Advanced searches left 3/3
Search only database of 8 mil and more summaries

Azure Confidential Computing

Summarized by PlexPage
Last Updated: 02 July 2021

* If you want to update the article please login/register

General | Latest Info

Whats New: Today, Microsoft Azure DCsv2 - Series featuring hardware - base Trusted Execution Environment built on Intel Software Guard EXtensions was released for general availability. Build on the Intel trust Foundation, Azure DCsv2 - Series makes Confidential Computing broadly available to Enterprise customers who want to leverage Cloud Computing while helping to keep sensitive workloads protect. Why does it matter:? Combined with encrypted data storage and transmission methods, TEEs can create end - to - end protection architecture for sensitive data, such as typically regulated data in financial services and healthcare. Microsoft Azure is the first public Cloud provider to offer broad Virtualization Services using hardware - Optimized TEEs as encryption mechanisms to help protect customer data while in use. It allows data to be processed in the Cloud while offering even greater control over security and privacy. Back by Intel SGX, Azure Confidential Computing virtual machines run code and data in isolation from operating system, Hypervisor or virtual machine manager, and other privileged processes. Intel SGX is available today on Intel Xeon processor E - 2200 family, and the company is working to scale Intel SGX across our mainstream Xeon platforms in upcoming generations. As announced in February, Intel is continuing to extend Intel SGX with larger enclaves, extend protections to offload accelerators, and improve performance. These improvements will further expand the number of usage able to leverage these advanced application isolation capabilities. Whats Next: Intel and Microsoft empower customers to execute their data in a more secure and private Cloud Environment. As two of the founding members of the Confidential Computing Consortium, both companies are committed to collaborating with industry to deliver more secure computing infrastructure today and in the future. Small Print: No product or component can be absolutely secure.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Introducing Azure confidential computing

By default, Azure ensure that data is secure when its at rest and in transit. We are familiar with using encrypted storage and network connections, but in most cases, we need to process it in raw, decrypting it right where it is most at risk of leaking. That is where the concept of Confidential Computing comes in, building on a mix of hardware and software, along with work from Microsoft Research, to build and operate TEEs. These TEEs are perhaps best thought of as secure containers that protect both computer and memory resources your application needs, shielding them from other users by preventing untrusted code from running in that memory space. By protecting both the CPU and memory, it is possible to provide authorization methods that lock down computer to ensure that only your own trusted code runs and that prevent code from crossing memory boundaries into protected space. When application frees up TEE, it flush, ensuring that there is no data left in processor caches or in memory. External applications ca read that memory and they ca modify it too, so theyre unable to inject code across protection boundaries.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Using SGX in Azure

Scott Woodgate, Microsoft Sr. Director of Azure Security and Management Marketing, joined us at Intel Security Day last month and shared a real - world example of multi - party machine learning: Weve seen multiple banks around the world implement multi - party machine learning to find specific patterns of fraud and help bottom line of these banks. To do this, banks perform machine learning to find patterns on share datasets in Azure using Intel SGX enable protected enclaves without ever exposing individual banks ' datasets to other parties, including banks or even administrators on Virtual machines. Multi - party machine learning brings new possibilities to industries where data security is paramount but not all participating devices are trust. As leading members of the Confidential Compute Consortium, Intel and Microsoft want to empower our customers to execute their data in a more secure and private Cloud Environment and are committed to collaborating with industry to deliver Secure Compute infrastructure today and into our future. Write by Jason Grebe, Corporate Vice President & General Manager of Cloud & Enterprise Solutions Group

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Intel SGX (Software Guard Extensions)

A couple months ago at Ignite 2018, Microsoft unveiled their public preview of Microsoft Azure Confidential Computing. In Sept 2017, Microsoft Azure became the first cloud platform to enable new data security capabilities that provide enhanced protection for customer data while in use with Confidential Computing. Microsoft and Intel are working together to bring Trusted Execution Environments, such as Intel Software Guard Extensions and Virtualization base Security to the cloud. Intel SGX is a tool that enables developers to better protect their most sensitive data and application code in - memory and prevent malware and system software from gaining access. Intel SGX adds this protection through CPU - base instructions that establish TEE at the lowest layer possible. Many customers are looking to combine the scale and economics of cloud computing with confidence they have in private, on - premise hardware. Azure Confidential Computing provides added protection for data while data is processed in cloud. Acc relies on Intel SGX, which provides an encrypted Enclave that is even protected from cloud providers and low - level system process. Azure Confidential Computing aims to protect data while its processed in the cloud. Intel SGX enables application developers to protect select code and data from disclosure or modification through use of Secure enclaves. With security looming large in customers ' minds, developers should take advantage of security - enhancing tools they have to protect their workloads. There are a wide variety of resources that can help developers get start with Intel SGX both in Azure and for on - premise, including the New Open Enclave SDK announced by Microsoft at Ignite. To learn more about Microsoft ACC and Security services that were showcased and enabled by Intel SGX, listen to this podcast with Christine Avanessians, Principal PM Manager of Microsoft Azure Compute team at Microsoft.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Asylo

