It’s been a busy year so far in the confidential computing space. The Confidential Computing Consortium (CCC) updated their website, published a new whitepaper, posted a blog on the importance of attestation, and contributed to a Wikipedia page to help clarify Confidential Computing for the masses. Organizations from across the industry came together at Open Confidential Computing Conference (OC3), including a panel with leaders from Microsoft, Intel, AMD, and Nvidia.
Advancements in AI have exploded with new use cases across multiple industries. In the financial sector, SWIFT, the largest payments processor in the world, is collaborating with Microsoft to build an anomaly detection platform to eradicate fraud in payment transactions. The platform leverages a federated learning solution from Azure Machine Learning to improve their models with member bank data, including a close partnership with BNY Mellon. The platform runs on Azure confidential computing to provide advanced privacy protection on the models and bank customer data. Learn more about SWIFT’s ambitious solution.
Many customers are engaging with Microsoft and looking to leverage Azure confidential computing for various use cases, such as confidential AI and data clean rooms. Customers are also driving Microsoft to bring further Confidential Computing options, with both infrastructure capabilities and services that process data. Below you can find a summary of the announcements at the Build conference this year from Azure and partners providing services on Azure confidential computing (ACC).
Preview: Intel TDX confidential VM preview
Microsoft has recently announced that DCesv5 and ECesv5-series confidential virtual machines (VMs), based on Intel fourth-generation Xeon™ processors with TDX technology are now in preview. These VMs allow Azure customers to migrate their most sensitive workloads to Azure with minimal performance impact and without code changes.
These confidential VMs are designed to offer a hardware-based trusted execution environment (TEE), which hardens guest protections to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access. Customers in regulated industries such as banking, healthcare and the public sector can easily migrate their legacy workloads from on-premises environments to these confidential VMs.
These VMs include guest attestation that can be used to ensure that the VM only will boot when the platform verifies that the VM host environment is chained to an Intel hardware root-of-trust and customized secure key release policies are met. Additionally, customers can initiate attestation requests inside of these confidential VMs to demonstrate that the VMs are running on Intel-powered nodes with TDX enabled.
Learn more about this update.
Preview: Confidential VM option for Azure Data Explorer
Customers who need to analyze sensitive activity data can now do so by running Azure Data Explorer (ADX) on the AMD-based confidential VM. This delivers unmatched interactive analytics performance and power on real-time, low-latency data streams. Running a customer’s ADX cluster on Azure confidential VMs enables ADX customers to confidently analyze their sensitive data, financial transaction data, health related activities, critical business events and other sensitive timestamped data in Azure.
Learn more about this update.
Preview: Confidential VM option for Azure Databricks
Customers seeking to better ensure privacy of personally identifiable information (PII) or other sensitive data while analyzing that data in Azure Databricks can now do so by specifying AMD-based confidential VMs when creating an Azure Databricks cluster. Running a customer’s Azure Databricks cluster on Azure confidential VMs enables Azure Databricks customers to confidently analyze their sensitive data in Azure.
Learn more about this update.
General Availability of confidential containers on ACI
Confidential containers on Azure Container Instances (ACI), is an industry-first serverless confidential computing platform. This enables fast and easy deployment of containers natively in Azure and the ability to protect data and code in use, in memory, thanks to AMD EPYC™ processors with confidential computing capabilities.
The containers can be grouped to run in a hardware-based and attested Trusted Execution Environment (TEE) without the need to adopt a specialized programming model and without infrastructure management overhead. This offering includes full guest attestation, which reflects the cryptographic measurement of all hardware and software components running within the Trusted Computing Base (TCB), tooling to generate policies that will be enforced in the TEE, and an open-source sidecar container for each container group to support secure key release and encrypted file systems.
Learn more about this update.
Preview: Confidential containers on AKS
The introduction of confidential containers on Azure Kubernetes Service (AKS), is an industry-first offering allowing AKS customers to leverage open-source Kata Containers to allow certain pods to run in their own trusted execution environment (TEE) with protection of data in use, in memory. Each pod has its own memory encryption key generated by the hardware and is unavailable to Azure operators. The update includes support for customer attestation of the TEE, and support for an open-source sidecar container for managing secrets. This is now in preview.
Learn more about this update.
Preview of Confidential VM support for Red Hat Enterprise Linux (RHEL)
Microsoft is announcing that Azure customers can now specify the RHEL 9.2 Tech Preview image as the guest operating system (OS) for their AMD-based confidential VMs. This can help ensure that any sensitive data processed by their RHEL guest OS is protected in use and in memory. Azure AMD-based confidential VMs can provide a strong, hardware-enforced boundary that hardens the protection of the guest OS against host operator access and other Azure tenants. These VMs are designed to help ensure that data in use and in memory is protected from unauthorized users using encryption keys generated by the underlying chipset and inaccessible to Azure operators.
Learn more about this update.
Coming Soon: New Regions for AMD SEV-SNP Confidential VMs
AMD SEV-SNP confidential VMs have been generally available in the following regions: West US, East US, West Europe, and North Europe.
Four more regions will be available in the next quarter, with Switzerland North, Southeast Asia, Italy North and Japan East being added as generally available regions.
New Partner Solutions on Azure confidential computing
SAS Viya on Microsoft Azure will soon include Azure confidential computing capabilities featuring AMD EPYC™ processors with SEV-SNP technology. This will provide SAS Viya customers with an even more secure AI and cloud computing platform to further reduce the risk of a breach and strengthen compliance, while simultaneously giving customers access to larger data pools for more powerful analytic models. The new capabilities will be initially available in the United States, the Netherlands and Ireland, with a wider rollout later.
Learn more about this update.
Habu delivers an interoperable data clean room platform that enables businesses to unlock collaborative intelligence in a smart, secure, scalable, and simple way. Habu connects decentralized data across departments, partners, customers, and providers for better collaboration, decision-making, and results. Today they announced an upgrade to their hybrid clean room pattern to provide additional protection against unauthorized access to data across partners, cloud providers, and even Habu. With support for Azure confidential computing and secure key release, Habu customers can perform complex data analysis and machine learning tasks with additional data security.
Learn more about this update.
BeeKeeperAI announced the commercial release of their patented zero-trust collaboration platform to accelerate healthcare AI development on protected information. EscrowAI leverages Azure confidential computing to resolve the challenges of data sovereignty, privacy, and security. In healthcare, EscrowAI enables HIPAA-compliant research on full PHI without exposing the patient data, thereby reducing the AI development timeline dramatically due to streamlined collaboration agreements and access to more precise data.
Learn more about this update.
Mithril Security announced BlindBox, a secure infrastructure tooling to deploy large language models (LLMs), by building on top of confidenital containers in Azure Container Instances (ACI, which just reached general availability. BlindBox provides tooling to help SaaS vendors serve AI models inside secure enclaves, and providing an on-premises level of security and control to data owners. Data owners can use their SaaS AI solutions while remaining compliant and in control of their data.
Learn more about this update.
Get Started with ACC
ACC documentation - https://aka.ms/accdocs
Learn more about confidential AI - https://aka.ms/ConfidentialAI
Learn more about data clean rooms - https://aka.ms/cleanrooms
Catch up on ACC blogs – https://aka.ms/accblogs