In a new blog post, Mark Russinovich, Microsoft’s chief technology officer for Azure, has announced the launch of Azure confidential computing.
“Put simply, confidential computing offers a protection that to date has been missing from public clouds: encryption of data while in use. This means that data can be processed in the cloud with the assurance that it is always under customer control,” he said.
Russinovich goes on to highlight some reasons why customers may feel apprehensive about moving their sensitive data to the cloud, due to fears of data attacks. However, with confidential computing, users can move their data to Azure knowing that it is safe not only at rest, but also in use from threats including malicious insiders with direct access to hardware on which the data is processes and is being processed third parties accessing it without their consent.
“Confidential computing ensures that when data is ‘in the clear’, which is required for efficient processing, the data is protected inside a Trusted Execution Environment (TEE).” Russinovich explains. This ensures that there is no way to view data or the operations inside from the outside. Only the authorised code is permitted to access data. If the code is altered or tampered, the operations are denied and the environment disabled. The TEE enforces these protections throughout the execution of code within it.
Russinovich says that Microsoft is developing a platform which allows developers to use different TEEs without having to change their code.
“In addition to SQL Server, we see broad application of Azure confidential computing across many industries including finance, healthcare, AI, and beyond. In finance, for example, personal portfolio data and wealth management strategies would no longer be visible outside of a TEE. Healthcare organisations can collaborate by sharing their private patient data, like genomic sequences, to gain deeper insights from machine learning across multiple data sets without risk of data being leaked to other organisations.”