Illuminate (formerly known as jPDM) is an Application Performance Management (APM) solution which is delivered to clients via Software as a Service (SaaS). jClarity (JC) would like to strengthen the security of Illuminate (hosted on public cloud providers) by adding secure components, based on SERECA Cloud Platform.  This would enable JC to store, retrieve and process sensitive data used in the illuminate service. 

This will give jClarity’s data sensitive customers added confidence to move from their on-premise installations of illuminate onto jClarity’s publicly hosted service. The business benefit is drastically reduced infrastructure and support costs for both JC and its customers.

Specifically, JC wishes to protect it’s application data and processing from malicious users that have root access to their cloud provider. These users could come in the form of rogue staff members at the cloud provider who have administrative access, as well as external attackers who have access to the underlying operating system due to a 0-day or other exploit such as Shellshock (https://en.wikipedia.org/wiki/Shellshock_(software_bug))

In the current incarnation illuminate, JC relies on Private/Public key encryption to secure sensitive data flows and processing. The keys and the exchange of those keys are currently vulnerable to attackers who have access to memory on the cloud provider. The SERECA Cloud Platform will provide a secure enclave where key storage and exchange can occur in an encrypted memory space that an attacker cannot read.

This would add another strong layer to jClarity’s many other layers of security which include anonymising data, SSL’d secured Websocket connections, optional VPNs and other common security practices for SaaS applications. With this added layer JC can implement the same level (or better!) of security that a customer could provide in house, from the CPU right through to an end user.

A secondary goal is to allow the Illuminate service to be hosted on multiple cloud providers in a secure manner, that is JC would like to see SERECA Cloud Platform become broadly available across popular cloud providers in order to continue its independence from a single provider.

 Illuminate SeReCa Architecture Aug 2016

Action acronym: SERECA
Action full title: "Secure Enclaves for REactive Cloud Applications"
Objective: ICT-07-2014: Advanced Cloud Infrastructures and Services
Grant agreement no: 645011