This is the first of a series of articles in which we will share how confidential computing (a set of hardware and software technologies designed to protect data in use) can be integrated into the Red Hat OpenShift cluster. Our…
Category: Red Hat Security
OpenSSL in Red Hat Enterprise Linux 10: From engines to providers
OpenSSL is a popular cryptographical toolkit with more than 20 years of history. For a long time, the only way to extend it was by using an “engine”, which defines how a cryptographic algorithm is computed. This could include hardware…
Recent improvements in Red Hat Enterprise Linux CoreOS security data
As Red Hat’s product portfolio of various products expands, we are offering more delivery options and methods to give customers more flexibility in how they use and consume Red Hat products.Red Hat Enterprise Linux CoreOS (RHCOS) underpins Red Hat OpenShift,…
Secure cloud bursting: Leveraging confidential computing for peace of mind
When using the public cloud there are always challenges which need to be overcome. Organizations lose some of the control over how security is handled and who can access the elements which, in most cases, are the core of the…
Red Hat Insights collaborated with Vulcan Cyber to provide a seamless integration for effective exposure management
Vulcan collaborated with Red Hat to optimize Vulcan Cyber with Red Hat Insights and provide businesses with a holistic view of exposure risk across all attack surfaces and asset types.According to Vulcan, “By harnessing Red Hat Insights’ deep visibility into…
FIPS 140-3 changes for PKCS #12
With the planned release of Red Hat Enterprise Linux (RHEL) 10 in 2025, the PKCS #12 (Public-Key Cryptography Standards #12) files created in FIPS mode now use Federal Information Processing Standard (FIPS) cryptography by default. In other words, PKCS #12…
Confidential Containers with IBM Secure Execution for Linux
Red Hat OpenShift sandboxed containers, built on Kata Containers, now provide the additional capability to run Confidential Containers (CoCo). Confidential Containers are containers deployed within an isolated hardware enclave protecting data and code from privileged users such as cloud or…
Secure design principles in the age of artificial intelligence
At Red Hat, we are committed to delivering trustworthy and robust products through a comprehensive security approach that encompasses many Secure Development Lifecycle (SDLC) activities. Our approach is grounded in the foundational principles of secure system design, which were first…
Strengthen DevSecOps with Red Hat Trusted Software Supply Chain
As organizations start deploying advanced monitoring capabilities to protect their production environment from cyber attacks, attackers are finding it increasingly difficult to break in and compromise systems. As a result, they are now leveraging alternate approaches to infiltrate systems by…
Solving the Puzzle of RBAC with Red Hat Customer Portal
You’ve just created a Red Hat Customer Portal account to provision a Red Hat OpenShift cluster. If you’re new to Red Hat Customer Portal, then you probably have a lot of questions, like what other Red Hat portals do you…
Red Hat Insights provides analytics for the IBM X-Force Cloud Threat Report
IBM recently released their 2024 X-Force Cloud Threat Landscape Report.According to IBM, this report “provides a global cross-industry perspective on how threat actors are compromising cloud environments, the malicious activities they’re conducting once inside compromised networks and the impact it’s…
A smarter way to manage malware with Red Hat Insights
Red Hat Insights makes it much easier to maintain and manage the security exposure of your Red Hat Enterprise Linux (RHEL) infrastructure. Included is the Insights malware detection service, a monitoring and assessment tool that scans RHEL systems for the…
When LLMs day dream: Hallucinations and how to prevent them
Most general purpose large language models (LLM) are trained with a wide range of generic data on the internet. They often lack domain-specific knowledge, which makes it challenging to generate accurate or relevant responses in specialized fields. They also lack…
Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177
TL;DR: All versions of Red Hat Enterprise Linux (RHEL) are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, but are not vulnerable in their default configurations.Red Hat has been made aware of a group of vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177)…
Deployment considerations for Red Hat OpenShift Confidential Containers solution
Confidential containers are containers deployed within a Trusted Execution Environment (TEE), which allows you to protect your application code and secrets when deployed in untrusted environments. In our previous articles, we introduced the Red Hat OpenShift confidential containers (CoCo) solution…
How Red Hat is integrating post-quantum cryptography into our products
