Cloud

Microsoft's Azure confidential computing boosts security by encrypting cloud data in use

A new feature called Azure confidential computing adds new data security capabilities that guarantee more control over data while it's processed.

Microsoft's Azure confidential computing, a new feature for the firm's cloud computing platform, improves security by adding encryption to data while it's in use. This allows data to remain in customer control while it's being processed in the cloud, according to a Microsoft blog post.

Azure confidential computing, which is actually a collection of security features, has been in development for four years as a joint effort among the Azure team, Microsoft Research, Intel, Windows, and the Developer Tools group. As of its launch, it will be available through the Early Access program, the post said.

With the introduction of Azure confidential computing, Microsoft is now the only major cloud provider to offer such data security capabilities, according to the post.

SEE: Research: Cloud vs. data center adoption rates, usage, and migration plans (Tech Pro Research)

With the growing number and severity of data breaches, many such attacks can be traced back to data accessed while in use, the post said. As such, customers may be wary of moving their sensitive data to the public cloud, for fear it could be compromised.

However, with the new feature set, Microsoft Azure can protect against malicious insiders who may have hardware access or admin privileges, as well as third parties trying to access the data without consent. It can also protect against attacks that exploit bugs in the application, OS, or hypervisor, the post said.

With Azure confidential computing, data ready for processing is kept safe in a Trusted Execution Environment (TEE)—sometimes referred to as an enclave. "TEEs ensure there is no way to view data or the operations inside from the outside, even with a debugger. They even ensure that only authorized code is permitted to access data. If the code is altered or tampered, the operations are denied and the environment disabled," the post said.

Through the new feature, multiple TEEs will be available to developers. These developers will also be able to leverage these environments with no code changes. Virtual Secure Mode and Intel SGX will both be supported at the start, with support for more TEEs to come in the future.

Additionally, Microsoft also announced that its Coco Framework technology will be used to bring encryption-in-use to both SQL Server and Azure SQL Database. This "ensures that sensitive data within a SQL database can be encrypted at all times without compromising the functionality of SQL queries," the post said.

The 3 big takeaways for TechRepublic readers

  1. Azure confidential computing from Microsoft adds a new layer of security to the public cloud by encrypting sensitive data in use.
  2. The feature protects against insiders with admin privileges, attacks on the OS or application, and unwelcome third-party data access to improve security.
  3. Data ready for processing is put in a Trusted Execution Environment (TEE), like Virtual Secure Mode or Intel SGX, to remain safe.

Also see

clouddata.jpg
Image: iStockphoto/chairboy

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox