Microsoft Azure 'Confidential Computing' Secures Data In Use

Mitch Wagner
9/15/2017
50%
50%

Microsoft is launching a preview of new security technology that protects data when it is most at risk -- when it's being used.

"This means that data can be processed in the cloud with the assurance that it is always under customer control," Mark Russinovich, Microsoft Azure chief technology officer, says in a Thursday blog post announcing the technology, which the company calls "Azure confidential computing." Microsoft and Intel have been working together on the technology over the past four years, Russinovich says.

Using Azure confidential computing, data is protected from malicious insiders, hackers and malware, and third parties accessing the data without consent, Russinovich says. The technology protects data from Microsoft itself, as well as government warrants and hackers, according to Ars Technica.


Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.


Azure confidential computing protects data that's stored "in the clear," which is required for efficient processing, Russinovich says. The service stores data in a Trusted Execution Environment (TEE), also known as an "enclave." The data is accessible only from authorized code, and if the code is altered or tampered with operations are denied and the environment is disabled, Russinovich says.

Initial support is available both in software and hardware. The software implementation is on Windows 10 and Windows Server 2016, through a TEE implemented in Hyper-V.

The hardware implementation uses Intel SGX TEE with the first SGX-capable server in the public cloud, which can run independently of Azure and Microsoft.

Microsoft will continue to work with Intel and other hardware and software partners on additional TEE implementations, Russinovich says.

Microsoft already uses enclaves to protect blockchain financial operations, data stored in SQL Server and its own infrastructure within Azure, Russinovich says.

It's the same technology used in the Coco Framework for enterprise blockchain, introduced last month. (See Microsoft Serves Coco-Flavored Blockchain for Enterprise.)

Azure confidential computing will be useful in implementations including finance, healthcare, artificial intelligence and more, Russinovich says.

Users and developers can try out Azure confidential computing by signing up on theEarly Access program.

Google launched a security chip called Titan last month, to ensure that servers boot from known good state, with verifiable code, and establish a hardware root of trust for cryptographic operations in its data centers.

Enterprises are becoming more concerned about security in the face of a series of big attacks, most recently against Equifax which may have leaked financial records for up to 143 million people. (See Equifax Breach Won't Be the Last or Worst.)

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News


CALLING ALL CLOUD, NFV AND SDN COMPANIES:
Make sure your company and services are listed free of charge at Virtuapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the virtualization industry.


(3)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
kq4ym
50%
50%
kq4ym,
User Rank: Light Sabre
9/22/2017 | 12:28:11 PM
Re: Protection
Google's Titan chip seems to be getting quite a lot of press lately. It will be interesting to watch that development. I would suspect government operators will be or might already have been implementing it behind the scenes.
Phil_Britt
50%
50%
Phil_Britt,
User Rank: Light Sabre
9/19/2017 | 1:03:40 PM
Re: Protection
No matter what a company/vendor/etc. promises, customers should consider themselves as the last line of data protection. They need to be ever diligent and react quickly if there is a sign of a hack.
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
9/16/2017 | 1:03:50 PM
Protection
This is clearly designed to make data protection more of an onus on customers rather than Microsoft. 

This makes a lot of sense. Building something like this is what the market needs right now given all the data security concerns out there. 
More Blogs from Wagner’s Ring
Equinix is initially testing virtual router and firewall in the US and Europe, with plans to extend into Asia soon, to help make network connections more agile and responsive for enterprise customers.
While networks alone won't deliver enterprise transformation, robust, software-defined networks are needed for enterprises to transform, says Sorabh Saxena, president, business operations for AT&T business solutions.
Telefónica turned to Juniper and Nokia to meet exploding demand in Spain. Upgrade raises network capacity to 10 Tbit/s, with room to grow.
Apple haters have been sounding the alarm for a decade, but this time the bad news is real.
Superior technology isn't enough.
Featured Video
Flash Poll
Upcoming Live Events
April 8, 2019, Las Vegas, Nevada
May 6, 2019, Denver, Colorado
May 6-8, 2019, Denver, Colorado
September 17-19, 2019, Dallas, Texas
October 1, 2019, New Orleans, Louisiana
October 2-22, 2019, Los Angeles, CA
October 10, 2019, New York, New York
November 5, 2019, London, England
November 7, 2019, London, UK
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
All Upcoming Live Events
Partner Perspectives - content from our sponsors
Huawei Shows 5G in Action at MWC
By Ken Wieland, for Huawei
Huawei Heats Up Microwave for 5G Backhaul
By Ken Wieland, for Huawei
Huawei Services Bring the Best 5G Into Reality
By Steven Wu, President of Consulting & Service Solution Sales Dept., Carrier BG, Huawei
All Partner Perspectives