Confidential Computing Solution: How far have we come?

A few months back, I wrote about the building blocks of a confidential computing solution and how you can start deciphering the different pieces of the solution. You can read more about it here.

Many months have passed since I wrote the above article, and I wanted to share a few updates.

In the ensuing months, quite a few commercial offerings have been launched, and the open-source community is actively working to bring the technology to users looking to build a confidential computing platform.

Azure announced an impressive lineup of commercial offerings, including support for confidential compute nodes in their managed Kubernetes service (Azure Kubernetes Service).

Google announced Confidential Compute space, an interesting application of confidential computing for multi-party computation.

They also have support for confidential compute nodes in their managed Kubernetes service (Google Kubernetes Engine)

And then there is the confidential Kubernetes distribution from edgeless systems. They also open-sourced it.

The CNCF confidential containers project is also making steady progress, and you can read about the new release here.

There is support for both VM TEEs (e.g. AMD SEV, Intel TDX, IBM Z Secure Execution) using Kata containers runtime and process-based TEE (Intel SGX) using enclave-cc runtime.

The CNCF confidential containers project and confidential Kubernetes distribution provide an excellent foundation for building a hybrid confidential computing platform that can work across infrastructure providers (on-prem and off-prem).

There is still a lot to do, especially w.r.to user experience improvements for both new and existing workloads (lift-and-shift) and seamless usage across different cloud and infrastructure providers. But we are getting there.

If you are exploring confidential computing for your workloads and looking for guidance, please get in touch with me for a discussion.