Cloud Giant Microsoft Announces Confidential Computing on Azure Platform
September 17, 2017
Cloud giant Microsoft has announced new confidential computing services on the Azure platform. Microsoft has headquarters in Richmond, Washington, United States and offers a wide range of cloud-based services including the Office 365 communication and collaboration suite. Through the Azure platform Microsoft offers storage and compute services alongside a number of ‘Big Data’ options. Known as "Confidential Compute", the new feature will keep customer’s data secret, even from Microsoft themselves.
The new feature was announced last Thursday and provides full data security through encryption while applications are in both quiet and use. The goal of the feature is to protect customers from attacks made from a number of sources including malware and hackers, and also people within a company who might have administrative rights. It also protects against unauthorized third-party access. Data will be in encrypted when in storage, travelling across a network and when it is in the system’s memory. It will be entirely inaccessible, even from Microsoft.
Two versions of Confidential Computing are available, one leveraging virtual machines that utilize the Hyper-V Virtual Secure Mode (VSM) functionality, and the other leveraging the Software Guard Extensions (SGX) feature in Intel's Skylake-SP Xeon processors. With its protection, the only way a hacker could get full access to data would be to fully compromise Hyper-V.
“Today, I’m excited to announce that Microsoft Azure is the first cloud to offer new data security capabilities with a collection of features and services called Azure confidential computing,” explained Microsoft Azure’s CTO, Mark Russinovich. “Put simply, confidential computing offers a protection that to date has been missing from public clouds, encryption of data while in use. This means that data can be processed in the cloud with the assurance that it is always under customer control.”