• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Microsoft Outlines How To Set Up Windows Virtual Desktop

How public cloud vendors tackle confidential computing

January 8, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

February 22, 2021
8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

February 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

February 19, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Data insights without limit, security without compromise

February 18, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, February 25, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    A moment of reckoning: the need for a strong and global cybersecurity response

    Data insights without limit, security without compromise

    8×8 makes raft of updates to platform

    What Is Object Storage?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Firewall Premium now in preview

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Innovative solutions for IT workers at home

    Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News

How public cloud vendors tackle confidential computing

by AZURE SECURITY NEWS EDITOR
January 8, 2021
in News
0
Microsoft Outlines How To Set Up Windows Virtual Desktop
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Organizations want to lock down tricky workloads or customer data in the cloud. Confidential computing is one way to do that, albeit with some performance and portability limitations.

Confidential computing is a maturing technology that organizations and cloud providers can use to secure data not only in transit and at rest, but while it’s being processed, too. The goal is complete, end-to-end data encryption. With this technology, organizations can migrate and house sensitive data in the cloud and securely collaborate with other companies.

Confidential computing could also alleviate some of the anxiety cloud customers have about a cloud provider’s staff eavesdropping into or tampering with their workloads, said Steve Riley, a Gartner analyst. Confidential computing implementations essentially lock the provider out of your workloads, so they have no access to or view of your data.

Still, confidential computing has yet to reach maturity and relies on hardware providers such as Intel, AMD and ARM to fully invest in and support the technology. The Confidential Computing Consortium (CCC), a collaborative Linux Foundation project between hardware and cloud providers, aims to accelerate confidential computing maturity and adoption. Its principle founding members include Alibaba, Arm, Google, Huawei, Intel, Microsoft and Red Hat.

While market leader AWS hasn’t fully embraced confidential computing, other major providers believe it’s where the cloud is headed.

“As these technologies mature and get more flexible, they’re going to be easier to adopt,” said Microsoft Azure CTO Mark Russinovich. “And what we ultimately believe and what we’re pushing for is that confidential computing, at least as a basic capability, will be eventually ubiquitous.”

Microsoft was the first public cloud provider to get in on confidential computing in 2017. Since then, the other major cloud providers have taken a few different strategies to offer this capability to users.

As we’ll discuss below, Microsoft, Google Cloud and IBM have deeper engagement in this technology than AWS. This is one area where the other providers could look to distinguish themselves from market leader AWS.

How does confidential computing actually work?

While data encryption at rest and in transit has become standard operating procedure, there are still a few ways hackers can get at your data. When an app is in use, its data is decrypted, and hackers can use this as an opportunity. With confidential computing, data is encrypted in use by running it in a trusted execution environment (TEE), also known as an enclave.

A TEE, as defined by the CCC, is an environment that guarantees a level of assurance in data integrity, data confidentiality and code integrity. This is basically a secured box. Once you’ve set up the TEE, no unauthorized entity, whether it is the OS or application host, system admin or cloud provider, can access or change the data inside the environment.

TEE technology is embedded in hardware, and there are two specific implementations cloud providers are using in their offerings — AMD’s Secure Encrypted Virtualization (SEV) technology and Intel’s Software Guard Extensions (SGX). SEV offers better portability and performance for complex and legacy workloads when compared to SGX, but it lacks memory integrity protection. It also doesn’t shield code from platform owners, which Intel’s technology does, Riley said.

AMD has an updated offering called Secure Nested Paging (SEV-SNP) that supports memory integrity protection, but it isn’t used by cloud providers at this time, according to Riley. Google’s offerings are supported by SEV, while Microsoft and IBM use SGX. The strengths and weaknesses of the hardware are reflected in the cloud providers’ offerings.

Attestation is another key confidential computing concept. This is a verification process by which you ensure your secure environment is actually locked up. Organizations must verify their environments via their hardware provider.

Let’s look at what each cloud provider offers for confidential computing technology.

Microsoft Azure

Microsoft Azure began offering confidential computing VMs in 2017 and has close ties to the open source side of confidential computing. Microsoft contributed the Open Enclave SDK, a single unified abstraction layer to build TEE-based applications, to the CCC. By using the Open Enclave SDK, your code within an enclave is portable between Intel and ARM hardware and both Linux and Windows.

Microsoft offers SGX-enabled confidential computing VMs, currently its DCsv2 series. These SGX-enabled VMs work as an abstraction layer between hardware and your application and fully removes Microsoft from the Trusted Compute Base. This means Microsoft cannot access or view this data in any way. Because of this, SGX-enabled VMs have a more defined shield between you and the cloud provider than those offered via AMD, such as Google Cloud Confidential VMs.

