Explore the latest advancements in workload isolation and confidential containers in this 31-minute conference talk by Jeremi Piotrowski from Microsoft. Delve into the evolution of container-based workload isolation, from OS-level separation to hardware-level boundaries with Kata Containers. Discover how new CPU capabilities enable enhanced confidentiality through Kata-CC, an extension of Kata Containers that leverages Trusted Execution Environment features. Learn about the combination of workload attestation and memory encryption to improve security in multi-tenant environments. Examine recent developments addressing hardware availability issues and making confidential computing more accessible. Gain insights into deploying containers in SEV-SNP (secure encrypted virtualization - secure nested paging) protected confidential virtual machines, and understand their respective architectures. Explore the challenges of hardware attestation and its role in ensuring workload portability.