First, Confidential GKE Nodes, the second product in our confidential computing portfolio, will soon be available in beta, starting with the GKE 1.18 release. This gives organizations additional options for confidential workloads when they want to utilize Kubernetes clusters with Google Kubernetes Engine (GKE).
The benefits of containers and Kubernetes over traditional on-premises architectures are well-documented and understood. But when considering moving to the cloud, organizations want controls to limit risk and potential exposure of their data.
In July, we announced the availability of the Confidential Computing product family, whose breakthrough technology encrypts data in-use—while it is being processed—without any code changes to the application. We also introduced Confidential VMs as the first member of that product family, which perform at levels comparable to VMs
A few weeks back we announced the upcoming launch of Confidential Google Kubernetes Engine (GKE) Nodes in preview. Today, as we kick off cybersecurity month, we are rolling out the preview for Confidential GKE Nodes. With Confidential GKE Nodes you can achieve encryption in-use for data processed inside your GKE cluster, without significant performance degradation.
Built on Confidential VMs, which utilize the AMD Secure Encrypted Virtualization (SEV) feature, Confidential GKE Nodes encrypt the memory of your nodes and the workloads that run on top of them with a dedicated per-Node instance key that is generated and managed by the AMD Secure Processors, which is embedded in the AMD EPYC™ processor. These keys are generated by the AMD Secure Processor during node creation and reside solely within it, making them unavailable to Google or any VMs running on the host. This, combined with other existing solutions for encryption at rest and in-transit, and workload isolation models such as GKE Sandbox, provides an even deeper and multi-layer defense-in-depth protection against data exfiltration attacks. Confidential GKE Nodes also leverage Shielded GKE nodes to offer protection against rootkit and bootkits, helping to ensure the integrity of the operating system you run on your Confidential GKE Nodes.
Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.
If you looking to learn about Google Cloud in depth or in general with or without any prior knowledge in cloud computing, then you should definitely check this quest out.
Google Cloud Security Showcase is a video resource focused on solving security use cases and helping you create a safer cloud deployment.
Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.
Focusing on Kubernetes security, we have to go through container security and their runtimes. All in all, clusters without containers running does not make much sense. Hardening workloads often is much harder than hardening the cluster itself. Let’s start with container configuration.