Contrast
Contrast integrates Confidential Containers, based on Kata Containers, seamlessly with existing managed Kubernetes platforms, adding a layer of confidential computing without disrupting workflows.
Containers running in confidential micro VMs based on AMD SEV and Intel TDX. Keeping all data encrypted during processing.
Compatible with managed Kubernetes, Contrast can be installed as a day-2 operation in existing clusters.
Contrast provides one succinct attestation statement for your deployment, proving that your deployment adheres to a given manifest.
Contrast securely manages keys for your containers, provisions certificates, and sets up transparent mTLS connections between them.
Contrast secures applications by running containers within confidential micro VMs, offering stringent protections like runtime encryption and remote attestation. This approach safeguards data integrity and confidentiality.
Once installed into your Kubernetes cluster, Contrast serves as a slim but effective isolation layer, allowing native Kubernetes orchestration of your confidential containers with minimal DevOps involvement. This setup maintains the operational model of managed Kubernetes services while Contrast ensures the confidentiality and integrity of your containers.
With its rigorous runtime policy enforcement, Contrast provides refined access control, suitable for multi-party scenarios and securing data against even the own Kubernetes administrators.
Contrast comes with an easy-to-use CLI. It can be installed within minutes into a Kubernetes cluster that supports confidential containers.
The CLI creates synthesizes a manifest from your Kubernetes YAML file. This manifest is then enforced by Contrast's in-cluster attestation service.
Once configured, you can manage your application with Kubernetes as usual. Contrast independently ensures the integrity and confidentiality of your containers and of the entire distributed application.
Contrast creates confidential containers for applications, safeguarding them from unauthorized access and threats, even in shared cloud environments. Ensuring that sensitive operations can be migrated to the cloud without compromising security.
Contrast introduces a trust model that distinctly separates your applications from cloud service providers, ensuring operational integrity and data privacy. Furthermore, Contrast supports enforcing strict runtime policies through cryptographic verification. This ensures that only authorized users can access sensitive operations.
Designed to meet stringent regulatory requirements, Contrast facilitates compliance with laws and standards such as GDPR and DORA. Its foundation in confidential computing makes it simpler for organizations to adhere to compliance mandates, ensuring that sensitive data is handled securely in the cloud.
With Contrast, you get end-to-end confidential computing for your cloud-native application, while enjoying the benefits of managed Kubernetes. The Kubernetes control plane and the rest of the infrastructure remain outside the trusted computing base (TCB).
Contrast works with the managed Azure Kubernetes Service (AKS). Support for other platforms, like AWS EKS and GCP GKE will be added once these support confidential containers.
Contrast is a tool for customers who want to use confidential computing with managed Kubernetes offerings, face multi-party use cases, or exclude their own administrators from the application data. They do not shy away from handling confidential container deployments and writing app-specific manifests.
If your goal is to shield the entire Kubernetes cluster with zero changes, our product Constellation may be the better choice.
Leave your email or send us your questions.
