Thursday, September 14, 2017

Microsoft intros Azure confidential computing

Microsoft Azure is introducing a new data security capability called Azure confidential computing that provides encryption for data that is in use.

Microsoft said it has been working on this capability with Intel for over four years.

Confidential computing protects data in use from the following threats:

  • Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
  • Hackers and malware that exploit bugs in the operating system, application, or hypervisor
  • Third parties accessing it without their consent

Microsoft said that when data is “in the clear” it is protected inside a Trusted Execution Environment (TEE - also known as an enclave), which ensures there is no way to view data or the operations inside from the outside, even with a debugger.

https://azure.microsoft.com/en-us/blog/introducing-azure-confidential-computing/