Microsoft pitches encrypted Azure to keep cloud data secret
Joins the blockchain bandwagon
Microsoft has a unveiled a set of services it hopes will alleviate security concerns with its public cloud service.
Known as Azure Confidential Computing, the service is currently in an early access test and aims to provide security for cloud data while it is in use by cloud applications.
The idea, says Microsoft, is to keep the data away from threats while it is crunched on the server and sent to the application.
"While many breaches are the result of poorly configured access control, most can be traced to data that is accessed while in use, either through administrative accounts or by leveraging compromised keys to access encrypted data," wrote Mark Russinovich, Azure CTO.
"Despite advanced cybersecurity controls and mitigations, some customers are reluctant to move their most sensitive data to the cloud for fear of attacks against their data when it is in-use."
To do this, Microsoft says it will be moving Azure code and data into a Trusted Execution Environment that authorizes code to make sure it has not been tampered with, and then processes it in a locked-down "enclave" environment secured from any outside access.
The Trusted Execution Environments will operate within Hyper-V instances separated from server access, or on an Intel SGX environment that shields the data from outside access at the hardware level.
Additionally, Microsoft said, it will be extending its in-house enterprise blockchain tools, like those in its Coco Framework, to provide additional security for SQL Server and SQL Database instances in Azure.
This, Microsoft hopes, will allow it to offer secured cloud instances first for SQL customers, then to other Azure customers in various sectors.
"In addition to SQL Server, we see broad application of Azure confidential computing across many industries including finance, healthcare, AI, and beyond," said Russinovich.
Microsoft did not say when the confidential computing service could transition from Early Access subscribers to general availability. ®