloud provider and part of a secured network to provide additional high resilience and service continuity. At the hardware level, OVHcloud has more than twenty years of experience, which allows it to offer servers with the latest generation components. The company uses state-of-the-art components to manufacture its own servers - including in Croix, France - which are used exclusively in its own data centres. The dedicated servers used by SECURITEE are configured, assembled and maintained by trained employees. Users additionally benefit from innovative data centre solutions such as server water cooling for better energy efficiency or the specially developed protection measures against DDoS attacks.

"Our collaboration with OVHcloud has been smooth and efficient. Our joint product offering is arguably the most secure and readily available cloud computing solution - a real first in the European market."

 

Tristan Jose, COO of SECURITEE