Security model

Enclave is designed with a robust security model that ensures the integrity, confidentiality, and availability of your data. The security model is built around several key principles:

Zero Trust Architecture

Enclave operates on a Zero Trust security model, meaning that no device or user is trusted by default, regardless of their location within the network. All access requests are authenticated and authorized based on strict policies, ensuring that only legitimate users and devices can access resources.

The EMC is central to this model, managing authentication and authorization for all agents and users. It issues short-lived credentials for user agents and fixed (optionally auto-rolling) credentials for node agents, ensuring that access is continuously verified.

Once authenticated, agents are then issued short-lived certificates that are used to establish secure connections within the Enclave network. This ensures that all communication is encrypted and authenticated, preventing unauthorized access and data breaches.

Microsegmentation

All network traffic within the Enclave overlay network is encrypted and authenticated, ensuring that data remains secure as it traverses the network. Microsegmentation allows for granular control over network traffic, enabling you to define and enforce policies that restrict communication between different segments of your network. We refer to these segments as enclaves, which can be configured to isolate different parts of your infrastructure based on security requirements.