Google introduced Asylo, Open - source framework for developers to run applications in the Trusted Execution Environment. Traditionally, data Security focuses on protecting data at rest and while in transit. That necessary if the threat is someone physically stealing a computer or sniffing network packets. Protecting data while IT is being used is a much harder problem. If the attacker has a compromise application and is an authorized user on the Server, then IT doesnt matter if data is encrypted because authorized users have access to data. That is the problem Confidential Computing tackles: keeping data protected while in use. Confidential Computing offers Security Features and controls that protect data from attackers who have hardware access or administrator privileges and from attackers exploiting vulnerabilities to gain control of an application, operating system, or hypervisor. Encrypting data while in use is a missing piece in Cloud Security, according to Microsoft Azure CTO Mark Russinovich.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Conclusion

There is no doubt that security on the Cloud is a major concern for many organizations, especially those that are subject to regulatory compliance, such as finance and healthcare. But there are also implications for artificial intelligence and the Internet of Things, where accessing sensitive data is key to providing services of the future. Most security compromises are down to poor access control and failure to implement best practices, so human factors in managing security will inevitably lead to data breaches. Subsequently, defense - in - depth measures are necessary to make sure there are multiple protections in place. Encryption of data in use will be a necessary addition if Azure is to provide a platform that can rival Amazon and Google. But security isnt the only concern, as the value proposition of the Cloud isnt always known conclusion. But if Microsoft can continue to address both security and cost issues, Azure is likely to continue its strong march forward against Amazon. Hopefully you will get to see Mark Russinovichs session at Ignite, Inside Microsoft Azure Datacenter Hardware and Software Architecture, which will provide insight into Azures data center Architecture and implementation innovations. Follow Russell on Twitter smithrussell. Subscribe to Petri Newsletters Office 365 Insider Our Petri Office 365 Insider is dedicated to sharing detailed knowledge from top Office 365 experts. Deliver once a month to your inbox. All Newsletters Petri. Com may use your contact information to provide updates, offers and resources that may be of interest to you. You can unsubscribe at any time. To learn more about how we manage your data, you can read Our Privacy Policy and Terms of Service.! Already Petri. Com member? Login here for 1 - click registration.


Where will these apps be used? ^

One part of ACC is hardware in Azure, VMs, and associated attestation infrastructure. The other part is the new SDK, Open Enclave SDK. This SDK doesn't just work for writing applications for Azure but also works with any SGX hardware. Currently, IT supports C and C + with other languages coming. Sdk aims to abstract underlying technology, ensuring portability. Today, Azure offers Hyper - V virtualization - base security enclaves as well as Intel SGX. Arm is developing TrustZone with similar functionality SDK will also support. I would assume that AMD will offer similar functionality in the future. Another reason for SDK is to reduce friction for developers. Intel's own SGX SDK requires that you have a business relationship with Intel so you can acquire required certificates. Microsoft's SDK removes that need while still mapping certificates back to Intel's root certificate. The last aim of SDK is to provide portability between Linux and Windows applications, ideally requiring only simple recompile. The Enclave has some performance degradation compared to normal host processing and also limitations on the amount of data and code you can fit into IT. So the real challenge with Enclave applications will be to design them right so that the split between host and Enclave code is optimal. This is not unlike the tradeoff required for kernel and user modes in normal applications. I predict that developers who pick this up early will be able to earn large amounts going forward.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Confidential Computing Heats Up

Both Intel and Microsoft are also founding members of the Confidential Computing Consortium. The Linux Foundation formed the Open source group last August, and at its launch Intel contributed its SGX Software development kit to the project. Meanwhile, Microsoft contributed Open Enclave SDK, which is an Open source framework that allows developers to build TEE applications using single enclaving abstraction. Two companies have been working on Azure Confidential Computing for several years, and a little over two years ago they rolled out their first public preview of the service. Microsoft claims Azure was the first public Cloud to encrypt data while in use, and its engineers helped design SGX technology used in Intel Xeon chips. At the Intel Security Day event in February, Senior Director of Microsoft Azure Security Scott Woodgate joined Intel execs on stage to discuss new use cases that Confidential Computing enables. These include multi - party or federate machine learning. During a later interview at the RSA conference, Woodgate said several Microsoft customers use multi - party machine learning to detect banking fraud and money laundering. Ibm is also working on Confidential Computing use cases with its banking and health care customers, say Nataraj Nagaratnam, CTO and Director of Cloud Security for IBMs Cloud and Cognitive Software business unit. That Cloud provider last week announced that IBM Cloud Data Shield now supports containerized applications on IBM Cloud Kubernetes and RedHat OpenShift using Intel SGX hardware and Fortanix encryption technology.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Sources

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

logo

Plex.page is an Online Knowledge, where all the summaries are written by a machine. We aim to collect all the knowledge the World Wide Web has to offer.

Partners:
Nvidia inception logo

© All rights reserved
2021 made by Algoritmi Vision Inc.

If you believe that any of the summaries on our website lead to misinformation, don't hesitate to contact us. We will immediately review it and remove the summaries if necessary.

If your domain is listed as one of the sources on any summary, you can consider participating in the "Online Knowledge" program, if you want to proceed, please follow these instructions to apply.
However, if you still want us to remove all links leading to your domain from Plex.page and never use your website as a source, please follow these instructions.