STACKIT Confidential Kubernetes

STACKIT CONFIDENTIAL

Protect container workloads from unauthorized access of 3rd parties, with little effort, in a verifiable manner.

STACKIT Confidential Kubernetes combines the advantages of the popular orchestration tool Kubernetes with the high security standards of confidential computing. The solution is based on the Kubernetes Engine Constellation by Edgeless Systems. It allows users to deploy and operate self-managed Kubernetes clusters with extensive security features without much effort. The highlight: clusters are completely isolated from the underlying cloud infrastructure and third-party access. They are completely encrypted throughout, including the storage at runtime. These properties are verifiable to third parties.

Get advice now

Applications

With STACKIT Confidential Kubernetes, the following use cases can be realized, among others

Meeting regulatory requirement

Remote attestation of encryption and isolation of data allows you to proof that you meet regulatory requirements.

Moving sensitive workloads from on-prem to the cloud

Protecting your data from unauthorized access with STACKIT Confidential Kubernetes allows you to migrate even sensitive workloads to the cloud. The STACKIT Cloud turns into your Private Cloud.

Protecting containerized workload from unauthorized 3rd party access

Completely encrypt and isolate your containerized Kubernetes workloads and control plane, increasing the overall security and preventing unauthorized 3rd party access.

Functions

All Kubernetes nodes run inside STACKIT Confidential Virtual Machines (CVMs). While runtime encryption encrypts data over the entire runtime, network and storage encryption takes over the encryption of network communication and storage. Thus, workloads and control plane are truly end-to-end encrypted: at rest, in transit, and at runtime.
The management of cryptographic keys within the CVMs takes place automatically and ensures simple and secure use through transparent key management.
According to the principle of node attestation and verification, the integrity of each new node in the cluster is checked by means of remote attestation before commissioning. Only “good nodes” receive the cryptographic keys to be allowed to access the network and the storage of the cluster.
DevOps engineers benefit from whole-cluster-attestation: They can verify the security and integrity of an entire cluster using a single hardware-rooted certificate.
The security features are complemented by DevOps features, e.g. supporting high availability, day-2-operations (upgrades and recovery), as well as infrastructure-as-code.

To the service certificate

Advantages

You can easily protect containerized workload from unauthorized access and prevent data leaks.
You can move sensitive containerized workload from on-prem to the Cloud with little effort. You turn the Public Cloud into a Private Cloud.
You can increase the trustworthiness of your SaaS-offering running on STACKIT.
You can prove meeting regulatory or compliance requirements in terms of data protection.

Prices

NEU

STACKIT Calculator

With our new STACKIT calculator, you can now calculate the costs for your individual cloud architecture easily, quickly and precisely. Within a few minutes, you will receive meaningful cost indications for over 600 different services – with no hidden costs.

To the STACKIT Calculator

Price overview

Are you interested in the product and would like to find out more about our pricing and billing models?
Please visit our pricing page!

General price overview

Do you still have specific questions about the product or would you like to test it? For further information and advice from our competent team of experts, please do not hesitate to contact us.