Now Reading
What Is Azure Confidential Computing Built On Intel Hardware?

What Is Azure Confidential Computing Built On Intel Hardware?

Vishal Chawla

Microsoft, with its Azure DCsv2-Series virtual machines (VMs), is now aiming to ensure data security via confidential computing.

We know data security is a topic that should not be taken lightly, particularly when the majority of workloads have been shifted to the cloud. In a world where cloud platforms process payment transactions and financial records, security becomes paramount.

Microsoft, with its Azure DCsv2-Series virtual machines (VMs), is now aiming to ensure data security via confidential computing. Microsoft is a part of Confidential Computing Consortium along with other large tech players. The whole idea behind confidential computing is achieving world-class security not only when data is being processed but also while it is at rest or in transit. The Confidential Computing Consortium was developed under the supervision of Linux Foundation. 



With the new VM series, Microsoft sets a milestone of becoming the first company to offer virtualisation products as part of confidential computing. Confidential computing relies on hardware-based trusted execution environment (TEE) and makes processed data so secure that cloud admins and data centre operators with physical access to servers cannot acquire. 

Confidential computing is able to encrypt data at all levels, enabling things like multi-party computation in coordination with different entities at once. This application of encrypted and secure distributed computation can be applied to use cases like doing analytics on combined financial transactional data from different banks for fraud detection, or processing health records in an anonymised fashion for tracking health trends and overall diagnostics. 



For maintaining the open-source consortium, it has taken involvement from every different technology company, setting up the ground rules through a nonprofit foundation to ensure everything is fair. Confidential computing can be useful for distributed apps and more advanced applications such as trusted remote virtual machines.

Intel’s Software Guard Extensions (SGX) 

The consortium will achieve Trusted Execution Environments (TEEs), especially with the Intel Software Guard Extensions (SGX) development kit. Intel SGX is the most researched, tested, and deployed application isolation technology in the market today, according to Intel, it enables application developers to partition their applications into private regions of memory called enclaves. Besides, it is designed to be protected from higher-level processes, including even the OS and hypervisor. 

This would enable application and frameworks developers to develop software that can be used across different cloud platforms and Trusted Execution Environment (TEE) models. 

As VMs operate on specialised servers from Intel Software Guard Extensions (SGXs), the hardware protects and encrypts while it is being processed by CPUs. Even the operating system or hypervisor would not be able to gain access to data as it is being processed from anyone. This drastically minimizes the attack surface in future usage in the enterprise for confidential computing in multi-cloud scenarios. 

See Also

Various untrusted entities can distribute transactions but protect their confidential or proprietary data from other parties by using enclaves.

Giving Way To New Data Processing Scenarios

Usually, data goes encrypted while it is stored or in transition by service providers, but it generally does not get encrypted when it’s in use. The Confidential Computing Consortium plans to concentrate on this last security problem when data gets processed in memory. Protecting the data being used means it stays hidden even in unencrypted form during processing except to the code approved to access it.

Confidential computing will allow encrypted data to be processed in memory without endangering the rest of the system, decrease exposure for sensitive data and give more comprehensive control and transparency for users. 

That way, confidential computing is expected to give birth to new types of scenarios like training multi-party dataset for machine learning models, letting various parties collaborate to have specific models or deeper analytics without providing other parties access to the data. The technology may also allow confidential query processing in database engines within secure enclaves, which will remove the need to trust database operators.

Provide your comments below

comments


If you loved this story, do join our Telegram Community.


Also, you can write for us and be one of the 500+ experts who have contributed stories at AIM. Share your nominations here.

Copyright Analytics India Magazine Pvt Ltd

Scroll To Top