A year ago Microsoft announced that they were working on a new technology in Azure to protect and encrypt data in use, called Azure Confidential Computing. If you are moving sensitive data to the cloud, you also want to encrypt it. Today, you can do this for data in transit and data at rest, however data in use is a challenge. Azure Confidential Computing addresses exactly that scenario, and helps you to encrypt data in use. Microsoft was running a private preview program in the last year, and at Microsoft Ignite this year, Microsoft opened up a public preview.
What is Azure Confidential Computing
Azure Confidential Computing together with Intel SGX technology addresses the following threads:
- Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
- Hackers and malware that exploit bugs in the operating system, application, or hypervisor
- Third parties accessing it without their consent
There are ways to secure data at rest and in transit, but you need to protect your data from threats as it’s being processed. Now you can. Confidential computing adds new data security capabilities using trusted execution environments (TEEs) or encryption mechanisms to protect your data while in use. TEEs are hardware or software implementations that safeguard data being processed from access outside the TEE. The hardware provides a protected container by securing a portion of the processor and memory. Only authorized code is permitted to run and to access data, so code and data are protected against viewing and modification from outside of TEE.