Trust No One: Secure Storage With Confidential Containers - Aurélien Bombo, Microsoft
Aurélien Bombo, Microsoft
KubeCon + CloudNativeCon Europe 2025 · Session
In his KubeCon EU talk, Aurélien Bombo from Microsoft presented a comprehensive overview of securing storage within **Confidential Containers** (often referred to as **CoCo**), a critical advancement in the realm of confidential computing. As a core contributor to the Confidential Containers project and a member of the Kata Containers architecture committee, Bombo highlighted the project's belief that confidential computing represents the future, demanding protection for data not only at rest and in transit but crucially, also *in use*. Traditionally, confidential computing has heavily focused on protecting the compute aspect, often overlooking the equally vital components of networking and storage. This talk directly addresses that gap, detailing the ongoing work within the Confidential Containers community to enable secure storage for containerized workloads.
AI review
Bombo's KubeCon EU talk delivers a much-needed deep dive into securing storage within Confidential Containers, addressing a critical gap in traditional confidential computing. He outlines robust architectural designs for both ephemeral and persistent storage, leveraging in-VM encryption, Kubernetes CSI, and a sophisticated security policy enforced by remote attestation. The speaker's expertise as a core contributor shines through, presenting actionable insights for anyone serious about protecting data-in-use in untrusted cloud environments. This is real engineering, not marketing fluff.