Highlights:

  • Constellation, according to cloud privacy startup Edgeless Systems GmbH, is the industry’s first “Confidential Kubernetes” distribution.
  • Edgeless Systems believes that there is a “massive requirement” for confidential computing in today’s organizations, whose cloud infrastructures increasingly span several distinct environments.

Edgeless Systems GmbH, a cloud privacy startup, announced the open-source release of Constellation. It claims it to be the industry’s first “Confidential Kubernetes” distribution.

Constellation is built on the concept of confidential computing and enables businesses to keep their Kubernetes clusters verifiably insulated from the cloud infrastructure they operate on by employing end-to-end encryption.

A relatively new project in the field of technology, confidential computing includes keeping data encrypted as it is being processed. It is sometimes referred to be the final piece of the data encryption jigsaw, given that cloud providers already encrypt data at rest and in motion. Until recently, it was always essential to decode that information to process it, and many experts viewed this as a gaping hole in the landscape of data encryption. This will now be altered by computer confidentiality.

Kubernetes is a crucial platform that supports most contemporary apps today. It is used to coordinate a massive number of software containers that host the application components that can be executed on any computing platform.

Edgeless Systems believes that there is a “massive requirement” for confidential computing in today’s organizations, whose cloud infrastructures increasingly span several distinct environments. Therefore, developers must address several security and compliance issues. Constellation allows Kubernetes users to restrict access to processed data, which is one of the most effective methods to ensure security and compliance.

Constellation isolates workloads and the control plane from the underlying infrastructure, guaranteeing that all data is encrypted at rest, in transit, and in use. Edgeless Systems said that this could be remotely confirmed based on hardware-rooted certificates.

Constellation works with Google Cloud and Microsoft Azure at launch, with support for Amazon Web Services and OpenStack on the horizon. Constellation is also accredited by the Cloud Native Computing Foundation, a neutral organization that regulates the open-source Kubernetes project’s development.

Felix Schuster, the Chief Executive officer of Edgeless Systems, stated that the business is constructing open-source infrastructure to facilitate the revolution in confidential computing. “The hardware and features required for Constellation weren’t even available in the cloud 12 months ago, but we started the necessary work to ensure Kubernetes users can secure all their data — in rest, in transit, and now in use. By making Constellation available to everyone, we can help accelerate the adoption of more secure cloud computing workloads.”

Constellation boosts Kubernetes workload security in ways other than just data encryption. For example, it supports automatic and configuration-free encryption of cloud storage and node-to-node networking.

These capabilities add to what Edgeless Systems insists is “breakthrough security and data protection” for Kubernetes workloads, limiting unauthorized access to clusters via the underlying infrastructure. Therefore, not even a cloud administrator with privileges or a sophisticated, persistent threat within the infrastructure can access the data within Constellation.

Constellation’s primary benefit is that it allows businesses to shift their most critical Kubernetes-based workloads to the cloud. Thus, software vendors can offer more secure software-as-a-service platforms to their clients, for example.

Constellation Research Inc.’s Holger Mueller stated that organizations have a strong interest in securing next-generation cloud-based applications and that confidential computing is crucial to achieving this.

Constellation Research Inc.’s Holger Mueller said, “How can software containers and Kubernetes, the platforms on which these apps are built, be shielded from the cloud infrastructure they are running on? Now we have the entry of Edgeless Systems, with a unique take on Kubernetes that’s fully shielded from the cloud infrastructure it runs on. Edgeless Systems comes from Germany, a nation known for its extreme sensitivity regarding data protection, so it’s no surprise to see them leading the way.”