And while these Azure VMs are more portable across different compute frameworks, you can’t simply use it with any workload, as you can with Google Cloud Confidential VMs. To make an existing workload confidential, you’ll have to refractor the application code and make major software changes.

IBM Cloud

IBM Cloud first announced its confidential computing capabilities in 2018 and is on its fourth generation of the technology. IBM Cloud has a variety of services in the space, offering both enclave and managed confidential computing services.

IBM Secure Execution for Linux is a TEE service that isolates large workloads in the cloud for data integrity. IBM Cloud Data Shield is an SGX-based service to secure containerized workloads on Kubernetes and Red Hat OpenShift. IBM Secure Execution for Linux runs on IBM z15 and is a good fit for isolating large workloads in hybrid cloud environments.

On the managed side, IBM’s Hyper Protect Services portfolio embeds secure enclave technology in database, key management, virtualized servers and financial services. IBM’s Hyper Protect Services is the only public cloud service with Level 4 FIPS 140-2 certification.

IBM’s confidential computing road map also includes Red Hat’s Enarx, an open source project that aims to make it easier to build confidential computing applications that work with different providers and platforms, via hardware independence in TEE environments. Enarx is not yet available.

IBM’s confidential computing managed services and scale is a fit for large enterprises that need to protect large amounts of regulated or confidential data in the cloud.

Google Cloud

Announced in July 2020, Google’s Confidential Computing portfolio is the most recent cloud offering in this space. At time of publication, it includes Confidential VMs and Google’s confidential computing open source framework, Asylo. With these tools, users can make an existing Google VM confidential with one click in the Google Cloud Platform console. Confidential Google Kubernetes Engine nodes, currently in preview, will have similar capabilities.

Because these services run on AMD’s hardware, you can make existing workloads and applications confidential without changing the code. Essentially, any Google workload you’re running can be made confidential.

Confidential VMs also include a few additional features:

  • Audit reports for compliance;
  • Policy controls to define privileges for Confidential VMs;
  • Integration with additional security measures like Shared VPCs and firewalls to separate Confidential and regular VMs within projects; and
  • A virtual Trusted Platform Module to share secret keys for encrypted data within the Confidential VM.

Google’s offering works for the most traditional confidential use case — securing sensitive data in the cloud — but it also works when multiple, independent parties must share data. Organizations can always store sensitive data on premises, but companies trying to collaborate and share data sets may not trust the other organization’s data center. Keeping this data in Confidential VMs offers a solution.

Google’s offering is the easiest to implement, but until SEV can provide memory integrity protection and fully shield code from the platform owner, these offerings won’t be as secure as the SGX implementations.

AWS

Unlike the other public clouds with confidential computing offerings, AWS is not a member of the CCC. AWS’ offering, Nitro Enclaves, is in preview at time of publication. Nitro Enclaves is built with AWS’ Nitro Hypervisor technology and is a VM that attaches to an EC2 instance to create secure isolated environments.

A Nitro Enclave inherits some of the CPU and RAM from the first EC2 instance, which gives you an array of compute and memory options to process your sensitive workloads. Cryptographic attestation is performed through the Nitro Hypervisor, so only your enclaved EC2 processes this data. It also integrates with AWS Key Management Service.

While the Nitro Enclaves service isn’t built on Intel SGX or AMD SEV, it does shield data from its attached EC2 instance. The hardware virtualization traps and blocks any attempt by the instance to randomly read from or overwrite the memory allocated to the enclave, Riley said.

It serves various use cases, such as securing confidential healthcare or financial data. If multiple independent parties wanted to process the same set of sensitive data in a way that benefitted each party, they can also do so with Nitro Enclaves. This is one of the primary uses cases for confidential computing today, Riley said.

Reference: https://searchcloudcomputing.techtarget.com/feature/How-public-cloud-vendors-tackle-confidential-computing

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

by AZURE SECURITY NEWS EDITOR
February 25, 2021
0

Latest launched research document on Global Cloud Security in Banking Market study of 111 Pages provides detailed analysis with presentable...

Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

Native integration with ZEDEDA’s orchestration solution for the distributed edge enables end-to-end remote management of the entire Azure IoT Edge...

A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

ZEDEDA announced an integration with Microsoft Azure IoT services that provides customers with full lifecycle management capabilities (edge hardware, OS, Azure IoT Edge...

Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

by AZURE SECURITY NEWS EDITOR
February 23, 2021
0

In December, the disclosure of the supply chain attack against SolarWinds sent shockwaves throughout federal agencies responsible for the security...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In