Your submission was sent successfully! Close

Jump to main content
  1. Blog
  2. Article

on 28 June 2023

In today’s digital landscape, organisations of all sizes have expanded their presence in the cloud. But with this expansion comes a significant increase in the attack surface, making security a top concern. In this blog, we will dive into the exciting world of cloud cyber security, and explore a stronger approach to securing your workloads with the help of Ubuntu.

Why does your OS choice matter for cloud cyber security?

Let’s first talk about why your choice of operating system matters for security. While developers put in a lot of effort to secure their applications, the security guarantees they provide are just one piece of the puzzle.

Once your application is running on a platform in production, threats can still arise from the privileged system software, which includes the operating system, virtual machine manager, and the platform’s firmware.

By design, this software has extensive access to all of your application’s resources, and if it ever becomes malicious or compromised, it can leak all of your application’s sensitive data. Therefore, It is crucial to recognise that the security of the operating system sets the upper limit for application security. So what security measures does Ubuntu offer for cloud workloads?

Cloud cyber security with Ubuntu 

Ubuntu offers many built-in security features like Full disk encryption, Mandatory Access Control via AppArmor, filesystem capabilities and UEFI secure boot. To further improve your security posture, you can also enable additional security features with an Ubuntu Pro subscription.

Ubuntu Pro is Canonical’s comprehensive subscription for open source software security. When used on the public cloud, Ubuntu Pro will take your security to a whole new level. Let us  break down what’s included:

  1. Wide security coverage: Ubuntu Pro provides comprehensive security patching for over 25,000 open-source packages, including popular applications like Apache Kafka, NGINX, MongoDB, Redis, and PostgreSQL.
  2. Reduced downtime: With Ubuntu Pro’s Livepatch Service, you can enjoy instantaneous patches of your kernel’s high and critical CVEs at run time, with no need for an immediate reboot. This can greatly minimise your business disruptions and maximise your  uptime.
  3. 10 years of platform stability and peace of mind: Canonical guarantees 10 years of security maintenance for Ubuntu Pro users running LTS releases, ensuring a decade of stability and protection for your workloads.
  4. Compliance certifications Ubuntu Pro offers automation and auditing tooling for DISA-STIG, CIS hardening and auditing, FIPS-certified cryptographic modules, and more. It simplifies compliance processes and helps you meet regulatory requirements effortlessly.
  5. 24/7 support: Optional weekday or 24/7 support is also available with Ubuntu Pro, ensuring that you have expert assistance whenever you need it. It includes troubleshooting, break fix and bug fix on 25,000 open source packages and a wide set of applications, with 1 hour first response time for critical, disruptive issues with 24/7 support.

Ubuntu Pro is free for up to 5 machines for personal and small-scale commercial use, or up to 50 machines for official Ubuntu Community members.

Get started with Ubuntu Pro today

Enhancing cloud cyber security with confidential computing

While security hardening and automated CVE patching are essential for protecting your public cloud workloads from known security vulnerabilities, they cannot protect your data from zero-day vulnerabilities within the cloud’s privileged system software, or from a potentially malicious cloud provider. 

This is because, up until recently, there were no available mechanisms for protecting sensitive workloads at run-time. Today, confidential computing offers a systems-level primitive that allows you to run your applications within a hardware-rooted logically isolated execution environment. 

Ubuntu Confidential VMs

Using AMD SEV-SNP or Intel TDX CPU extensions, you can deploy Ubuntu Confidential VMs whose system memory and CPU registers are encrypted using the latest AES-128 hardware encryption engine. 

Because workloads running in the cloud are loaded from a hard disk, Ubuntu also leverages its full disk encryption capabilities to secure your data at rest.

Using AES, Ubuntu encrypts and decrypts all data written at disk, storing the encryption key (itself encrypted) in your VMs virtual disk. Only the virtual Trusted Platform Module (vTPM) associated with your CVM instance can decrypt the key.

With Ubuntu’s Confidential VMs, your data is secured at runtime, rest, and boot. 

At Canonical, We strongly believe that in the future, confidential computing and privacy-enhancing technologies will become the standard approach to computing. That’s why our portfolio of confidential computing solutions is available for free on all public clouds.

To learn more about this topic, we invite you to read our whitepaper which provides an in-depth discussion on adopting a stronger approach to Azure cloud cyber security with Ubuntu.

Deploy secure Ubuntu workloads on the public cloud today

Using Ubuntu on the public cloud provides you the foundation you need to fortify your cloud workloads. With Ubuntu Pro’s extended security coverage, reduced downtime, compliance tooling, and confidential computing support, you can gain confidence and peace of mind with state-of-the-art security.

Take your cyber cloud security to the next level with and confidential VMs and build a solid foundation for your security-sensitive environments.

Learn more about Ubuntu security

If you would like to know more about the Canonical approach to security at large, contact us

Additional resources

Related posts

5 September 2023

도커(Doker) 컨테이너 보안: 우분투 프로(Ubuntu Pro)로 FIPS 지원 컨테이너 이해하기

FIPS Security

오늘날 급변하는 디지털 환경에서 강력한 도커 컨테이너 보안 조치의 중요성은 아무리 강조해도 지나치지 않습니다. 컨테이너화된 계층도 규정 준수 표준의 적용을 받기 때문에 보안 문제 및 규정 준수 요구 사항이 발생합니다. 도커 컨테이너 보안 조치는 경량의 어플라이언스 유형 컨테이너(각 캡슐화 코드 및 해당 종속성)를 위협 및 취약성으로부터 보호하는 것을 수반합니다. 민감한 개인 데이터를 처리하는 데 의존하는 ...

29 June 2023

The founding moments: Tracing the origins of confidential computing

Confidential computing Article

In Ernest Hemingway’s novel “The Sun Also Rises,” there is a memorable exchange between the author and the main character, Mike. When asked how he went bankrupt, Mike responds with a concise yet profound answer: “Two ways. Gradually, then suddenly.”  Innovation happens much in the same way. Gradually, then suddenly. Ideas simmer and evolv ...

17 June 2023

Is Linux secure?

Confidential computing Security

Operating system security is the upper bound of your application security Meet Pal. Pal is a senior developer working at PalBank. For the next 6 months, Pal will be responsible for leading the development of the bank’s web application client, which will be used daily by millions of customers. Pal invests considerable effort into designing ...