A technical study from research firm Prowess Consulting confirms substantial performance gains delivered by the latest generation Azure confidential virtual machines (VMs) powered by 4th Generation AMD EPYC™ processors over their predecessors, enabling robust, hardware-level security with a minimal and predictable performance overhead.
At Microsoft, protecting customer data is a foundational commitment. Organizations moving their most sensitive workloads to the cloud require assurances beyond just encryption of data-at-rest and data-in-transit. They need robust protection while the data is in use, and they need it without sacrificing the performance of their business-critical applications. Confidential Computing emerged as a technology to address this need for data-in-use protection.
For years, a key consideration for adopting confidential computing has been the perceived trade-off between stronger security and application performance. To provide our customers with transparent, third-party validation, Microsoft and AMD commissioned a technical analysis from Prowess Consulting, an independent research firm specializing in hands-on performance validation for the enterprise IT industry. Their report provides an assessment of our latest generation confidential VMs.
Azure confidential VMs, powered by the latest 4th generation AMD EPYC™ processors, deliver both next-generation performance and hardware-enforced security, fundamentally shifting the conversation from a security trade-off to a performance dividend. Enterprises are required to handle sensitive information or personal data like transactions, analytics or intellectual property (IP) while operating under strict compliance regimes like GDPR or HIPAA can now seamlessly transition to the cloud, running their high performance, mission-critical applications on Azure’s latest confidential VMs.
A Generational Leap in Performance
While uncertainty surrounding the performance overhead of enabling confidential computing features and performance gaps, confidential computing has broadened its appeal as processors leap forward in both performance and capabilities with each successive generation.
The motivation of the study was to identify a clear performance uplift by comparing the latest Azure DCasv6 confidential VMs, powered by 4th generation AMD EPYC™ processors, against the previous generation. The data confirms that upgrading delivers a significant and measurable performance uplift across the stack.
A 77% gain in memory bandwidth, driven by architectural enhancements including the adoption of DDR5 memory, directly benefiting data-intensive applications.
A 34% increase in Redis throughput, demonstrating substantial real-world gains for in-memory databases and caching workloads where latency is critical.
A 30% rise in CPU throughput, confirming faster execution for compute-bound workloads on the latest generation of Azure confidential VMs.
Quantifying the Overhead of SEV-SNP
Beyond generational gains, the Prowess report sought to answer the critical question: What is the real performance overhead of enabling AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)? This hardware-level security feature isolates VMs by encrypting memory in use, protecting it even from the host hypervisor. The study compared confidential VMs (DCasv6) against general-purpose counterparts (Dasv6) running on identical 4th Gen AMD EPYC processors. The overhead introduced by these advanced protections was found to be minimal and predictable.
An 8% overhead for CPU-intensive and Redis workloads.
A mere 2% overhead for memory-intensive workloads.
These results affirm that a robust security posture with a minimum impact on performance or latency, making it a practical choice for a broad spectrum of production workloads.
From Technical Validation to Business Value
For IT leaders and developers, these findings mean you no longer need to architect around performance limitations to achieve stronger security. The implications are clear:
- Confidentiality is a mainstream capability. With such minimal overhead, confidential computing is no longer a niche solution for only the most sensitive data, but a viable option for securing a diverse array of enterprise applications.
- Modernize with confidence. Organizations can now confidently migrate and modernize applications on Azure confidential VMs, gaining both hardware-enforced data protection and a significant performance boost.
- Unlock new possibilities. This validated performance enables the processing of sensitive data from financial analytics to healthcare insights in the cloud, scenarios that were previously constrained by security and performance concerns.
This report validates our commitment to delivering a confidential cloud without compromise.
Next Steps
We encourage you to review the detailed report and explore how Azure confidential computing can fit into your security strategy.
- Read the full Prowess Consulting Technical Report for a deep dive into the methodology and results.
- Visit the confidential computing homepage to learn more about our comprehensive portfolio.
- Explore the DCasv6 and ECasv6-series VMs today.
Microsoft