The benefits of containers and Kubernetes over traditional on-premises architectures are well-documented and understood. But when considering moving to the cloud, organizations want controls to limit risk and potential exposure of their data.

In July, we announced the availability of the Confidential Computing product family, whose breakthrough technology encrypts data in-use—while it is being processed—without any code changes to the application. We also introduced Confidential VMs as the first member of that product family, which perform at levels comparable to VMs

A few weeks back we announced the upcoming launch of Confidential Google Kubernetes Engine (GKE) Nodes in preview. Today, as we kick off cybersecurity month, we are rolling out the preview for Confidential GKE Nodes. With Confidential GKE Nodes you can achieve encryption in-use for data processed inside your GKE cluster, without significant performance degradation.

Built on Confidential VMs, which utilize the AMD Secure Encrypted Virtualization (SEV) feature, Confidential GKE Nodes encrypt the memory of your nodes and the workloads that run on top of them with a dedicated per-Node instance key that is generated and managed by the AMD Secure Processors, which is embedded in the AMD EPYC™ processor. These keys are generated by the AMD Secure Processor during node creation and reside solely within it, making them unavailable to Google or any VMs running on the host. This, combined with other existing solutions for encryption at rest and in-transit, and workload isolation models such as GKE Sandbox, provides an even deeper and multi-layer defense-in-depth protection against data exfiltration attacks. Confidential GKE Nodes also leverage Shielded GKE nodes to offer protection against rootkit and bootkits, helping to ensure the integrity of the operating system you run on your Confidential GKE Nodes.

#containers & kubernetes #gke #google cloud platform #identity & security