In a previous post-quantum (PQ) article, we introduced the threat that quantum computing presents for any systems, networks and applications that utilize cryptography. In this article, you’ll learn what you can do to assist your organization in achieving crypto-agility with…
Managing Automatic Certificate Management Environment (ACME) in Identity Management (IdM)
The Automatic Certificate Management Environment (ACME) protocol allows automated interactions between certificate authorities and your servers. This means you can automate the deployment of your public key infrastructure at a low cost, with relatively little effort. ACME provides automated identifier…
Simplify identity management with Red Hat IdM
Red Hat Identity Management (IdM) is a centralized and comprehensive identity management solution that provides a wide range of features designed to help manage user identities, enforce security policies and facilitate access management. IdM offers a number of tailored and…
Use cases and ecosystem for OpenShift confidential containers
Red Hat OpenShift sandboxed containers, built on Kata Containers, provide the additional capability to run confidential containers (CoCo). This article continues our previous one, Exploring the OpenShift confidential containers solution and looks at different CoCo use cases and the ecosystem…
Exploring the OpenShift confidential containers solution
Red Hat OpenShift sandboxed containers, built on Kata Containers, now provide the additional capability to run confidential containers (CoCo). Confidential Containers are containers deployed within an isolated hardware enclave protecting data and code from privileged users such as cloud or…
Authentication and Authorization in Red Hat OpenShift and Microservices Architectures
One of the key components of a container-based architecture is security.There are many facets to it (just have a look at the list of topics in the official OpenShift documentation here), but some of the most basic requirements are authentication…
Improved vulnerability reporting on Quay.io
Quay.io is Red Hat’s hosted container registry service that serves enterprise users, open source community projects, and Red Hat customers worldwide. One of the most used features of Quay.io, besides storing and serving container images, is the comprehensive security vulnerability…
Red Hat Advanced Cluster Security Cloud Service is now Generally Available
Red Hat Advanced Cluster Security Cloud Service graduates from limited availability to general availability! This release allows customers to access a fully managed software-as-a-service to help protect their containerized applications across the full application lifecycle in any major cloud environment.…
Red Hat Enterprise Linux and Secure Boot in the cloud
Secure Boot technology is part of Unified Extensible Firmware Interface (UEFI) specification. It is a useful and powerful tool which can be used to improve boot time security of an operating system by only allowing trusted code to be executed…
Red Hat VEX files for CVEs are now generally available
In October 2023, Red Hat Product Security announced the publishing of Vulnerability Exploitability eXchange (VEX) files, in beta form, for every single CVE ID that is recorded in the Red Hat CVE Database. Since then, we have actively collected feedback…
Security vulnerability reporting: Who can you trust?
Good cyber security practices depend on trustworthy information sources about security vulnerabilities. This article offers guidance around who to trust for this information.In 1999, MITRE Corporation, a US Government-funded research and development company, realized the world needed a uniform standard…
Embracing automated policy as code in financial services
In the ever-evolving world of financial services, staying compliant, secure and efficient is paramount. Financial institutions are under constant pressure to manage risks, adhere to regulatory requirements and ensure operational consistency. With the advent of new technologies, the complexity of…
Post-quantum cryptography: Code-based cryptography
If you want to know what post-quantum cryptography is or why any one will care, see part 1 of my series.On August 24, 2023 the National Institute of Standards and Technology (NIST) published its first draft of post-quantum algorithms. The…
API security: The importance of rate limiting policies in safeguarding your APIs
In today’s networked digital world, application programming interface (API) security is a crucial component in safeguarding private information and strengthening the integrity of online transactions. The potential for attack has increased dramatically as a result of the growing use of…
The State of Kubernetes Security in 2024
The State of Kubernetes Security for 2024 report shows us that as the popularity of Kubernetes grows, the more important security planning and tooling becomes. Our annual report examines some of the most common cloud-native security challenges and business impacts…
Customize your Red Hat OpenShift nodes and keep them updated
Today we’re excited to announce a new mechanism for admins to safely and easily customize an operating system deployment with highly refined needs while taking full advantage of the automation and power provided by Red Hat OpenShift. This means you…
