Data Protection
NIS2
Data security

How Data Centers Can Achieve EU NIS2 Compliance with Confidential Computing

Miruna Stefan
How Data Centers Can Achieve EU NIS2 Compliance with Confidential Computing

Introduction

The EU’s new Network and Information Systems Directive (NIS2), taking effect in October 2024, pushes data center operators to a new standard of cybersecurity. It enforces a complex set of requirements around data security, incident management, and organizational accountability. This is more than just an update; it’s a significant shift in how security is structured, managed, and audited. For data centers, it brings the challenge of adapting quickly and effectively to avoid fines of up to €10 million or 2% of total revenue.

Meeting NIS2 requirements means addressing each stage of data handling—storage, processing, and access. But the layered approach required for compliance can be difficult, especially in multi-cloud environments. Confidential Computing, a state-of-the art technology, that protects sensitive data even during processing, offers a straightforward way to manage these demands without overhauling infrastructure or adding complexity. Let’s look at how Confidential Computing, specifically enclaive’s solutions, supports data centers in meeting the new compliance standards.

A short introduction into Confidential Computing

Confidential Computing represents a breakthrough advancement in data security. It enables environments - whether container, application, or virtual machines - to run in a fully encrypted form. This means that throughout the entire operational cycle, from startup to termination, these environments remain encrypted. Data and program flows are cryptographically isolated from the rest of the system thanks to this runtime encryption. Only the CPU - and no other components or processes - can decrypt this encrypted environment, execute instructions, and then store results in encrypted form again.

While Confidential Computing provides an overview of all-encompassing encryption, the term "3D Encryption" goes a step further. It describes the holistic encryption of data, regardless of what state it is in. enclaive's technology ensures that data in the cloud is encrypted at all times through 3D Encryption:

-          During use ("data in use encryption"): When data is actively being processed.

-          At rest ("data at rest encryption"): When data is kept in storage systems.

-          During transmission ("data in transit"): When data is transferred between systems or across networks.

In summary, 3D Encryption ensures that data is always encrypted, regardless of its state. enclaive's offering can be figuratively viewed as a cryptographic vault where data can not only be securely stored, but also processed.

For a more detailed overview of Confidential Computing, check out our Confidential Computing 101 Guide!

Understanding NIS2’s Core Requirements for Data Centers

The NIS2 Directive sets out specific, often technical, requirements that data centers must integrate into their operations. Here’s a closer look at the main pillars of NIS2 compliance:

  1. Registration and Notification: Operators must formally register with EU authorities in the country where their main establishment is located. This includes notifying authorities about incidents that affect operations or clients.
  2. Risk Management and Security Controls: NIS2 enforces a systematic approach to risk management. This involves creating and documenting plans for handling incidents, securing the supply chain, and ensuring data protection across storage, processing, and access.
  3. Incident Reporting: All incidents that impact services must be reported promptly to competent authorities, and clients may need to be informed as well, depending on the impact.
  4. Cybersecurity Certification: Operators are required to use certified tools and processes as mandated by European cybersecurity schemes. This guarantees that security measures are consistent with EU standards.
  5. Organizational Accountability: The directive requires active involvement of senior management in cybersecurity planning. They are held accountable for ensuring compliance, and must oversee regular training for employees and verify that proper security controls are in place.

Together, these requirements create a comprehensive framework for data security, spreading from technical measures to organizational responsibilities. It’s a major shift, and many data centers are finding that standard security approaches are falling short.

How Confidential Computing Simplifies NIS2 Compliance

enclaive’s Confidential Computing powered solutions are built to protect data across its entire lifecycle, from storage to processing, which helps data centers meet NIS2 standards more easily. Here’s how Confidential Computing supports each key requirement of the NIS2 Directive:

  1. Comprehensive Data Protection: One of the directive’s priorities is full data protection across systems, and with enclaive’s 3D encryption explained above, data is now encrypted at every stage—whether it’s at rest, in transit, or actively processed. Traditional security methods often fail to secure data when it’s in use, leaving vulnerabilities. By encrypting data even during processing, Confidential Computing closes these gaps, helping data centers maintain strict security controls required by NIS2.
  2. Access Control through Zero Trust: NIS2 mandates strict access control, meaning every action and access attempt must be verified. enclaive’s Zero Trust approach verifies every user and device interaction without relying on any presumed trust. Every access attempt, regardless of origin, is verified. This reduces the likelihood of unauthorized access and aligns closely with NIS2’s expectations for strong access policies.
  3. Virtual Hardware Security Module (vHSM) for Secure Key Management: enclaive’s vHSM solution protects cryptographic keys that manage access to encrypted data. This is crucial for secure incident handling and continuity planning. When an incident occurs, enclaive’s vHSM allows for a quick, secure recovery while keeping key data safe and preventing unauthorized access, directly supporting NIS2’s incident response requirements.
  4. Multi-Cloud Flexibility with a Consistent Security Layer: Many data centers operate across multiple cloud providers, which can make uniform security measures challenging. enclaive’s solutions are cloud-agnostic, meaning we deliver the same security standards across different cloud platforms without complex setups or configurations. This flexibility makes it easier to protect data consistently, simplifying compliance in multi-cloud environments.
  5. European Cybersecurity Certification: Compliance with NIS2 requires data centers to use ICT products and services certified under European cybersecurity schemes. enclaive’s solutions are designed to align with these standards, easing the certification process for data centers and giving them confidence that their security practices meet EU expectations.

The Practical Benefits of Confidential Computing for Data Centers

Confidential Computing doesn’t just meet compliance requirements—it brings a set of practical benefits that help data centers manage security more effectively:

  1. Reduced Compliance Complexity: By securing data across its entire lifecycle, enclaive’s platform meets NIS2’s core requirements without extra hardware or restructuring. Data centers can use enclaive’s Confidential Computing to ensure compliance without needing to overhaul existing systems or infrastructure.
  2. Fast Incident Response and Business Continuity: NIS2 places a high priority on having an incident response plan that protects both the data center and its clients. enclaive’s tools for early detection and quick response help data centers manage incidents in real-time, minimizing disruptions and ensuring that operations remain stable.
  3. Lower Compliance Costs: Compliance can be expensive, especially with the need for regular audits and monitoring. enclaive’s automated compliance monitoring reduces the amount of manual work required, lowering the operational cost of staying compliant.
  4. Reputation and Client Trust: Beyond financial penalties, data breaches can harm a company’s reputation. By demonstrating a clear commitment to security with enclaive’s platform, data centers can build stronger relationships with clients and protect their brand reputation.

Conclusion

The EU’s NIS2 directive is a big shift for data centers, setting high standards that require a fresh approach to security. enclaive’s Confidential Computing powered solutions provide the tools needed to meet these standards, protecting sensitive data and simplifying the path to compliance. With solutions that fit into existing multi-cloud environments, enclaive makes it possible to meet NIS2 (and not only those!) requirements without added complexity—keeping data centers secure, efficient, and ready for the future.

About enclaive

enclaive GmbH, an award-winning start-up based in Berlin, Germany, helps businesses protect their sensitive data and applications in untrusted cloud environments through Confidential Computing. Its comprehensive, multi-cloud operating system allows for Zero Trust security by encrypting data in use and shielding applications from both the infrastructure and solution providers.

With enclaive, businesses can confidently build, test, and deploy a wide range of cloud applications, all while maintaining complete control over their confidential information. enclaive’s goal is to provide a universal, cloud-independent technology for enclaving sophisticated multi-cloud applications, that can be deployed with confidence and ease.

Download this ebook

Fill out the form and receive an Email with the ebook

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.