What is Azure Confidential Computing?
For years now, cloud security has been a major deterrent for many companies to join the cloud bandwagon. This is an Achilles heel for cloud service providers too, as they spend billions of dollar each year on cloud and cybersecurity. One of the aspects that could possible ease this fear and spending is encryption and other data security strategies, and Microsoft is leading the way with a new product called Azure confidential computing.
Microsoft Azure is the first cloud provider to offer a collection of security capabilities and securities under Azure confidential computing. This product’s features is expected to fill in the gaps that are present in public cloud security today.
Azure confidential computing ensures that the data that has to be processed is protected inside an enclave called Trusted Execution Environment (TEE). This is an important step because if you look at past data breaches, you’ll notice that malicious intruders use administrative privileges to access data only when it is being processed. These TEEs ensure that no one can view the data or the operations that happen on it, so outside access or breach is impossible.
Microsoft goes one step further too. If it detects any change in the code, all operations are denied and the environment is instantly disabled. This mechanism is necessary to ensure that hackers don’t use any malware or bugs to exploit the system.
All this functionality is offered to developers through the Azure confidentiality computing platform that runs on top of Intel’s Software Guard Extension (SGX) technology. With this, Azure is the first to offer SGX-capable servers in the public cloud sphere. Customers who’re enrolled in Microsoft’s Early Access program can now develop applications on this confidential computing platform.
This discussion can get you wondering about SGX. What is this and how does it help with cloud security?
Intel’s SGX is the latest technology from Intel that allows developers to protect selected code and data from disclosure or modifications. It uses different protection mechanisms to ensure that the data and code are protected even when the system that’s using it, is running. In other words, the application that’s using this selected code and data is protecting it not just from other applications running on the system, but also from the system’s own operating system, Hyper-V and even Intel’s management engine. So, it becomes almost impossible for anyone to reach this code or data.
Given these high levels of security, we can soon expect Azure confidential computing to be adopted across different organizations, particularly in the finance, healthcare, government, and artificial intelligence sectors. In oil and gas and IoT industries too, this platform can be used to protect the intellectual property of the company, regardless of which application or organization is generating and using the derived data.
In all, this is an exciting product that could pave the way for wider cloud adoption, so everyone gets to make the most of the benefits that come from cloud computing.