Passkey is the Future, and the Future is Now with Red Hat Enterprise Linux
Red Hat Enterprise Linux 9.4 introduces the ability for centrally managed users to authenticate through passwordless authentication with a passkey, meaning it’s an enterprise Linux distribution with Fast Identity Online 2 (FIDO2) authentication for centrally managed users! This is all…
The Marvin Attack
The Marvin Attack is a new side-channel attack on cryptographic implementations of RSA in which the attacker decrypts previously captured ciphertext by measuring, over a network, server response times to specially crafted messages. The attacker also may forge signatures with…
Reducing the significant risk of known exploitable vulnerabilities in Red Hat software
In a previous Red Hat article, VP of Red Hat Product Security, Vincent Danen, discussed the question “Do all vulnerabilities really matter?” He emphasized that “a software vulnerability has the potential to be exploited by miscreants to harm its user.”…
Security and safety of AI systems
It is hard to imagine any modern computer system that hasn’t been improved by the power of artificial intelligence (AI). For example, when you take a picture with your smartphone camera, on average more than twenty deep learning (DL) models…
ANSSI-BP-028 security recommendations updated to version 2.0
ANSSI, the National Cybersecurity Agency of France (Agence nationale de la sécurité des systèmes d’information), provides a configuration guide for GNU/Linux systems. It’s identified as ANSSI-BP-028 (formerly known as ANSSI DAT NT-028). Recently, ANSSI published an update of its ANSSI-BP-028…
Automating secrets management with HashiCorp Vault and Red Hat Ansible Automation Platform
A lot of organizations use Red Hat Ansible Automation Platform to orchestrate their infrastructure and Hashicorp Vault to manage their secrets. But how do they work together?HashiCorp Vault is a powerful tool for managing secrets, providing a centralized platform for…
Creating a Web Application Firewall in Red Hat OpenShift
In the last few years, several Red Hat customers have asked how to add a Web Application Firewall (WAF) to the OpenShift ingress to protect all externally facing applications.A WAF is a Layer 7 capability that protects applications against some…
Easily integrate Secrets Management System with Ansible Automation Platform to update systems passwords
Changing systems passwords is a common task that all systems administrators must do to keep up with all the latest security policies. Now with secrets being managed by the secrets management system, we need a way to integrate with that…
Exploring security by design and loosening guides
The concept of security by design, which includes the concept of security by default, is not new. In fact, secure by design is considered one of the fundamental principles of secure development. In general, we say there is security by…
Kentik for Ansible Automation Platform now certified with Red Hat
The Kentik Collection is now Red Hat Ansible Certified Content, and is available on Ansible automation hub. The highlight of this is Event-Driven Ansible, an event source plugin from Kentik to accept alert notification JSON. This works in conjunction with…
Automated Policy-as-Code. Start Small. Think Big.
How to get started with automated policy as code: Start small but think BIG.A policy enforcement feature is coming to future versions of Red Hat Ansible Automation Platform. This blog provides more detail around where we’re heading with this exciting…
Veeam Ransomware Protection with Red Hat Enterprise Linux as the Immutable Repository
Veeam Backup and Replication is a backup, recovery and data management platform that modernizes data protection for cloud, physical and virtual environments. In this post we’re going to look at using Veeam as part of a strategy to guard against…
Getting started with Red Hat Insights and FedRAMP
Recently we announced that Red Hat Insights along with Red Hat OpenShift on AWS GovCloud has achieved Federal Risk and Authorization Management Program (FedRAMP®) Agency Authority to Operate (ATO) at the High Impact Level.We delved down a bit further into…
Mitigating breaches on Red Hat OpenShift with the CrowdStrike Falcon Operator
As Kubernetes becomes increasingly integral to production environments, cyber adversaries are likewise becoming more skilled in cloud-native exploitation. According to the CrowdStrike 2024 Global Threat Report, cases involving exploitation of cloud services increased by 110% in 2023, far outpacing non-cloud…
Simplify hybrid cloud operations with Red Hat Enterprise Linux 9.4
Architecting, deploying, and managing hybrid cloud environments can be a challenging and time-consuming process. It starts with processor selection, operating system configuration, application management, and workload protection, and it never ends. Every step requires a reliable, trusted software foundation with…
Beyond the lingo: What does Red Hat Insights and FedRAMP mean for your workload?
