Continuum AI is now public. Try out the most secure GenAI service!
Constellation
Constellation leverages confidential computing to isolate entire Kubernetes clusters from the infrastructure. Finally, the public cloud turns into your private cloud.
All data in the cluster remains encrypted in all states - at rest, in transit, and during processing.
The integrity of the entire cluster is verified based on cryptographic certificates and latest supply-chain security mechanisms.
High availability, autoscaling, and close to native performance.
By encrypting your entire K8s cluster, Constellation supports you in migrating
sensitive workloads to the cloud with maximum security and increasing your
SaaS offerings' trustworthiness. Constellation will help you prevent
data breaches and address regulatory requirements like GDPR
and DORA. Constellation works on all major clouds.
Constellation can be set up in minutes in your favorite cloud with an easy-to-use CLI. Afterwards, you can connect your favorite Kubernetes tooling via the kubeadm interface.
01.
02.
03.
For end-to-end confidentiality, it is not enough to use managed Kubernetes offerings like AKS, EKS, or GKE with Confidential VMs. Many attack vectors remain.
This ensures compatibility with all existing Kubernetes tooling. On top, we implement Kubernetes security updates within 24 hours.
Constellation achieves SLSA Level 3. With reproducible builds, hardware-based attestation, and sigstore-based software signatures throughout, Constellation is leading the way in supply-chain security for Kubernetes.
The benchmarks from the Center for Internet Security (CIS) are widely recognized standards for defending IT systems against cyberattacks.
The source code of Constellation is accessible for anyone to review on GitHub. This enables meaningful remote attestation.
Constellation’s ease of use meant that Organized Crime and Corruption Reporting Project (OCCRP) developers could easily implement it and subsequently continue focusing on the other technical tools that augment their journalists’ work. With Constellation, OCCRP could rest assured that the most valuable information remains safe for use by international journalists.