Called “confidential computing,” the new service allows data to remain in customer control while it’s being processed in the cloud. According to the company, confidential computing ensures that when data is “in the clear” – i.e., transmitted or stored unencrypted, which is required for efficient processing – the data is protected inside a Trusted Execution Environment (TEE), also known as an “enclave.”
As a result, the company says, data is protected from the following threats: Malicious insiders with administrative privilege or direct access to hardware on which it is being processed; hackers and malware that exploit bugs in the operating system, application, or hypervisor; and third parties accessing it without their consent.
Initially, Azure confidential computing will support two TEEs – Virtual Secure Mode and Intel SGX. Virtual Secure Mode (VSM) is a software-based TEE that’s implemented by Hyper-V in Windows 10 and Windows Server 2016. The hardware-based Intel SGX TEE uses SGX-capable servers in the public cloud. Microsoft is working with Intel and other hardware and software vendors to develop additional TEEs.
The company also announced that it will use the same technology it is using for its confidential computing blockchain efforts – known as its Coco Framework – to implement encryption-in-use for Azure SQL Database and SQL Server.
“In addition to SQL Server, we see broad application of Azure confidential computing across many industries including finance, healthcare, AI, and beyond,” says Microsoft Azure CTO Mark Russinovich. “In finance, for example, personal portfolio data and wealth management strategies would no longer be visible outside of a TEE.”
“Healthcare organizations can collaborate by sharing their private patient data, like genomic sequences, to gain deeper insights from machine learning across multiple data sets without risk of data being leaked to other organizations. In oil and gas, and IoT scenarios, sensitive seismic data that represents the core intellectual property of a corporation can be moved to the cloud for processing, but with the protections of encrypted-in-use technology.”
Microsoft brings blockchain to business with new framework
IBM always-on encryption tackles data breach ‘epidemic’
New Intel processor to help secure blockchain consortium
Tencent, Intel team up on blockchain for IoT