Here at Red Hat, we’ve spent over a decade building up the power of Red Hat Insights, making it one of the most valuable pieces of technology included in your Red Hat subscription. We’ve integrated with industry-leading technologies like IBM…
Connect hybrid cloud Kubernetes with F5 multicloud networking and Red Hat OpenShift for optimized security footprints
Many organizations face numerous challenges when modernizing their applications or migrating from on-premises applications to cloud-native microservices. This can include challenges such as deploying and managing their applications at scale, increased network complexity, managing costs and ensuring security.Red Hat and…
Learn about trends and best practices from top security experts at Red Hat and NIST’s Cybersecurity Open Forum
Red Hat and the National Institute of Standards and Technology (NIST) are pleased to announce our third annual Cybersecurity Open Forum – Improving the Nation’s Cybersecurity. On April 24, 2024, cybersecurity experts will gather in Washington, D.C., to share best…
4 use cases for AI in cyber security
Artificial intelligence (AI) is being introduced to just about every facet of life these days. AI is being used to develop code, communicate with customers, and write in various media. Cyber security, particularly product security is another place AI can…
Red Hat Enterprise Linux 7: End of compliance content on June 30, 2024
As of Jun 30, 2024, the Red Hat Enterprise Linux (RHEL) 7 maintenance support 2 phase ends and Red Hat will no longer update compliance content for RHEL 7. Many policy providers, such as CIS and DISA, will no longer…
Understanding the Red Hat security impact scale
Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of…
Introducing Confidential Containers Trustee: Attestation Services Solution Overview and Use Cases
In confidential computing environments, attestation is crucial in verifying the trustworthiness of the location where you plan to run your workload or where you plan to send confidential information. Before actually running the workload or transmitting the confidential information, you…
Introducing OpenShift Service Mesh 2.5
We are pleased to announce the release of Red Hat OpenShift Service Mesh 2.5. OpenShift Service Mesh is based on the Istio and Kiali projects, and is included as part of all subscription levels of Red Hat OpenShift. OpenShift Service…
Red Hat Quay 3.11: Smarter permissions, lifecycle, and AWS integration
The Quay team is excited to announce that Red Hat Quay 3.11 will be generally available this month. This release will introduce updates to permission management and image lifecycle automation automation for more effective management at scale. Significant updates include:Team-sync…
Red Hat OpenShift Service on AWS obtains FedRAMP “Ready” designation
We’re pleased to announce that the Red Hat FedRAMP offering, which includes Red Hat OpenShift Service on AWS (ROSA), has obtained the “Ready” designation from the FedRAMP Joint Authorization Board (JAB). This means that Red Hat is now listed on…
Confidential Containers for Financial Services on Public Cloud
Public clouds provide geo resilience in addition to being cost-effective when compared to on-premise deployments. Regulated industries such as the Financial Services Industry (FSI) traditionally have been unable to take advantage of public clouds since FSI is highly regulated from…
Bridging innovation and standards compliance: Red Hat’s drive towards the next-generation of government computing standards
From FIPS 140-3 to Common Criteria to DISA STIGs, Red Hat is constantly pursuing the next iteration of compliance for our customers. Red Hat’s mission has long been to bring community innovation to enterprise organizations, packaged in a hardened, production-ready…
Delivering a better view of system vulnerabilities with Red Hat Insights
Every system administrator needs to know about common vulnerabilities and exposures (CVEs) that affect their systems. Included with your Red Hat Enterprise Linux subscription is the Red Hat Insights vulnerability service which gives you a list of all of the…
eBPF wrapped 2023
When it comes to open-source innovation, Red Hat is committed to pushing technological boundaries and enhancing the capabilities of cutting-edge solutions. As we look back at 2023, we’ll discuss Red Hat’s role in advancing Extended Berkeley Packet Filter (eBPF) technology,…
Red Hat and RISC-V: To the far edge and beyond
Red Hat has always been an advocate of growth at the intersection of open source and computing solutions–which is exactly where RISC-V can be found. RISC-V is one of those technologies where the future is both evident and inevitable. By…
Patch management needs a revolution, part 3: Vulnerability scores and the concept of trust
This is the third part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesVulnerability ratings are the foundation for a good…
Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers
Red Hat OpenShift sandboxed containers (OSC) version 1.5.0, introduces Peer Pods to IBM Z and LinuxONE. This update is the product of a cooperation between IBM and Red Hat, and is an important step in improving sandboxed containers, paving the…
What’s next on the horizon for telecommunications service providers? A look at 2024 with Red Hat.
