Civo creates ultra-high performance Kubernetes on Intel SGX
Civo is a cloud-native service provider powered only by Kubernetes, a state of being that enables the company (by its own classification) to call itself a pure-play cloud player.
The company, in collaboration with Intel Corporation, has now unveiled the alpha version of a Kubernetes system operating in a secure enclave – a development that is said to be a world first.
This news all forms part of Civo’s Confidential Computing offering of a hardware-based security solution designed to help protect data in use via application-isolation technology.
Using 4th generation Intel Xeon Scalable Processors, previously codenamed Sapphire Rapids and Intel Software Guard Extensions (Intel SGX), Civo deployed a Kubernetes API within the secure enclave.
The Kubernetes API ran in a highly-secure encrypted environment.
Verification at start-up
Once in the enclave, hardware-enforced access controls meant that the Kubernetes API process was verified at start-up and remained unmodified and validated during runtime. In addition to this, the data in the enclave was encrypted and unable to be accessed by anyone, running separately from the operating system and virtual machine management layer.
Intel SGX is widely lauded as a vital component of data protection and for its ability to provide confidential computing.
Civo will make the solution available on both its public cloud and edge computing services, with users able to purchase whole racks of servers secured by Intel SGX and deploy them into their own environment.
Ultra-high performance Kubernetes
The 4th Gen Intel Xeon Scalable Processors contain purpose-built workload accelerators that enable greater speed and power efficiency, allowing more resources to be used by end users. Intel SGX offers users granular control and protection of their data security, using hardware-based memory encryption to isolate specific application code and data in memory.
“The ethos around Civo Navigate was to innovate and educate, and part of that involves exploring new ways of doing things. We’re always looking to push the boundaries with concepts not available from other cloud providers, and an area we’re seeing increased demand is for improved Kubernetes security,” said Mark Boost, Civo CEO.
Finding new ways to make Kubernetes more secure has been a growing need for companies. Civo’s research recently found that 53% of companies are concerned about the security of Kubernetes.
“At Intel we are committed to delivering world-changing technology that revolutionises the way we live and work,” said Paul O’Neill, senior director, strategic business development in Intel’s Confidential Computing group.
O’Neill says that Intel Xeon Scalable processors are designed to accelerate performance securely and efficiently across today’s fastest-growing workloads. He talks of ‘ultra-high performance Kubernetes’ using Intel SGX to help ensure sensitive data and intellectual property is protected.
Civo CEO Boost rounds out by saying that Civo is committed to delivering a high-security experience with Kubernetes. The company wants users to have total confidence that only their authorised users (and no one else) will have full and unencrypted visibility of their data.
This promise opens the door to a host of potential use cases across many industries, from accelerating R&D in fields like healthcare and finance that require controlled and privileged access to highly sensitive data, to supporting global firms and governments in protecting confidential or classified data.