If your customers are like many, they worry whether their data in the public cloud is truly safe and secure.
To do something about it, Microsoft and Intel have been working together for the last 4 years. Today, Microsoft announced the result of their work. It’s a collection of security features and services known as Azure confidential computing.
Part of the worry over the public cloud comes from the growth of Shadow IT. Security firm McAfee estimates that as much as 40% of all public cloud services are now procured outside IT. McAfee also finds that 65% of IT pros believe Shadow IT is compromising cloud security.
What exactly has Microsoft done about it? Well, the company started by realizing most data breaches affect data in use. The breaches come mainly from 2 sources: administrative accounts and compromised keys.
To fight these breaches, Microsoft has been spending $1 billion a year on cybersecurity, much of it on the Azure public cloud. That’s too much, even for Microsoft.
So the company, working with Intel, came up with a way to encrypt data while in use. This means data being processed in the public cloud is still under the customer’s control. Public clouds haven’t offered this capability before.
More specifically, Azure confidential computing protects public-cloud data inside an enclave known as a Trusted Execution Environment (TEE). Once data is in the TEE, it can’t be viewed from the outside, even with a debugger. Also, only authorized code is permitted to access data.
What if code in the TEE is somehow altered or tampered with? Then the operations are denied, and the environment is disabled.
The new Microsoft Azure program will support 2 TEEs:
> Virtual Secure Mode: Software-based, it’s implemented by Hyper-V in Windows 10 and Windows Server 2016.
> Intel SGX: Hardware-based, it runs on servers in the public cloud.
Interested in trying Azure confidential computing, or have customers who might be interested? It’s available now via an Early Access program.
This program includes access to Azure VSM and SGX-enabled virtual machines. It also offers tools, SDKs, and both Windows and Linux support.
You or your customers can apply here for Microsoft’s Azure confidential computing Early Access program.
With Microsoft new approach to securing Azure, the public cloud should finally be a place that you and your customers can trust.