Let the OSS Enterprise newsletter guide your open source journey! Sign up here.

Spending on cloud infrastructure is continuing along an upwards trajectory, growing 34% year-on-year in Q4 2021 to $53.5 billion globally. The benefits of the public cloud are clear, insofar as they enable companies of any size to circumvent costly infrastructure maintenance and deployments, and easily scale their business as demand grows.

But companies don’t always want to store data on public clouds for any number of security and privacy-related reasons, leading them down a path of on-premises or hybrid infrastructure where they may retain more control over their data.

One company, however, is setting out to transform the public cloud into the “safest place for sensitive data.”

Founded out of Germany in 2020, Edgeless Systems leverages confidential computing to help companies store, analyze, and share data without compromising privacy or security.

Confidential computing, for the uninitiated, is made possible through new hardware security features such as Intel’s SGX in server CPUs, which keep workloads encrypted at runtime and “make the integrity of those workloads cryptographically verifiable,” according to Edgeless Systems cofounder and CEO Felix Schuster.

Keeping confidential

In effect, confidential computing is all about isolating workloads from the cloud provider, so that the provider or any malicious actor can’t access the data. “This allows companies to move sensitive workloads to the cloud,” Schuster told VentureBeat. “One can build new apps that — for instance — allow for the secure data-sharing between distrusting parties.”

Perhaps more importantly, confidential computing addresses how to protect “data in use” — that is, data that is currently being processed — rather than data that is in transit or at rest.

Edgeless Systems has so far released three confidential computing products under an open source license — Ego, EdgelessDB, and MarbleRun, which can be used for myriad use-cases, such as powering AI-based data processing from connected vehicles (as Edgeless Systems did in a project collaboration with Bosch).

MarbleRun, specifically, is a Kubernetes-native control plane that simplifies “deploying, scaling, and verifying SGX-based apps.” However, MarbleRun requires the end-user to modify existing services and codebases, which can be resource-intensive, which is why Edgeless Systems has launched an enterprise-grade version of MarbleRun that allows anyone to set up a confidential Kubernetes environment with minimal fuss.

Constellation, as the new product is called, represents Edgeless Systems’ first commercial product. It takes the concept of confidential Kubernetes and makes it easily accessible through a simple interface — according to Schuster, it takes just a few minutes to create a confidential Kubernetes deployment in any of the major public clouds.

“The beauty is that from the inside, everything just looks and feels like normal Kubernetes, while from the outside everything is shielded end-to-end from the cloud infrastructure,” Schuster explained.

It’s worth noting that unlike MarbleRun, Constellation is not built for SGX. Instead, it’s designed for deployment on Intel’s upcoming TDX, AMD SEV, and AWS Nitro Enclaves. “Thus, Constellation runs — or will soon run — in all major clouds,” Schuster added.

The story so far

Schuster has significant experience in the confidential computing sphere from his time as a researcher at Microsoft, where he worked on various projects across cloud security; SGX; blockchain; and Azure Confidential Computing, including Microsoft’s Confidential Consortium Framework (CCF) for enterprise blockchain networks. Schuster left Microsoft in early 2019 to work on the foundations for what would become Edgeless Systems, a company he finally incorporated in March, 2020.

The confidential computing market is already on course to become a $54 billion business within four years, up from the estimated $2 billion today — and Edgeless Systems is spooling up to capitalize on this anticipated growth, having closed a small $1.65 million seed round of funding last summer .

Ultimately, the problem that Edgeless Systems is setting out to solve is one that impacts any company that manages vast swathes of data: how to leverage the power of the public cloud without falling afoul of privacy and security regulations?

“Today, companies cannot fully trust the public cloud as they do not know for sure who — such as hackers or malicious admins — might access their data,” Schuster said. “This problem also raises serious concerns regarding data privacy — for example, European companies cannot store any personal data on servers of U.S. cloud providers due to the U.S. CLOUD Act. With Constellation, workloads are isolated and protected from access by the infrastructure provider.”