A couple months ago at Ignite 2018, Microsoft unveiled their public preview of Microsoft® Azure Confidential Computing (ACC). In Sept 2017, Microsoft Azure became the first cloud platform to enable new data security capabilities that provide enhanced protections for customer data while in use with confidential computing.
Microsoft and Intel are working together to bring Trusted Execution Environments (TEEs), such as Intel® Software Guard Extensions (Intel® SGX) and Virtualization Based Security (VBS - previously known as Virtual Secure mode) to the cloud. Intel SGX is a tool that enables developers to better protect their most sensitive data and application code in-memory and prevent malware and system software from gaining access. Intel SGX adds this protection through CPU-based instructions that establish the TEE at the lowest layer possible.
Many customers are looking to combine the scale and economics of cloud computing with the confidence they have in private, on-premise hardware. Azure Confidential Computing provides added protections for data while the data is processed in the cloud. ACC relies on Intel SGX, which provides an encrypted enclave that is even protected from the cloud provider and low-level system processes. Azure Confidential Computing aims to protect data while it’s processed in the cloud. Intel SGX enables application developers to protect select code and data from disclosure or modification through the use of secure enclaves.
With security looming large in customers’ minds, developers should take advantage of the security-enhancing tools they have to protect their workloads. There are a wide variety of resources that can help developers get started with Intel SGX both in Azure and for on-premise, including the new Open Enclave SDK announced by Microsoft at Ignite.
To learn more about Microsoft ACC and the security services that were showcased and enabled by Intel SGX, listen to this podcast with Christine Avanessians, Principal PM Manager of the Microsoft Azure Compute team at Microsoft.