Microsoft develops Haven to enable secure cloud computing without having to trust the provider

Joseph Finney

Microsoft develops technology to enable cloud computing without having to trust the provider

Cloud computing has been touted as the future of computing for years now, but uneasy feelings remain over trust for security and privacy. The most ideal situation concerning the cloud would be a way for users to operate their cloud applications without their cloud provider being able to view their data or processes. This is the situation which Microsoft Research has developed and is testing. Calling it Haven, the technology works with experimental Intel hardware which enables applications to run securely without being unencrypted.

Originally developed as an attempt to make virtualization more efficient via a system called Drawbridge, Haven is an obvious fit for the cloud. This new technology was showcased at the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), and won best paper. Being able to run applications within a cloud without having to unencrypt the data gives Microsoft a leg up when it comes to trust.

Companies who are concerned about privacy from government spying or data breaches can rest assured with Haven, because the data Microsoft sees remains encrypted. This means that if law enforcement forces Microsoft to hand data over, they can comply but are unable to unencrypt the data and thus law enforcement would not get access to the raw data. If Microsoft is able to bring this technology into Azure, it could drive the next wave of cloud adoption, especially in places like the EU where data privacy is very important.

Developing Haven was not originally intended for the cloud, but instead for operating systems. This underscores how Microsoft having diverse and robust research teams across their different platforms enables ideas to cross-pollenate the different business units at Microsoft. A company like Google or Amazon may have never developed technology like this because it is counter-intuitive when considering the current state of cloud security.