I am pleased to announce that Azure confidential ledger is now generally available! Azure confidential ledger is an unstructured, trusted data store for important identifiers of sensitive data that require high integrity. Data records stored on Azure confidential ledger remain immutable (i.e. Write Once, Read Many) and can be cryptographically verified. It offers a simple experience with REST APIs that can be easily integrated into the application architecture.
As the name suggests, Azure confidential ledger utilizes the Azure Confidential Computing platform and the Confidential Consortium Framework to provide high levels of integrity that is protected and evident. Through the permissioned blockchain model, the service implements a network of nodes within dedicated, fully attested hardware-backed confidential enclaves. This unique approach provides the benefit of keeping the cloud administrator out, along with durability and high transaction performance.
The service is ideal for storing audit logs, hashes or metadata that must not be modified and will require verification. For example:
Records relating to business transactions (e.g. money transfer or confidential document edits)
Updates to trusted assets (e.g. core application or contracts)
Administrative and control changes (e.g. granting access permissions)
Operational IT and security events (e.g. alerts, compliance records)
Application verification for audit
Azure confidential ledger can be a simple mechanism for identifying unexpected modifications that occurred. For instance, the log or signature of a database can be added in the tamper protected Azure confidential ledger. If a mismatch is identified between the database signature and the record kept in the confidential ledger, it indicates additional investigation is required. This approach can be helpful in complying with regulatory requirements.
Multi-party transparency for audit
When multiple parties need to selectively disclose parts of the ledger for audit purposes, Azure confidential ledger can be useful. Imagine Bank A authenticates with a client certificate and then adds encrypted logs about operations on sensitive data; Bank B does the same. Each bank can only see what is relevant to them. When the bank needs to demonstrate compliance about the logs, they can selectively choose to share recorded ledger transactions with the auditor. The auditor can obtain the cryptographic proof of the presence of the transaction in the confidential ledger through a receipt.
Customers and partners who are using Azure confidential ledger
Carbon Assets Solutions is a precision measurement, recording and verification platform for atmospheric carbon removal via soil carbon sequestration. With Azure confidential ledger, we deliver higher integrity Carbon Credits than any other method. – Sara Saeidi, Chief Operating Officer, Carbon Asset Solutions
It is critical within Financial Services that ledgers are accurate, resilient, and tamperproof. Azure confidential ledger enables RTGS.global to verify the integrity of all its ledgers, providing assurances to customers, central banks, and regulators that data held within RTGS.global is truly immutable.
– Andrew Smith, Chief Technology Officer, RTGS.global
The ledgertechnology in Azure SQL Database helps protect customer data from tampering. This is achieved by storing the data in a cryptographically protected data structure and generating digests that capture the database state. Customers use the digests to verify the database integrity, which is why storing them in a trusted and secure location is critical for the security of the system. Azure confidential ledger provides hardware level protection for the data it maintains. That makes it an ideal digest storage solution for Azure customers with the most stringent security requirements.
– Raghu Ramakrishnan, Chief Technology Officer for Data, Technical Fellow
Confidential computing is an evolution of how data is secured during processing. Avanade believes it will be critical as organisations begin to collaborate and share data in new ways, whether for customer sensitive data in finance and healthcare, or as part of the digital transformations happening now in manufacturing and logistics. Azure confidential ledger is a secure and flexible solution allowing developers to store any data in a trusted environment, backed by blockchain technology. Unlike other blockchain solutions, configuration and custom setup requirements are minimal. ACL is a lightweight addition to Microsoft’s confidential compute services, enabling information to be stored immutably with ease. ACL can form part of any solution requiring provenance for sensitive data, with hardware-backed guarantees that storing and processing activities are tamper-proof. ACL is ideally suited for data-owners to track, monitor, and audit changes over time securely.
– Fergus Kidd, Research and Development Engineering Lead, Avanade