Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Azure Kubernetes Service Now Supports Confidential Containers

Microsoft this week announced the public preview of support for confidential computing nodes in Azure Kubernetes Service (AKS).

Microsoft this week announced the public preview of support for confidential computing nodes in Azure Kubernetes Service (AKS).

One of the big tech companies to have affirmed commitment to computing confidentiality, Microsoft made Azure Confidential Computing generally available earlier this year, and also expanded the availability of secure VMs.

The availability of confidential containers on AKS is yet another step Microsoft is taking toward moving computing from ‘in the clear’ to ‘confidential’.

“The public preview of confidential computing nodes powered by the Intel SGX DCsv2 SKU with Azure Kubernetes Service brings us one step closer by securing data of cloud native and container workloads. This release extends the data integrity, data confidentiality and code integrity protection of hardware-based isolated Trusted Execution Environments (TEE) to container applications,” the company says.

Confidential computing on Azure ensures that data is encrypted while in use, courtesy of a hardware-based TEE. Thus, software can run on top of the protected environment to keep code and data hidden from view or modifications.

Microsoft also notes that developers have multiple application architecture options to choose from, depending whether their preferred model offers a faster path to confidentiality or increased control.

“The confidential nodes on AKS support both architecture models and will orchestrate confidential application and standard container applications within the same AKS deployment. Also, developers can continue to leverage existing tooling and dev ops practices when designing highly secure end-to-end applications,” the tech company explains.

Advertisement. Scroll to continue reading.

So far during the preview period, most developers adopted confidential computing by selecting an existing unmodified docker container application and a partner to move an existing application into a container that leverages confidential computing infrastructure.

According to Microsoft, the reason many took this path was either because it provided them with faster access to confidentiality or because it ensures container IP is protected through encryption and identity verification is available in the enclave and clients can verify server thumbprint.

Other developers chose to have full control of the code in the enclave through containers that leverage Open Enclave SDK, Intel SGX SDK or a framework such as the Confidential Consortium Framework (CCF). Furthermore, Confidential Inferencing with ONNX is available for AI/ML developers, who can bring pre-trained ML models to AKS, Microsoft says.

“Confidential computing, through its isolated execution environment, has broad potential across use cases and industries; and with the added improvements to the overall security posture of containers with its integration to AKS, we are excited and eager to learn more about what business problems you can solve,” the company concludes.

Related: Google Announces Confidential GKE Nodes, General Availability of Confidential VMs

Related: Microsoft Announces New Security Features for Devs, Customers

Related: Microsoft, Google Announce Wider Availability of Secure VMs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...