Microsoft Azure security evolution: Embrace secure multitenancy, Confidential Compute, and Rust


Written by Jeffrey Cooperstein, Partner Software Architect, Azure Security


In the first blog of our series on Azure Security, we delved into our defense-in-depth approach for tackling cloud vulnerabilities. The second blog highlighted our use of variant hunting to detect patterns of vulnerabilities across our services. In this installment, we will introduce our game-changing bets that will enable us to deliver industry-leading security architectures with built-in security for years to come, ensuring a secure cloud experience for our customers. We will discuss our focus on secure multitenancy and share our vision for harnessing the power of Confidential Compute and the Rust programming language to protect our customers’ data from cyber threats. By investing in groundbreaking security strategies, such as Secure Multitenancy, Confidential Compute, and the Rust programming language, Azure provides customers with robust, built-in security measures that not only protect their data but also enhance the overall cloud experience, giving customers the confidence to innovate and grow their businesses securely.


Secure multitenancy with robust compute, network, and credential isolation

In our first blog, we touched on the benefits we’ve seen from improvements in compute, network, and credential isolation. Now, we want to dive deeper into what this means. For compute isolation, we’re investing heavily in hardware-based virtualization (HBV), the foundation of running untrusted code in Azure. Traditional Virtual Machines are at the core of many Azure Services hosting customer workloads. Our current bounty of up to USD250,000 on Microsoft Hyper-V vulnerabilities demonstrates our strong defense and highlights the importance of this boundary.


Our innovations with HBV extends beyond traditional virtual machines (VMs). Azure Container Instances (ACI) serve as our platform for running container workloads, utilizing HBV to isolate container groups from each other. ACI container groups take advantage of the same HBV that powers Azure Virtual Machines, but they offer a platform tailored for modern container-based applications. Numerous new and existing services are moving to ACI as a simple, high-performance model for secure multitenancy. Building services atop secure foundations like ACI enables us to address many isolation problems centrally, allowing multiple services to benefit from fixes simultaneously. Furthermore, we’re excited to introduce HBV to Kubernetes workloads via industry-standard Kata Container support in Azure Kubernetes Service. Similar to ACI container groups, Kata Container pods utilize HBV for robust isolation of untrusted workloads. In the coming months, we’ll share more about our efforts to bring this approach to WebAssembly hosting, boasting single-millisecond overhead compared to hosting WebAssembly without HBV. For network isolation, we’re shifting services towards dedicated virtual networks per tenant and ensuring support for Private Links which enable our services to communicate directly with customer-managed virtual networks. Shared networks have proven error-prone, with mistakes in network Access Control Lists or subnets leading to inadequate network isolation between tenants. Dedicated virtual networks make it difficult to accidentally enable connectivity between tenants that should remain separate.


Read the full article

0 Replies