STACKIT Confidential Kubernetes
STACKIT CONFIDENTIAL
Protect container workloads from unauthorized access of 3rd parties, with little effort, in a verifiable manner.
STACKIT Confidential Kubernetes combines the advantages of the popular orchestration tool Kubernetes with the high security standards of confidential computing. The solution is based on the Kubernetes Engine Constellation by Edgeless Systems. It allows users to deploy and operate self-managed Kubernetes clusters with extensive security features without much effort. The highlight: clusters are completely isolated from the underlying cloud infrastructure and third-party access. They are completely encrypted throughout, including the storage at runtime. These properties are verifiable to third parties.
Applications
With STACKIT Confidential Kubernetes, the following use cases can be realized, among others
Meeting regulatory requirement
Remote attestation of encryption and isolation of data allows you to proof that you meet regulatory requirements.
Moving sensitive workloads from on-prem to the cloud
Protecting your data from unauthorized access with STACKIT Confidential Kubernetes allows you to migrate even sensitive workloads to the cloud. The STACKIT Cloud turns into your Private Cloud.
Protecting containerized workload from unauthorized 3rd party access
Completely encrypt and isolate your containerized Kubernetes workloads and control plane, increasing the overall security and preventing unauthorized 3rd party access.
Functions
- All Kubernetes nodes run inside STACKIT Confidential Virtual Machines (CVMs). While runtime encryption encrypts data over the entire runtime, network and storage encryption takes over the encryption of network communication and storage. Thus, workloads and control plane are truly end-to-end encrypted: at rest, in transit, and at runtime.
- The management of cryptographic keys within the CVMs takes place automatically and ensures simple and secure use through transparent key management.
- According to the principle of node attestation and verification, the integrity of each new node in the cluster is checked by means of remote attestation before commissioning. Only “good nodes” receive the cryptographic keys to be allowed to access the network and the storage of the cluster.
- DevOps engineers benefit from whole-cluster-attestation: They can verify the security and integrity of an entire cluster using a single hardware-rooted certificate.
- The security features are complemented by DevOps features, e.g. supporting high availability, day-2-operations (upgrades and recovery), as well as infrastructure-as-code.
Advantages
- You can easily protect containerized workload from unauthorized access and prevent data leaks.
- You can move sensitive containerized workload from on-prem to the Cloud with little effort. You turn the Public Cloud into a Private Cloud.
- You can increase the trustworthiness of your SaaS-offering running on STACKIT.
- You can prove meeting regulatory or compliance requirements in terms of data protection.
Price overview
Are you interested in the product and would like more information about the prices? Please visit our prices page!
Do you still have specific questions about the product or would you like to test it? For further information and advice from our competent team of experts, please do not hesitate to contact us.