We are excited to announce the publication of our first O'Reilly Media report: Azure Confidential Computing and Zero Trust. We felt a need to make it clear to our customers, and the industry as a whole, what confidential computing is, how it relates to the foundational principles of zero trust, what use cases it enables, and the depth and breadth of confidential computing in Azure.
Confidential computing is the processing of data in a hardware based and attested trusted execution environment (TEE). This helps enforce zero trust principles down to the hardware level in several ways. For example, it supports the principle of enforce least privileged access by ensuring only the software that writes to a memory location may read it or write over it. It also supports the principle of always verify access through the confidential computing requirement of attestation of the TEE. This allows the good state of the TEE hardware and software to be verified before sensitive data is unlocked and made available for processing. And finally, it supports the principle of assume breach by removing the cloud provider's host OS and hypervisor from software that must be trusted.
And as Azure CTO and Technical Fellow Mark Russinovich writes in his foreword to the report:
" . . . confidential computing does more than help organizations improve their security posture. It also helps unlock more potential with data, enabling innovation and empowering businesses and developers to build new kinds of services previously inhibited by security or privacy constraints. . . This will help unlock privacy-enhanced personal AI services, trustworthy and transparent hardware and software supply chains and revolutionize solving problems at scale across various domains."
Our report contains several links to industry standards, our case studies, and other reference material. Please take a look and share with your colleagues!
Microsoft
