Civo, the world’s first pure play cloud-native service provider powered only by Kubernetes, in collaboration with Intel Corporation, has unveiled the Alpha version of the world's first Kubernetes system operating in a secure enclave, as part of Civo’s Confidential Computing offering of a hardware-based security solution designed to help protect data in use via unique application-isolation technology. The demonstration took place at Civo Navigate, Civo’s first US tech conference in Tampa, Florida.
Using 4th Gen Intel Xeon Scalable Processors, previously codenamed Sapphire Rapids, and Intel Software Guard Extensions (Intel SGX), Civo deployed a Kubernetes API within the secure enclave. Enabled by Intel SGX, the Kubernetes API ran in a highly-secure encrypted environment. Once in the enclave, hardware-enforced access controls meant that the Kubernetes API process was verified at start up and remained unmodified and validated during runtime. In addition to this, the data in the enclave was encrypted and unable to be accessed by anyone else, running separately from the operating system and virtual machine management layer. Intel SGX is a vital component of data protection and providing confidential computing.
Civo will make the solution available on both their public cloud and edge computing services, with users able to purchase whole racks of servers secured by Intel SGX and deploy them into their own environment.
The 4th Gen Intel Xeon Scalable Processors contain purpose-built workload accelerators that enable greater speed and power efficiency, allowing more resources to be used by end users. Intel SGX offers users granular control and protection of their data security, using hardware-based memory encryption to isolate specific application code and data in memory.
Finding new ways to make Kubernetes more secure has been a growing need for companies. Civo’s research recently found that 53% of companies are concerned about the security of Kubernetes.
Mark Boost, Civo CEO, said: “The ethos around Civo Navigate was to innovate and educate, and part of that involves exploring new ways of doing things. We’re always looking to push the boundaries with concepts not available from other cloud providers, and an area we’re seeing increased demand is for improved Kubernetes security”.
“Intel has been a great collaborator for this project, with James Rea, Chris Felton and their team helping to align Intel SGX with our product line. Both Intel SGX and the 4th Gen Intel Xeon Scalable Processors are incredible pieces of hardware. Without them, we would not have been able to realize this new way of improving Kubernetes security”.
“Civo is committed to delivering a high-security experience with Kubernetes. We want our customers to have total confidence that only their authorized users, and no one else, will have full and unencrypted visibility of their data. This promise opens the door to a host of potential use cases across many industries, from accelerating R&D in fields like healthcare and finance that require controlled and privileged access to highly sensitive data, to supporting global firms and governments in protecting confidential or classified data.”
Paul O’Neill, Senior Director, Strategic Business Development in Intel's Confidential Computing group said: “At Intel we are committed to delivering world-changing technology that revolutionizes the way we live and work. Intel Xeon Scalable processors are designed from the ground up to accelerate performance securely and efficiently across today’s fastest growing workloads. The Confidential Computing demonstration at Civo Navigate was an important showcase for users of what is possible with Confidential Computing, delivering ultra-high performance Kubernetes using Intel SGX to help ensure sensitive data and intellectual property is protected.”