In 2023, Red Hat met with so many customers and partners – from industry event interactions and individual meeting rooms to cross country visits and late-night service calls, we’ve learned so much from our trusted ecosystem. With all of these…
Protecting your intellectual property and AI models using Confidential Containers
Protecting intellectual property and proprietary artificial intelligence (AI) models has become increasingly important in today’s business landscape. Unauthorized access can have disastrous consequences with respect to competitiveness, compliance and other vital factors, making it essential to implement leading security measures.…
Enterprise security challenges for CNI organizations: Technical solutions to address security challenges
This is the third post in a series of blogs looking at cybersecurity focusing on Critical National Infrastructure (CNI) organizations. This post identifies where Red Hat can help organizations reduce their risk using their technology, training, and services. Enterprise security…
Runtime security deep dive: Ask An OpenShift Admin episode 116
Runtime pertains to the active execution of a system, which may encompass infrastructure, applications operating within containers, or local systems. Runtime security refers to the security measures implemented while the application is actively running. This is especially important, as revealed…
The TLS Extended Master Secret and FIPS in Red Hat Enterprise Linux
Almost 10 years ago, researchers identified and presented the “triple handshake” man-in-the-middle attack in TLS 1.2. The vulnerability breaks confidentiality of the connection and allows an attacker to impersonate a client. In response, RFC 7627 introduced the Extended Master Secret…
Vulnerability Exploitability eXchange (VEX) beta files now available
Red Hat Product Security is pleased to announce that official Red Hat vulnerability data is now available in a new format called the Vulnerability Exploitability eXchange (VEX). In April 2023, we mentioned in an article titled “The future of Red…
DISA STIG for Red Hat Enterprise Linux 9 is now available
According to IDC, Linux operating system (OS) environments are expected to grow from 78% in 2021 to 82% in 2026 across physical, virtual, and cloud deployments. Fundamental to that growth is continued assurance that Linux OSs can provide organizations with…
Red Hat OpenShift Service on AWS assessed to process Australian Government Data at PROTECTED level
Red Hat—the world’s leading provider of open source solutions—is excited to announce the successful completion of the Infosec Registered Assessors Program (IRAP) assessment of Red Hat OpenShift Service on AWS (ROSA). IRAP is managed by the Australian Signals Directorate (ASD).…
Accelerated Encryption with 4th Gen Intel® Xeon® Scalable Processors
Earlier this year, Red Hat engineering took a close look at how to accelerate compression within applications by using 4th Gen Intel Xeon Scalable Processors that include Intel® QuickAssist Technology (Intel® QAT), which can accelerate both compression and encryption. Today…
DISA STIG for Red Hat OpenShift is now available
To help government agencies and regulated industries embrace cloud-native innovation at scale while enhancing their security posture, we are pleased to announce the publication of the Security Technical Implementation Guide (STIG) from the Defense Information Systems Agency (DISA) for Red…
Enterprise security challenges for CNI organizations: Overview of security challenges
This is the first in a series of three blog posts focusing on United Kingdom Critical National Infrastructure (CNI) cybersecurity. Part 1 will focus on giving readers an overview of the problem space that CNI organizations face, Part 2 will…
Improving containerization security with Red Hat OpenShift
In today’s rapidly evolving technology landscape, organizations increasingly embrace containerization to achieve greater scalability, portability, and efficiency in their application deployments. While containerization has its benefits, it also can present IT security challenges that must be addressed to improve the…
Better securing the frontlines: Leveraging Ansible Automation Platform and AIDE for DoD file integrity
A lot of system administrators within the Department of Defense already use the Advanced Intrusion Detection Environment (AIDE). This is mainly because of a Security Technical Implementation Guide (STIG) that states that a file integrity checker must be configured to…
Persistent volume support with peer-pods: Solution overview
Peer-pods, also known as the Kata remote hypervisor, enable the creation of Kata Virtual Machines (VM) on any environment, be it on-prem or in the cloud, without requiring bare metal servers or nested virtualization support. This is accomplished by extending…
Hardening SSH connections to managed hosts with Red Hat Ansible Automation Platform
Red Hat Ansible Automation Platform is a platform for implementing enterprise-wide automation, which makes it an ideal tool for your security audits. Security has many layers, but this article focuses on mitigating SSH attacks on managed hosts. While you can’t…
The State of Edge Security Report
Edge computing has grown from being a niche use case in a handful of industries to offering a major opportunity for enterprises across industries to spread compute power around the world (or universe, as in the case of workloads in…
Red Hat Insights Compliance: Introducing new customization options for policies
Maintaining compliance to cybersecurity standards can be a daunting task, but you can mitigate that by using Red Hat Insights. With the latest feature update, the Red Hat Insights Compliance reporting service now allows you to edit the rules in…
Confidential containers with AMD SEV
