Microsoft today made available Azure confidential computing built on Intel hardware for enterprise cloud customers.
It follows a similar IBM Cloud move last week.
The new Azure DCsv2-Series allows companies to process data in the cloud in hardware-based secure enclaves called trusted execution environments (TEEs). Intel calls its TEEs Software Guard Extensions (SGEs). This hardware-based technology isolates specific application code and data to run in private regions of memory, thus protecting select code and data from disclosure or modification even at the OS and hypervisor level.
Encrypting data while it’s being processed in memory “helps to isolate the data from other applications or tenants, the service provider, rogue administrators, and even from malicious code with root privileges,” wrote Jason Grebe, VP and GM of Intel’s Cloud and Enterprise Solutions Group in a blog post.
Confidential Computing Heats Up
Both Intel and Microsoft are also founding members of the Confidential Computing Consortium. The Linux Foundation formed the open source group last August, and at its launch Intel contributed its SGX software development kit (SDK) to the project. Meanwhile, Microsoft contributed Open Enclave SDK, which is an open source framework that allows developers to build TEE applications using a single enclaving abstraction.
The two companies have been working on Azure confidential computing for several years, and a little over two years ago they rolled out the first public preview of the service. Microsoft claims Azure was the first public cloud to encrypt data while in use, and its engineers helped design the SGX technology used in Intel’s Xeon chips.
At Intel’s Security Day event in February, Senior Director of Microsoft Azure Security Scott Woodgate joined Intel execs on stage to discuss new use cases that confidential computing enables. These include multi-party or federated machine learning. During a later interview at RSA conference, Woodgate said several Microsoft customers use multi-party machine learning to detect banking fraud and money laundering.
IBM is also working on confidential computing use cases with its banking and health care customers, said Nataraj Nagaratnam, CTO and director of cloud security for IBM’s Cloud and Cognitive Software business unit.
That cloud provider last week announced that IBM Cloud Data Shield now supports containerized applications on IBM Cloud Kubernetes and RedHat OpenShift using Intel SGX hardware and Fortanix encryption technology.