Today, Microsoft introduced Azure confidential computing, available now in Early Access. Azure confidential computing adds an extra layer of cloud security for enterprise customers that not only protects the data from hackers, but can also secure the data from government data collection efforts.
Azure confidential computing creates a virtual black box where customers can store their most coveted and secret data, to keep out of hackers' reach. Microsoft is the first company to offer this cloud data encryption security capability.
With this new security layer, data processed in the cloud is directly controlled by the customer and the customer only. Microsoft was able to create Azure confidential computing with the help of the Azure team, Microsoft Research, Windows, and Developer Tools group, along with Intel Corporation in an effort that was created over the past four years.
Shown in the figure above, Azure confidential computing uses a protected space, called a Trusted Execution Environment (TEE), where data is available for efficient processing. TEEs provide a protected space where there is no way to view the data or operations performed from the outside the TEE. Only those with a special access code will be allowed access to the data within the TEE. The TEE also ensures extra security; if code to access the data is altered or tampered with in any way, the operations are denied and the environment is disabled. The TEE protections are set by the execution of code that is created within the TEE.
Data breaches are becoming a more common occurrence nowadays, including Equifax's recent data breach that affected approximately 143 million American customers. As reported in the Wall Street Journal, Equifax is blaming the data breach on the exploitation of "a vulnerability with U.S. website application Apache Struts."
Microsoft Azure confidential computing protects pertinent data from the following threats:
- Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
- Hackers and malware that exploit bugs in the operating system, application, or hypervisor
- Third parties accessing it without their consent
Azure confidential computing can also protect Microsoft too. As Bloomberg reports, Microsoft won't be forced to turn over any customer data to the US government through any warrants or subpeonas.
"The new service also means that Microsoft won't have the capability to turn over data in response to government warrants and subpoenas, an issue at the heart of a current Microsoft lawsuit against the U.S. government fighting the requirement to turn over client data, sometimes without the customer's knowledge."
While Google and Amazon are working on their own technologies to try to protect customer data in the cloud, Microsoft Azure confidential computing is available for customers right now. If you are interested in Azure confidential computing Early Access, sign up here.