Microsoft Azure Introduces Confidential Computing
Microsoft Azure Blog Series
One of the top concerns organizations have when considering implementing cloud technologies is security. Just last week, Microsoft announced Azure is the first cloud to offer new data security capabilities with a collection of features and services called Azure confidential computing. Confidential computing offers a protection new to public clouds, encryption of data while in use. This means that data can be processed in the cloud with the assurance that it is always under customer control.
Most security breaches can be traced to data that is accessed while in use, either through administrative accounts, or by leveraging compromised keys to access encrypted data. Microsoft has been working on confidential computing the last 4 years and felt it necessary to appease customers that were reluctant to move their most sensitive data to the cloud for fear of attacks against their data when it is in-use. Confidential computing protects again these 3 threats:
- Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
- Hackers and malware that exploit bugs in the operating system, application, or hypervisor
- Third parties accessing it without their consent
Confidential computing ensures that when data is “in the clear,” which is required for efficient processing, the data is protected inside a Trusted Execution Environment (TEE – also known as an enclave). This prevents data from being viewed from the outside, even with use of a debugger, and requires an authorization code to access the data. If the code is altered or tampered, the operations are denied and the environment disabled. The TEE enforces these protections throughout the execution of code within it. Microsoft already uses enclaves to protect everything from blockchain financial operations, to data stored in SQL Server, and our own infrastructure within Azure.
The number of data breaches are increasing month to month, so security needs to stay top of mind for all software vendors. Microsoft spends one billion dollars per year on cybersecurity and much of that goes to making Microsoft Azure the most trusted cloud platform. From strict physical datacenter security, ensuring data privacy, encrypting data at rest and in transit, novel uses of machine learning for threat detection, and the use of stringent operational software development lifecycle controls, Azure represents the cutting edge of cloud security and privacy. Microsoft is giving confidential computing access to customers through its Early Access Program, contact 2W Tech to find out more. 2W Tech is a Tier I Microsoft Cloud Solutions Provider and would be happy to discuss further benefits Microsoft Azure can offer your business.
Best Practices in Disaster Recovery Whitepaper
Enjoyed reading this article? Click the button below to download this asset.