By Axel Sass, Chief Architect
With the increasing uncertainty we currently experience in the political world stage comes that more and more companies reevaluate their presence in the cloud and the on-premise data center in the light of operational resilience and data sovereignty. And some who pledged to move most of it or even all of it into the cloud have seen that it is not one or the other, it is a combination of both. Both have their advantages and disadvantages. Flexibility vs. Security concerns. Short term consumption based usage vs. long term base compute power requirements. Especially looking at the current situation it is now easier to ensure that applications and data used in the public cloud stays protected through the usage of Confidential Computing.
Confidential Computing and Its Value in the Current Situation
Confidential computing is a way to ensure that no external party can look at your data and business logic while it is executed. It looks to secure Data in Use. When you now add to that the already established way to secure Data at Rest (encryption of data stored to file/databases) and Data in Transit (secured connection between applications and between storage and applications) it can be ensured that most likely no external party can access secured data running in a confidential computing environment wherever that may be.
In discussions with customers often the question is asked when confidential computing adds an advantage. 6 general use cases could be seen. Have a look at this blog to get an explanation of the use cases https://www.opensourcerers.org/2024/05/20/confidential-computing-in-action/. Of those 6 use cases, this article will focus on the Secure Cloud Bursting scenario. This use case allows for a component running in the on-premise data center to dynamically be executed in the public cloud while retaining the company’s security policies.
Adding Enhanced Security to the Public Cloud
To be able to execute services in the cloud the company needs to be sure that the data and the business logic cannot be accessed or changed from third parties especially by the system administrator of that cloud provider. It needs to be protected. Or better, it needs to be executed in the Trusted Compute Base (TCB) of the company. This is the environment where specific security standards are set to restrict all possible access to data and business logic. It is the area within the company’s datacenter where tempering is very difficult or where the company trusts that under normal circumstances no tempering can be accomplished. With the use of Confidential Computing and Attestation the TCB can be extended to also incorporate the public cloud or better specific instances of the Public cloud. Here attestation is used to verify that a confidential environment (instance) is securely running in the public cloud and it can be trusted to implement all the security standards necessary. Only after successful attestation the TCB is then extended into the Public cloud to incorporate the attested instances. One basic requirement of attestation is that the attestation service is located independently of the infrastructure where the instance is running. The more of the necessary services of confidential computing are provided by one party the easier it is to get information out of the confidential computing environment. So in that aspect using the local attestation service of the cloud provider reduces the overall security of the solution.
Three Types of Confidential Computing
To implement those 6 use cases different Confidential Computing implementations are needed. There are 3 types of confidential computing implementations available. All 6 use cases together enable companies to extend all of their workloads into the public cloud. Let us have a closer look at the implementations starting with Confidential VMs.
Confidential VMs
Most companies are using virtual machines to host legacy services. Some of those might be migrated to a container based platform and some might never be migrated. This means that for the foreseeable future the company needs a way to host VMs. With confidential VMs it is possible to dynamically create VMs in the public cloud to expand the available compute power of the on-premise infrastructure with a public cloud instance using Confidential Computing.
Confidential Cluster
Especially for infrastructure in the scenario of Digital Sovereignty, a whole cluster, where all of the nodes (management and worker) are running in a Confidential environment, including the applications deployed on it, needs to be moved from one cloud provider to another if there is a disruption of services. Confidential computing enforces certain security standards. So Confidential Computing acts like a wrapper to standardize security policies of the surrounding environment. With it and a standardized platform like OpenShift it is easier to implement such a move.
Confidential Containers
If the company needs to extend single applications into the cloud, confidential containers are the perfect choice. The Confidential Container is treated like it was running on premise. There are performance impacts (for example accessing data and latency). But overall it enables the dynamic extension of compute power into a secure environment in the cloud.
Secure Cloud Bursting: When it Is Interesting?
Secure Cloud Bursting is the main use case for Confidential Container. There are two main areas where it becomes valuable.
In the graphic the computational load is pictured. There are seasonal bursts of load and there is an overall growth of the platform.
Seasonal Peaks
During events and marketing campaigns the execution of an application or a component of the application is limited by the on-premise infrastructure. To be able to only use the on-premise datacenter means that you have to provide a lot of overhead compute resources. So with Secure Cloud Burst this specific component can then temporarily be moved into the cloud taking advantage of the flexibility and consumption based pricing of the public cloud. Especially interesting is when the execution of these components needs hardware which is not readily available on-premise like GPUs. When those limited resources are again available on premise the load can be moved back to the on-premise data center.
Systemic Growth
The on-premise cloud is very good at providing a base level of compute power. But most of the times when growth is needed the time to acquire new server hardware and installing it into the on-premise infrastructure takes a lot of time. To bridge the time the procurement- and installation process takes until the new hardware is available secure cloud bursting can be used. And when the hardware is installed and configured the load can return to the on-premise datacenter.
Summary
So in this blog you have seen that even looking at the current worldwide situation Confidential Computing can help to enable companies to use the public cloud located anywhere in the world by still ensuring that common security policies are implemented. And that in the Secure cloud Burst scenario you choose where your applications are running on economic factors rather than only on security challenges.