Azure confidential computing
Protect and secure your cloud data while it is in use
- Safeguard data from malicious and insider threats while it is in use
- Maintain control of data throughout its lifetime
- Protect and validate the integrity of code in the cloud
- Ensure that data and code remain outside the view of the cloud platform provider
Take data security to the next level with confidential computing
Prepare to enhance your cloud security. Learn about our vision for the confidential cloud, which aims to remove Microsoft from the trusted computing base of Azure.
What is confidential computing?
Security is a key driver accelerating the adoption of cloud computing, but it is also a major concern when you are moving extremely sensitive IP and data scenarios to the cloud.
Confidential computing is the protection of data-in-use through isolating computations to a hardware-based trusted execution environment (TEE). While data is traditionally encrypted at rest and in transit, confidential computing protects your data while it’s being processed. A TEE provides a protected container by securing a portion of the hardware’s processor and memory. You can run software on top of the protected environment to shield portions of your code and data from view or modification from outside of the TEE.
"Customers are demanding the capability to reduce the attack surface and help protect sensitive data in the cloud by encrypting data in use. Our collaboration with Microsoft brings enterprise-ready confidential computing solutions to market, and enables customers to take greater advantage of the benefits of cloud and multi-party compute paradigms using Intel® SGX technology."Anil Rao, VP Data Center Security and Systems Architecture, Intel
Core components of confidential computing
Azure is making confidential computing a reality with innovation across hardware, software and services.
Hardware and compute
Deploy and manage compute instances that are enabled with TEEs
Use the new DCsv2-series virtual machines on Azure to build on top of the latest generation of Intel Xeon processors with [Intel] SGX technology in a completely virtualised cloud-based environment. The VMs allow you to run and build applications that protect your code and data while it’s in use.
Develop against a standard enclaving abstraction
Take advantage of enclave creation and management, system primitives, runtime support and cryptographic library support. The Open Enclave SDK (OE SDK) project provides a consistent API surface around an enclaving abstraction, supporting portability across enclave types and flexibility in architecture. Build portable C/C++ applications against different enclave types. Learn more about developing with the OE SDK on Azure confidential computing VMs.
Verify the identity of TEEs and the code running inside them
Validate code identity to determine whether to release secrets. Verification is simple and highly available with attestation services.
Gain insights from Microsoft Research to harden your enclave code
Explore research on new applications for confidential computing, techniques to harden TEE applications and tips to prevent unauthorised access from outside the TEE.
Read more on Azure confidential computing.
Signal develops open source technology for end-to-end encrypted communications, like messaging and calling. To meet the security and privacy expectations of millions of people every day, we utilize Azure confidential computing to provide scalable, secure environments for our services. Signal puts users first, and Azure helps us stay at the forefront of data protection with confidential computing.Jim O'Leary, VP of Engineering, Signal
At Fireblocks, our mission is to secure blockchain-based assets and transactions for the financial industry. Once we realized the traditional tech stack was not suitable for this challenge, we turned to Azure confidential computing and Intel SGX to implement our patent-pending technology. Our customers trust Fireblocks to securely store and move their digital assets – over $6.5 billion of them each month – and Azure provides a backbone for us to deliver on that promise.Michael Shaulov, CEO and Co-founder, Fireblocks
MobileCoin partners with Azure because Microsoft has decided to invest in trustworthy systems. Confidential computing rides the edge between what we can imagine and what we can protect. The praxis we've experienced with Azure allows us to commit to systems that are integral, high trust, and performant.Joshua Goldbard, CEO, MobileCoin
Anqlave's proprietary, institutional-grade modern key management and data encryption solution addresses the most critical security issues we face today. With Anqlave Data Vault (ADV) secret management allows users to securely create, store, transport and use its secrets. Leveraging Azure confidential computing, allows us to make this technology more accessible to our enterprise customers and easily support their scale. Providing a secure enclave that is portable in the cloud is one the key reasons why our enterprises will prefer to host their ADV on Azure Confidential Computing regardless of their other cloud infrastructure.Assaf Cohen, CEO, Anqlave
Insider threats are a clear and present danger to cloud computing. Azure confidential computing with enterprise-ready enclaves protects companies from insiders with a new level of simplicity. The time for enterprises to start POCs is now.Ayal Yogev, CEO, Anjuna Security
Today, data is often encrypted at rest in storage and in transit across the network, but not while in use. Securing data and code with confidential computing will help customers accelerate the journey to the cloud, while protecting their most valuable data. Azure confidential computing provides the hardware-based security infrastructure needed for our confidential computing platform and applications to excel in the cloud. Fortanix is excited to bring cloud-scale confidential computing to our global customers through our partnership with Microsoft.Ambuj Kumar, CEO and Co-founder, Fortanix
Explore confidential computing solutions available in the Azure Marketplace
Anjuna delivers secure Azure instances using end-to-end CPU hardware-level encryption without changing your application or operations.
Fortanix offers a cloud-native data security solution including key management, HSM, tokenisation and secrets management built on Azure confidential computing.
Related products and research
Protect your cloud data from advanced security threats. Learn more about available Azure confidential computing options.