CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Azure Kubernetes Service Now Supports Confidential Containers

Microsoft this week announced the public preview of support for confidential computing nodes in Azure Kubernetes Service (AKS).

Microsoft this week announced the public preview of support for confidential computing nodes in Azure Kubernetes Service (AKS).

One of the big tech companies to have affirmed commitment to computing confidentiality, Microsoft made Azure Confidential Computing generally available earlier this year, and also expanded the availability of secure VMs.

The availability of confidential containers on AKS is yet another step Microsoft is taking toward moving computing from ‘in the clear’ to ‘confidential’.

“The public preview of confidential computing nodes powered by the Intel SGX DCsv2 SKU with Azure Kubernetes Service brings us one step closer by securing data of cloud native and container workloads. This release extends the data integrity, data confidentiality and code integrity protection of hardware-based isolated Trusted Execution Environments (TEE) to container applications,” the company says.

Confidential computing on Azure ensures that data is encrypted while in use, courtesy of a hardware-based TEE. Thus, software can run on top of the protected environment to keep code and data hidden from view or modifications.

Microsoft also notes that developers have multiple application architecture options to choose from, depending whether their preferred model offers a faster path to confidentiality or increased control.

“The confidential nodes on AKS support both architecture models and will orchestrate confidential application and standard container applications within the same AKS deployment. Also, developers can continue to leverage existing tooling and dev ops practices when designing highly secure end-to-end applications,” the tech company explains.

So far during the preview period, most developers adopted confidential computing by selecting an existing unmodified docker container application and a partner to move an existing application into a container that leverages confidential computing infrastructure.

Advertisement. Scroll to continue reading.

According to Microsoft, the reason many took this path was either because it provided them with faster access to confidentiality or because it ensures container IP is protected through encryption and identity verification is available in the enclave and clients can verify server thumbprint.

Other developers chose to have full control of the code in the enclave through containers that leverage Open Enclave SDK, Intel SGX SDK or a framework such as the Confidential Consortium Framework (CCF). Furthermore, Confidential Inferencing with ONNX is available for AI/ML developers, who can bring pre-trained ML models to AKS, Microsoft says.

“Confidential computing, through its isolated execution environment, has broad potential across use cases and industries; and with the added improvements to the overall security posture of containers with its integration to AKS, we are excited and eager to learn more about what business problems you can solve,” the company concludes.

Related: Google Announces Confidential GKE Nodes, General Availability of Confidential VMs

Related: Microsoft Announces New Security Features for Devs, Customers

Related: Microsoft, Google Announce Wider Availability of Secure VMs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.