Edera is building a better Kubernetes and AI security solution from the ground up
Edera, a startup looking to simplify and improve how Kubernetes containers and AI workloads are secured by offering a new hypervisor, today announced that it has raised a $5 million seed funding round led by 645 Ventures and Eniac Ventures.
Kubernetes is now 10 years old, but Edera founders Ariadne Conill (distinguished engineer), Emily Long (CEO), and Alex Zenla (CTO) argue that securing multi-tenancy workloads remains an unsolved problem.
Long was previously the COO at Chainguard and Anchore, and has an extensive background in operations and culture, while Conill was the creator of security-focused Linux distribution Wolfi and is a maintainer for Alpine Linux. Until starting Edera, Conill also worked at Chainguard, where she met Long.
Zenla, meanwhile, was an engineer at companies like Radix and Google and has long been an open source maintainer and contributor. With a long experience in working on IoT at Google and an even longer tenure in the open source world, working on projects like Dart and Chromium, Zenla saw firsthand how difficult it was to do hardware virtualization on the edge.
"Hardware virtualization is often not available, both because the chips that run inside that hardware don't have hardware virtualization at all, and because they might be disabled," she said. "What I realized is there was no solution for this at the moment. There is no way to run an isolated container that didn't sacrifice performance or require hardware virtualization. So I knew I had to look into this problem because I get frustrated when my stuff's insecure."
Zenla ended up going back to Xen, the open source hypervisor project that, in many ways, enabled the cloud computing revolution. Xen does not require hardware virtualization, in part because it hadn't been invented yet when Xen first launched in 2003.
"What I've realized is that old technologies kind of get misunderstood or put to the wayside when the new thing comes along," she said. "No one seems to look at that and go, 'Hmm, what were the good ideas there? Or what are the challenges that we have today and if those good ideas can help with that?' I think a lot of innovation comes from looking at the past and merging that with the current and new, and so I started developing the concept when I realized that I could run Xen on the hardware device for the edge."
To do that, Zenla essentially rewrote Xen in Rust, but at the time, her focus was on edge devices. It was only after talking to Conill and Long that she realized that she had maybe thought too small and that she could adapt the project to help secure all of their cloud-native infrastructure, not just on the edge. By now, this vision has shifted to also include protecting AI workloads that run on GPUs.
"The original design goals for Kubernetes were for ‘soft’ multi-tenancy where there was a level of trust between users of a cluster. But as Kubernetes has found its way into more domains, the need for stronger security protections has become apparent," said Joe Beda, an angel investor in Edera and co-creator of Kubernetes. "Edera fills this gap by using virtualization to both reduce risks and, ultimately, reduce costs. It allows Kubernetes to go places it has never gone before!"
We've seen previous efforts to better protect containers, including the Kata Containers project. The Edera founders, however, argue that these solutions are essentially bolted onto existing projects, while Edera's low-level hypervisor was built with security in mind from the ground up.
"People try to solve this problem by adding ridiculous amounts of layers," Zenla said. "You see that with tool layering in general. It seems like every major enterprise has like 30 different Kubernetes tools and Kubernetes security tools. We hear from people that they just spend all day looking at logs and our idea is: What if we just fixed it?"
For the AI use cases, simply being able to virtualize -- and hence share -- a GPU is already a win for the industry, but the team is also working on adding support for confidential computing to its solution. The company is working with a set of design partners to test this technology, but with today's announcement, the company is also opening up its Kubernetes project to a wider audience.
As for the funding round, Long told me that the team, with its three female co-founders, "felt a certain amount of intimidation. Ultimately, we really found that there are a lot of VCs who share a common passion for both, obviously, the technology that we're in, wanting to see computing change, and then also see a more diverse team do that." The real struggle, she said, was to get people to understand the difference between typical Kubernetes security solutions that exist today -- which focus more on observability, monitoring, and alerting, she argued -- and what Edera was building.
In addition to 645 Ventures and Eniac Ventures, FPV Ventures, Generationship, Precursor Ventures, and Rosecliff Ventures also participated in this round. Angel investors include Joe Beda, Filippo Valsorda, Mandy Andress, Jeff Behl, and Kleiner Perkins scout Nikitha Suryadevara.