Microsoft Azure to enable encryption of data while in use

James Marshall
September 15, 2017

The services will enable businesses to unleash the potential of big data and further strengthens Microsoft's cloud offering in the UK.

In a post on the official Azure Blog, the service's Chief Technology Officer, Mark Russinovich, has revealed that through this announcement, Microsoft's platform is the first to bring encryption of data in use to the public cloud, something which was missing previously.

The idea, says Microsoft, is to keep the data away from threats while it is crunched on the server and sent to the application.

Microsoft has moved to make its Azure platform more secure with the launch of "Azure Confidential Computing".

HPE, one of Microsoft's partners, shared some details about its Azure Stack appliance too. Azure confidential computing, which enters a preview phase with initial customers Thursday, will offer two ways to create these secure enclaves.

Data breaches are virtually daily news events, with attackers gaining access to personally identifiable information (PII), financial data, and corporate intellectual property. While many companies worldwide have grown more willing to move even sensitive data to internet-based computing in the past few years, some unease about security and privacy persists. Both modes will allow applications to ringfence certain parts of their code and data so that they operate in a "trusted execution environment" (TEE). If the code is altered or tampered, the operations are denied and the environment disabled. It's a safeguard that remains active as along as code is being executed in a TEE.

Customers use Azure for a plethora of tools, including computing, analytics, storage and networking. Virtual Secure Mode is software based solution offered by Hyper-V in Windows 10 and Windows Server 2016. Hyper-V prevents administrator code running on the computer or server, as well as local administrators and cloud service administrators from viewing the contents of the VSM enclave or modifying its execution. Intel unveiled this sort of data-enclave capability for desktop machines in 2015 but hadn't planned to offer it for the servers that underpin cloud networks for several years. Customers that want their trust model to not include Azure or Microsoft at all can leverage SGX TEEs. The confidential computing service is meant to reassure customers that are considering moving data and applications to Microsoft's cloud that the switch will not open them up to hacks, spying and secret subpoenas. The technology will provide similar encryption-in-use protections to the database products without affecting the normal operations of SQL queries. Healthcare organizations can collaborate by sharing their private patient data, like genomic sequences, to gain deeper insights from machine learning across multiple data sets without risk of data being leaked to other organizations. "This data is completely protected from us and from any attackers". You can sign-up for early access program here.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER