Microsoft Azure Confidential Computing

Azure confidential computing helps to protect both the integrity and the confidentiality of all your code and data while it is being processed in the cloud.

Security is one of the biggest reasons why enterprise users are adopting cloud computing but, when you have highly sensitive data and IP scenarios to move over to the cloud, security is also a major concern.

We already have ways of protection data at rest and in transit but Azure goes one step further and protects it while it is being processed.

Confidential computing provides new security capabilities using encryption mechanisms, or trusted execution environments (TEEs). These are software or hardware implementations that protect data while it is being processed so it can’t be accessed externally to the TEE.

Only code that has been authorized may access data or run so both code and data are fully protected from external viewing and modification.

Core Confidential Computing Components

  • Deployment and Management of TEE-Enabled Compute Instances – Access hardware-based functionalities and features in the cloud for building and running applications powered by SGX. Make use of the DC-series virtual machines to build applications that will protect code and data in use.
  • Development Against Standard Enclaving Abstractions – Use the Open Enclave SDK to build applications that protect against different types of enclave with a consistent API surface that surrounds an enclaving abstraction and provides support for portability and flexibility in architecture.
  • Verify TEE Identities – Along with validating the code inside them to determine whether secrets can be released or not. Verification is very easy and available using attestation services.
  • Harden Enclave Code With Microsoft Research Insights – Explore the research released on new confidential computing apps, techniques for hardening TEE apps and tips on how to stop information from leaking out of the TEE.

Application Patterns of Confidential Computing

  • Protect the integrity and confidentiality of data using, for example, SQL Server Always Encrypted technology
  • Create trusted networks using, for example, Confidential Consortium Blockchain Framework.
  • Combine multiple sources of data using, for example, secure multiparty machine learning
  • Protect sensitive IP code using, for example, secured content licensing and DRM protection.

Learn about Sharepoint on Microsoft Azure.