As shown in FIG. 7, the network server 700 may include a processing device 710 that may execute an operating system 720. Furthermore, the processing device 710 may include one or more internal cryptographic keys 711 that may be used to encrypt and decrypt data stored in a portion of a memory that is assigned to a secure enclave of the key management system 730. The access to the data of the key management system 730 in the secure enclave (e.g., data stored at a storage resource) may be protected from the one or more applications 740A to 740Z and the operating system 720. For example, the access to the data of the secure enclave corresponding to the key management system 730 may be protected by the use of one of the internal cryptographic keys 711 that are internal to the processing device 710 so that the access to the data is based on a hardware access as opposed to a software access. The operating system 720 may be associated with a first privilege level and the key management system 730 and the applications 740A to 740Z may be associated with a second privilege level where the first privilege level of the operating system is more privileged than the second privilege level of the various applications that are run on the operating system 720 (e.g., the more privileged level allows access to more resources of the network server than the less privileged level). Thus, the operating system 720 may be allowed access to resources of the applications 740A to 740Z. However, since the key management system 730 is assigned to a secure enclave where access to the data of the secure enclave is based on the use of an internal cryptographic key 711 of the processing device 711, the operating system 720 may not be able to access the data of the key management system 730 despite having a more privileged level of access than the key management system 730. The master key that is used to decrypt data at the storage resource may be an internal cryptographic key 711.