If your application handles sensitive information (such as cryptographic keys) as plain text in memory, there's a high probability that someone could potentially exploit it as an attack vector and compromise the information. Most of the cloud-based solutions often use hardware security modules (HSM) to avoid such attacks. However, if you're in a situation where you need to do this in a self-hosted manner without access to HSMs, then we've found MemGuard to be quite useful. MemGuard acts as a secured software enclave for storage of sensitive information in memory. Although MemGuard is not a replacement for HSMs, it does deploy a number of security tactics such as protection against cold boot attacks, avoiding interference with garbage collection and fortifying with guard pages to reduce the likelihood of sensitive data being exposed.
