Can I secure containers in the cloud or across different clouds?

Can I secure containers in the cloud or across different clouds?

An innovative approach proving effective is to run the cloud containers in a trusted execution environment (TEE), also known as a secure enclave. This technology removes the risk associated with trusting the infrastructure or a user. Even if the infrastructure is compromised or the root user is hacked, the application remains secure and encrypted, unusable by attackers.

A modern technology called confidential computing is proving to be a successful approach to addressing these challenges. When combined with secure enclaves, confidential computing platforms enable data in containers to be securely executed inside the enclave without the cost and complexity of using a secure enclave alone.

The confidential computing approach involves decrypting and analyzing data only when it is within a secure enclave protected by certain hardware technologies. Confidential computing enables software to run safely in a secure enclave, creates keys to decrypt data, runs the analysis, and encrypts the result. Other than cloud computing, there are no solutions that let organizations securely run containers in the cloud while adhering to regulations and privacy.

Confidential computing can help organizations meet compliance requirements for GDPR, CCPA (the California Consumer Privacy Act), and other similar regulations. It also provides fine-grained access controls for the datasets in use in containers. With this novel approach, the aggregate data is never exposed outside the secure enclave. Private analytics with confidential computing is easy to use and efficient. It offers a scalable system critical for deploying containers.

Organizations can monitor the lifecycle of secure enclaves that run the container applications with confidential computing, which provides unique features such as remote attestation, geolocation enforcement, DRM, secret injections, and more. In addition, the platform seamlessly integrates with existing container orchestration technologies, including Kubernetes, Docker Swarm, and OpenShift.