Microsoft launches Azure confidential computing to protect data encrypted in use

Microsoft has announced the launch of ‘confidential computing’ in Azure, claiming to be the first public cloud provider to offer encryption of data while in use.

The project, for which a variety of Microsoft teams have been working for four years, is similar in scope to the Coco Framework, Redmond’s confidential computing blockchain initiative.

“Despite advanced cybersecurity controls and mitigations, some customers are reluctant to move their most sensitive data to the cloud for fear of attacks against their data when it is in-use,” Mark Russinovich, Microsoft Azure CTO wrote in a company blog post. “With confidential computing, they can move the data to Azure knowing that it is safe not only at rest, but also in use from [various] threats.”

The threats Russinovich outlined included classic scenarios; malicious insiders with administrative privileges, as well as hackers and malware exploiting bugs in operating systems. The platform Microsoft is building enables developers to take advantage of different trusted execution environments (TEE) – which ensure there is no way to view data from the outside – without having to change their code.

“We see broad application of Azure confidential computing across many industries including finance, healthcare, AI and beyond,” Russinovich wrote. “In finance, for example, personal portfolio data and wealth management strategies would no longer be visible outside of a TEE. Healthcare organisations can collaborate by sharing their private patient data, like genomic sequences, to gain deeper insights from machine learning across multiple data sets without risk of data being leaked to other organisations.

“In oil and gas, and IoT scenarios, sensitive seismic data that represents the core intellectual property of a corporation can be moved to the cloud for processing, but with the protections of encrypted-in-use technology,” Russinovich added.

You can find out more here.