Based on Kata Containers, the Confidential Containers (CoCo) project is a community solution to enable hardware technologies for virtualized memory encryption in container environments through attestation. CoCo SEV enables an encrypted container launch feature by utilizing a remote key broker…
Building security certifications into your image builder blueprint
I imagine I am not the only systems administrator who struggled with driving security compliance across a disparate fleet of Linux systems. It took up hours of administrative time and often required interaction with a third-party auditor to validate the…
OpenShift sandboxed containers on-prem: Going nested without nested
Peer-pods is a new Red Hat OpenShift feature that enables an OpenShift sandboxed container (OSC) running on a bare-metal deployment to run on OpenShift in a public cloud and on VMware. It’s not uncommon to want to run OpenShift in…
Red Hat: Building a quantum-ready world
As the world’s leading provider of enterprise-ready open source software, Red Hat is uniquely positioned to help prepare the widely varying users of its embedded platform cryptography for the transition to a post-quantum world. In fact, the US Government calls…
Confidential computing: 5 support technologies to explore
This article is the last in a six-part series (see my previous blog) presenting various usage models for Confidential Computing, a set of technologies designed to protect data in use. In this article, I explore interesting support technologies under active…
FIRST Announces CVSS v4.0 Public Preview
The Common Vulnerability Scoring System (CVSS) is well known in the world of product security, development and IT. “The Common Vulnerability Scoring System provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting…
RHEL confidential virtual machines on Azure: A technical deep dive
The Red Hat Enterprise Linux 9.2 CVM Preview image for Azure confidential VMs has been released, and it represents an important step forward in confidential virtual machines. In this article, I focus on the changes Implemented to support the emerging…
Best practices for patch management
As a Solution Architect, I’m often asked what Red Hat’s best practices are for patch management. In this article, I’m going to cut through the noise, linking to relevant work and materials where appropriate, to offer some focused guidance around…
Red Hat compliance certifications and attestations achieved
For nearly two decades, Red Hat has been helping both public and private entities adapt to changing IT security requirements and concerns. Red Hat achieves a wide range of cybersecurity validations and certifications for our products and services in global…
Confidential containers on Azure with OpenShift: setup guide
Confidential containers (CoCo) is a new feature of Red Hat OpenShift sandboxed containers that leverages Trusted Execution Environment (TEE) technology to isolate your containers from the host and other containers. In this blog post, you will learn how to set…
Introduction to confidential virtual machines
In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the…
Securing D-Bus based connections with mTLS and double proxy
When we started the discussions on the requirements that led to the development of Hirte (introduced by Pierre-Yves Chibon and Daniel Walsh in their blog post), we explored using systemctl with its –host parameter to manage systemd units on remote…
Confidential computing: From root of trust to actual trust
This article is the fourth in a six-part series where we present various use cases for confidential computing—a set of technologies designed to protect data in use, like memory encryption, and what needs to be done to get the technologies’…
Improving supply chain resiliency with Red Hat Trusted Software Supply Chain
The software supply chain has quickly become the latest target for malicious actors, with targeted attacks on foundational software components intended to orchestrate data breaches, initiate service outages or worse. Today, we announced the release of Red Hat Trusted Software…
Confidential Containers on Azure with OpenShift: A technical deep dive
Red Hat OpenShift sandboxed containers has taken a significant step forward in workload and data security by adopting the components and principles of the CNCF Confidential Containers (CoCo) open source project and the underlying Trusted Execution Environment (TEE) technology. The…
Attestation in confidential computing
This article is the second in a six-part series (see our previous blog), where we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example using memory encryption—and the requirements to get…
Confidential computing primer
<p>This article is the first in a six-part series in which we present various usage models for <strong>confidential computing</strong>, a set of technologies designed to protect data in use—for example by using memory encryption—and the requirements to get the expected…
The future of Red Hat security data
<p>Red Hat security data is a central source of truth for Red Hat products regarding published, known vulnerabilities. The availability of accurate information in security data can help provide the correct risk assessment process in customers' vulnerability management programs, which…
The State of Kubernetes Security in 2023
<p>Despite Kubernetes still being a relatively young technology, adoption rates have soared over the past several years as the container orchestration platform has become the cornerstone for many digital transformation initiatives. Even as organizations settle in with their use of…
Deploying confidential containers on the public cloud
<p>In this article we will describe how Microsoft and Red Hat are collaborating in the open source community to show how Red Hat <a href="https://www.redhat.com/en/technologies/cloud-computing/openshift">OpenShift</a> can be deployed on <a href="https://aka.ms/azurecc">Azure Confidential Computing</a> for providing confidential container capabilities to its…