A key use case for confidential cloud computing is protecting sensitive cloud workloads while they are being processed. Hyperscalers have recognized this need: for instance, Amazon Web Services offers two different methods to encrypt data-in-use.
- AWS Nitro Enclaves are isolated environments (“enclaves”) within an EC2 instance. They are hardware-enforced, communicate only via a local vsock, and are therefore particularly well suited for cryptographic operations, secure storage of secrets, or processing sensitive data.
- An interesting alternative are AWS EC2 instances with AMD SEV-SNP and enclaive’s Buckypaper VMs. In this approach, fully isolated workloads run within standard Linux environments, creating a developer-friendly toolchain that ensures a high level of confidentiality and can be used across multiple cloud providers.
But what distinguishes these two models in practice – and which approach excels in which scenario? Our CTO, Prof. Dr. Sebastian Gajek, provides the answers in a technical deep dive: “Confidential Cloud Computing with AWS Nitro vs. enclaive's Buckypaper EC2 on AMD SEV-SNP.”
The whitepaper includes a detailed comparison of security features, performance, developer experience, networking capabilities, and attestation procedures—making it the perfect guide to support your project decisions.
Download this ebook
Fill out the form and receive an Email with the ebook
![3D Encryption Whitepaper [EN]](https://cdn.prod.website-files.com/65783a4d0a31d79407de2e1c/669f7d7d491bf7074f7ea0e4_3D%20encryption.png)
