• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Juniper Networks extends connected security with two new updates

A Look at Azure Confidential Computing

January 11, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 4, 2021
8×8 makes raft of updates to platform

BitDam ATP+ protects Office 365 users from unknown threats

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Cloud Network Engineer – Associate – ATL

March 3, 2021
Microsoft Outlines How To Set Up Windows Virtual Desktop

What’s New in Tufin Orchestration Suite 21-1

March 3, 2021
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, March 7, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Microsoft To Build New Azure Cloud Data Centers In Greece

    Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft makes passwordless push in Azure Active Directory

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

    8×8 makes raft of updates to platform

    BitDam ATP+ protects Office 365 users from unknown threats

    Microsoft Outlines How To Set Up Windows Virtual Desktop

    What’s New in Tufin Orchestration Suite 21-1

    Innovative solutions for IT workers at home

    BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Microsoft Power BI Premium Per User pricing is a game changer

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Cloud Network Engineer – Associate – ATL

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft to add new shared channels, encryption for calls, webinar features to Teams

    Microsoft Declares ‘General Availability’ of Threat Experts Security Service

    Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

A Look at Azure Confidential Computing

by AZURE SECURITY NEWS EDITOR
January 11, 2021
in Business
0
Juniper Networks extends connected security with two new updates
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

There’s a change coming in public cloud computing. During the first few years of the public cloud being a viable option for IT architects, the main concern for businesses was security: “If I can’t touch the servers where my stuff is, I’m worried.” Now we’ve come to a place where most businesses see that overall the security of major public clouds is better than what they can achieve on-premises. Data at rest is protected with encryption with various levels of customer control and data in transit is also protected with TLS encryption, again with various levels of customer control. But, there’s still one area where valid security concerns exist: controlling access to data that’s being processed.

Azure Confidential Computing (ACC) aims to address this problem. ACC isn’t a single service or product, rather it’s a collection of tools and services that businesses can use to address the confidentiality of their data as it’s being processed in Azure. ACC is in public preview at the time of writing

Terminology and Concepts
Intel’s Server Guard Extensions (SGX) is a new feature on some newer Xeon processors that provides a part of the processor where only special code is allowed to run; no other code, no matter the privilege level, has access to it and the memory it uses is encrypted and only visible to the application running in the enclave. These protected places where you can run secure code are also known as Trusted Execution Environments (TEEs).

No one except for the application creators have access to the data in the enclave, not administrators of the virtual machine (VM) where the code is running, nor Microsoft’s engineers (if you run the code in Azure VMs). There’s a new series of VMs that supports enclaves, the DC series, which incidentally are the first appearance of Hyper-V Generation 2 VMs in Azure — this is to provide the security (SecureBoot with virtual UEFI) and the pass-through to underlying hardware required.

[Click on image for larger view.]Figure 1. How to tell your ACC machine is a Generation 2 VM.

Attestation is another important part of ACC. Not only do you need to be able to write your application to use the enclave for the sensitive processing, you also need to guarantee that the code is actually running in an enclave you trust. And if that enclave is updated with new code you need to verify that it’s still trusted, the mechanisms here use quotes or reports (based on standard JSON Web Tokens [JWTs]), along with policies that you can set to the standard your business requires. Finally, you also need to ensure that the data you upload into the enclave and the data you get back is protected. Microsoft is doing a lot of work in this area to reduce friction and make enterprise scenarios more accessible.

Use Cases
Not all applications are candidates for enclaves, there are many reasons for this, but one is definitely that you have to write an application from scratch to architect the part that’s running in the host (normal code and data) and the part that’s running in the enclave (the code or data that needs to be secured).  

The most obvious use case is a business that needs to process sensitive data while guaranteeing the privacy of that data or the algorithm that’s used for the processing. Noticeable candidates are the financial trade and the medical industries.

Another use case is enterprise blockchain scenarios where several businesses need to share data or code, but they don’t fully trust the other partners in the consortium. Here, all partners can inspect the code that runs in the enclave and agree that they trust it and, thus, trust whatever results the code gives.

SQL Server is another use case as today Microsoft provides Always Encrypted, where a special driver runs on the client and only decrypts the data as required. This technology will be extended to use enclave technology to protect sensitive data on the server, even from a DBA with full access to the SQL Server. This is coming first in SQL Server 2019 on-premises and then in Azure SQL Database.

A fourth use case is where several different entities have data that could be useful for training a machine learning (ML) model to be more accurate, for instance with medical data from several different hospitals. Understandably, there are regulations in place where private medical data can’t be shared in this manner. Using enclaves, the data can be encrypted and then uploaded from the different entities, thus ensuring that no other organization has access to it, be decrypted in the enclave, analyzed to build a more accurate ML model while still ensuring that each organization keeps its data private and inaccessible to the other entities.

Yet another potential use case is in IoT edge scenarios where a device needs to process sensitive data before aggregating it in the cloud. A practical example could be sales terminals where the part that manages credit card data is executed in an enclave.

[Click on image for larger view.]Figure 2. Creating an ACC VM in Azure.

Open Enclave SDK
As so often is the case with Microsoft, the company is building a platform for developers to extend on top of. In this case it’s the Open Enclave SDK (which is going to be released open source). Currently, it supports C and C++ with other languages coming. You can build an application with it and it’ll run on any SGX hardware, not just in Azure. Today, software enclaves in Azure that are built on Hyper-V Virtualization Based Security (VBS) and Intel SGX are supported, but ARM is developing TrustZone, which will also be supported as that technology matures. It’s probably safe to assume that AMD will develop comparable technology for its CPUs.

One of the reasons that Microsoft is developing this SDK is to abstract the different underlying hardware implementations to make your code more portable. Another reason is to make moving code between Linux and Windows easier, the aim being to require a simple recompile.

Intel’s current SGX SDK causes some friction when developing applications as you need a business relationship with Intel to acquire certificates for your applications, something that’s not required for the Open Enclave SDK (the certificates used still map back to Intel’s root certificate).

The trick (and developers who learn this early will be able to command large salaries) will be exactly how to architect applications with the right proportion of code and data in the enclave and the rest in the host application. There are limitations on the size of the data and code that can live in an enclave, performance is also slower in an enclave.

Wrapping Up
It’s early days yet for ACC and because the technology requires writing applications from scratch or significant refactoring of existing programs, I don’t expect it to be an overnight success. However, for the right scenarios it’ll be another tool in your belt and I wouldn’t be surprised if standards such as PCI will require secure processing environments in the future.

Reference: https://virtualizationreview.com/articles/2019/02/05/a-look-at-azure-confidential-computing.aspx

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

by AZURE SECURITY NEWS EDITOR
March 4, 2021
0

Microsoft recently released a few new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA)....

Microsoft Outlines How To Set Up Windows Virtual Desktop

What’s New in Tufin Orchestration Suite 21-1

by AZURE SECURITY NEWS EDITOR
March 3, 2021
0

Tufin 21-1 is packed full of new features and product enhancements, including incorporating many of our customers’ requests, to help...

Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

by AZURE SECURITY NEWS EDITOR
March 2, 2021
0

BitDam, a leading provider of cybersecurity solutions that protect business communications from unknown threats, today announced the availability of BitDam ATP+, its...

Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

The Global Cloud Security in Banking Market Report provides a holistic evaluation of the market for the forecast period (2020–2026)....

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In