Published: Sun, September 17, 2017
Sci-tech | By Carrie Guzman

Microsoft Azure Confidential Computing keeps your business data secret

Microsoft Azure Confidential Computing keeps your business data secret

The other TEE option is the hardware-based Intel Software Guard Extensions (SGX) solution, which leverages the CPU.

The key to confidential computing is ensuring that when data is "in the clear", required for efficient processing, it is protected within a Trusted Execution Environment (TEE - also called an enclave), which makes it impossible to view data or inside operations from the outside, even with a debugger.

In a post on the official Azure Blog, the service's Chief Technology Officer, Mark Russinovich, has revealed that through this announcement, Microsoft's platform is the first to bring encryption of data in use to the public cloud, something which was missing previously. From strict physical datacenter security, ensuring data privacy, encrypting data at rest and in transit, novel uses of machine learning for threat detection, and the use of stringent operational software development lifecycle controls, Azure represents the cutting edge of cloud security and privacy.

Microsoft is making it harder for cyber-attackers to steal data from its cloud customers and invade their privacy with a new suite of services and features called Azure Confidential Computing, the company announced on September 14. If you are interested in Azure confidential computing Early Access, sign up here. The processor itself will encrypt and decrypt data from memory, such that the data is only decrypted when it's within the processor itself. Initially we support two TEEs, Virtual Secure Mode and Intel SGX.

International Olympic Committee names hosts of 2024, 2028 Olympics
Some 83 percent of residents in Los Angeles County said they want host the Olympics in 2028 in the survey. Los Angeles and Paris were originally competing to host the 2024 Games.

"Despite advanced cybersecurity controls and mitigations, some customers are reluctant to move their most sensitive data to the cloud for fear of attacks against their data when it is in-use".

The new service also means that Microsoft won't have the capability to turn over unencrypted data in response to government warrants and subpoenas without customer involvement, an issue at the heart of a current Microsoft lawsuit against the USA government fighting the requirement to turn over client data, sometimes without the customer's knowledge. We're working with Intel and other hardware and software partners to develop additional TEEs and will support them as they become available.

Azure confidential computing creates a virtual black box where customers can store their most coveted and secret data, to keep out of hackers' reach. It's a safeguard that remains active as along as code is being executed in a TEE. In finance, for example, personal portfolio data and wealth management strategies would no longer be visible outside of a TEE.

Confidential security is now just available for organizations that are part of Microsoft's "Early Access" program, so it's still at the test level. As reported in the Wall Street Journal, Equifax is blaming the data breach on the exploitation of "a vulnerability with USA website application Apache Struts". The Intel technology isn't exclusive to Microsoft and will be sold to other customers.

Like this: