3 min read
In Azure, your data is your data. Not only is it protected at rest and in transit, but Microsoft Azure extends that protection while in use with confidential computing.
Azure was the first major public cloud to deliver confidential computing which opened up new levels of privacy and innovation for our customers. Today customers in finance, government, healthcare, and telecom use Azure to detect fraud, improve communications privacy, secure blockchain, deliver multi-party machine learning, and enable secure key management.
Azure now has the broadest portfolio of confidential computing options including confidential virtual machines, confidential containers, confidential machine learning, confidential IoT edge devices, and soon confidential capabilities within Azure SQL.
Today, we are announcing that Azure will be an early adopter of the 3rd generation Intel® Xeon® Platform, code named Ice Lake, which includes full memory encryption and accelerated cryptographic performance for confidential computing with Intel Software Guard Extensions (SGX). Available next year, this technology will unlock even more confidential computing scenarios for our customers.
Beyond the hardware security protections, Microsoft Azure Attestation (MAA) further improves security by enabling customers to remotely attest to the authenticity of the SGX enclave at the hardware level, ensures the latest security patches are installed, and the confirms the integrity of the code running within the enclave.
While the roadmap is exciting, many of our customers are gaining business value on the current generation of confidential computing. We encourage you to adopt confidential computing today, as solutions you build now will continue to work in Ice Lake, and even gain additional performance and features. Just a few customer examples include:
University of California San Francisco (UCSF) is building a healthcare platform.
“UCSF’s Center for Digital Health Innovation (CDHI) is pleased to be collaborating with Fortanix, Intel, and Microsoft Azure to establish a confidential computing platform with privacy preserving analytics to accelerate the development and validation of clinical algorithms. The platform will provide a “Zero Trust” environment to protect both the intellectual property of an algorithm and the privacy of healthcare data. Using Fortanix Enclave Manager for orchestration of Intel’s SGX secure enclaves on Azure confidential computing infrastructure with Azure Kubernetes Service (AKS), and CDHI’s proprietary BeeKeeperAI data access, transformation, and orchestration workflows, the platform will reduce the time and cost of developing clinical algorithms.” —Michael Blum, Executive Director, UCSF
MobileCoin is building a fast and secure cryptocurrency.
“MobileCoin partners with Azure because Microsoft has decided to invest in trustworthy systems. Confidential computing rides the edge between what we can imagine and what we can protect. The praxis we’ve experienced with Azure allows us to commit to systems that are integral, high trust, and performant.” —Joshua Goldbard, CEO, MobileCoin
Magnit is building loyalty programs with multi-party data. Magnit is one of the largest retail chains in the world and is using confidential containers to pilot a multi-party confidential data analysis solution through Aggregion’s digital marketing platform. The solution focuses on creating insights captured and computed through secured confidential computing to protect customer and partner data within their loyalty program.
Fireblocks is building a digital asset platform for financial transactions.
“At Fireblocks, our mission is to secure blockchain-based assets and transactions for the financial industry. Once we realized the traditional tech stack was not suitable for this challenge, we turned to Azure confidential computing and Intel SGX to implement our patent-pending technology. Our customers trust Fireblocks to securely store and move their digital assets—over $6.5 billion of them each month—and Azure provides a backbone for us to deliver on that promise.” —Michael Shaulov, CEO and co-founder, Fireblocks
Learn more examples from our Microsoft Ignite customer panel.
Another great place to start is wrapping your existing Kubernetes applications to create confidential containers with the help of a partner such as Anjuna, Fortanix, or Scone, or using an open source solution like Graphene or Occlum.
You can also safeguard keys with Azure Key Vault Managed HSM, take advantage of confidential machine learning using ONNX models with the Confidential Inference Beta project on GitHub, or even secure IoT with Azure IoT Edge security with enclaves.