The new security services and features are called Azure confidential computing. The technology is available to customers via an early access program.
Some companies have historically been wary of moving sensitive data to the cloud because of worries about their data being attacked when it is in use. Russinovich said confidential computing addresses these concerns by protecting data from the following threats:
- Malicious insiders with administrative privilege or direct access to hardware on which it is being processed;
- Hackers and malware that exploit bugs in the operating system, application, or hypervisor;
- Third parties accessing it without their consent.
It does this by executing a code within a trusted execution environment (TEE) that protects the in-use data. “TEEs ensure there is no way to view data or the operations inside from the outside, even with a debugger,” Russinovich wrote. “They even ensure that only authorized code is permitted to access data. If the code is altered or tampered, the operations are denied and the environment disabled.”
The technology will initially support two TEEs: Virtual Secure Mode and Intel SGX.
Microsoft is also boosting its Always Encrypted capability using its Coco Framework technology to encrypt data in use for Azure SQL Database and SQL Server, according to the blog post.
The Coco Framework aims to help enterprises adopt blockchain. It secures data in blockchain networks using TEEs.