Microsoft’s new security platform targets customers worried about placing sensitive data in public clouds
Microsoft recently announced it is making it more difficult for hackers to breach the data and privacy of its public cloud users with a new set of services and features called Azure Confidential Computing. The company said it is the first major cloud provider to create applications atop of Intel’s Software Guard Extensions (SGX) technology.
Confidential computing centers on hardware-based encryption, which keeps sensitive data secure in a Trusted Execution Environment (TEE), otherwise known as an enclave. “TEEs ensure there is no way to view data or the operations inside from the outside, even with a debugger. They even ensure that only authorized code is permitted to access data. If the code is altered or tampered, the operations are denied and the environment disabled,” the company wrote in a blog post.
More and more companies are looking to the cloud to run essential business applications. According to the January 2017 Netskope Cloud Report, an average 1,031 cloud services are now in use per enterprise, an increase from 977 in the last quarter. Unfortunately, the threat of massive data breaches is increasing alongside public cloud use. The average cost of a single company data breach has risen to approximately $4 million since 2013, according to research sponsored by IBM.
Azure, Microsoft Research, Intel, Windows and the Developer Tools group have been developing confidential computing over the past four years. The service’s main security feature is the ability to encrypt data while in use, which is intended to ease customer concerns about placing sensitive data in a public data. The service is aimed at companies that frequently share sensitive data, such as finance, healthcare, and oil and gas industries.
“In finance, for example, personal portfolio data and wealth management strategies would no longer be visible outside of a TEE,” the company wrote. “Healthcare organizations can collaborate by sharing their private patient data, like genomic sequences, to gain deeper insights from machine learning across multiple data sets without risk of data being leaked to other organizations. In oil and gas, and IoT scenarios, sensitive seismic data that represents the core intellectual property of a corporation can be moved to the cloud for processing, but with the protections of encrypted-in-use technology.”
Developers will be able to access the TEEs, allowing them to optimize these environments without altering the code. Users are currently able to test Azure confidential computing using the company’s Early Access program, which provides access to Azure VSM, SGX-enabled virtual machines, SDKs, Windows and Linux support. The company also announced its Coco Framework technology will be used to provide encryption-in-use to both its SQL Service and Azure SQL Database.
