Anjuna today extended a confidential computing runtime based on Kubernetes to enable it to be used to encrypt data as it is processed in memory in multiple cloud computing environments.
Anjuna Seaglass, previously available on the Elastic Kubernetes Service (EKS) from Amazon Web Services (AWS), will also be made available next year on the Azure Kubernetes Service (AKS) from Microsoft and the Google Kubernetes Service (GKE).
Confidential computing takes advantage of extensions to the latest generation of processors to create a trusted execution environment that, in addition to preventing unauthorized code from running, also ensures data privacy by encrypting data in a way that can’t be viewed by anyone on an IT team.
Anjuna CEO Ayal Yogev said Anjuna Seaglass extends that capability to multiple cloud computing platforms to prevent organizations from becoming locked into a specific cloud computing environment.
Much like virtual machines provided a layer of abstraction above the infrastructure layer, Anjuna Seaglass is designed to enable IT teams to move applications as they best see fit, said Yogev.
Confidential computing takes encryption to the next level by securing data while it is loaded in memory, not just at rest or in transit. Prior to the arrival of confidential computing, all data running in memory was accessible as clear text. Now there are processor families that enable data to be encrypted in a way that prevents anyone from being able to view it.
It’s not clear whether confidential computing will become the default option for deploying application workloads in the cloud, but as it becomes simpler to deploy a runtime that can run anywhere, there is no reason not to encrypt data on an end-to-end basis as the total cost of data breaches continues to rise. In fact, a large percentage of the cybersecurity issues organizations experience today can be traced back to malware taking advantage of vulnerabilities that are exploited when code is running in memory.
Ultimately, DevOps teams will take the lead when it comes to adopting Anjuna Seaglass as part of a larger effort to eliminate cybersecurity and compliance issues, said Yogev. Cybersecurity teams may exercise some influence, but it’s the responsibility of DevOps teams to find ways to eliminate potential cybersecurity and compliance issues in the first place, he added.
Currently, organizations that take advantage of confidential computing capabilities provided by cloud service providers pay a premium for the privilege. Anjuna is making a case for a runtime that, once licensed, can be deployed on top of any Kubernetes service to reduce the total cost of confidential computing.
Each IT organization will naturally have to decide how widely to apply confidential computing, but as various compliance regulations become more stringent, the simplest path to compliance is to encrypt data whenever and wherever possible. The challenge, of course, will be updating all the existing application environments that, in addition to making data available as plain text in memory, also make it possible for malware to be executed any time cybercriminals find a weakness to exploit.