{"id":19917,"date":"2022-06-17T15:00:00","date_gmt":"2022-06-17T14:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?p=19917"},"modified":"2022-06-17T19:38:44","modified_gmt":"2022-06-17T18:38:44","slug":"azure-confidential-computing-and-kubernetes","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/technetuk\/2022\/06\/17\/azure-confidential-computing-and-kubernetes\/","title":{"rendered":"Getting started with Kubernetes, Azure and AKS"},"content":{"rendered":"

\"A<\/p>\n

Security is a key driver accelerating the adoption of cloud computing, but it’s also a major concern when you’re moving extremely sensitive IP and data scenarios to the cloud.<\/p>\n

There are ways to secure data at rest and in transit, but you need to protect your data from threats as it’s being processed. Now you can. Confidential computing adds new data security capabilities using trusted execution environments (TEEs) or encryption mechanisms to protect your data while in use.<\/p>\n

TEEs are hardware or software implementations that safeguard data being processed from access outside the TEE. The hardware provides a protected container by securing a portion of the processor and memory. Only authorised code is permitted to run and to access data, so code and data are protected against viewing and modification from outside of the TEE.<\/p>\n

Confidential computing with Azure<\/h2>\n

While data is typically encrypted at rest and in transit, Azure confidential computing also protects your data while it\u2019s being processed. You can share machine learning datasets with multiple sources without exposing proprietary data, and prevent unauthorised access to your data and code by isolating computations in a hardware-based TEE.<\/p>\n

Confidential computing provides an additional layer of protection from potentially malicious insiders at a cloud provider, minimises the risk of data leaks and may even address some regulatory compliance needs.<\/p>\n

It also enables several previously not possible use-cases. For example, customers in regulated industries can now collaborate together using sensitive partner or customer data to detect fraud scenarios, without giving the other party visibility into that data.<\/p>\n

How it works for Kubernetes<\/h2>\n

You can get this additional layer of data protection for your Kubernetes workloads with the code running on the CPU with secure hardware enclaves. This can be done in just a few steps:<\/p>\n