Last September, Azure confidential computing efforts were announced, where Microsoft Azure became the first cloud platform to enable new data security capabilities that protect customer data while in use. The Azure team, alongside Microsoft Research, Intel, Windows, and our Developer Tools group, have been working together to bring Trusted Execution Environments (TEEs) such as Intel SGX and Virtualization Based Security (VBS - previously known as Virtual Secure mode) to the cloud. TEEs protect data being processed from access outside the TEE. We’re ready to share more details about our confidential cloud vision and the work we’ve done since the announcement.
Many companies are moving their mission-critical workloads and data to the cloud, and the security benefits that public clouds provide is in many cases accelerating that adoption. In their2017 CloudViewstudy, International Data Corporation (IDC) found that 'improving security' was one of the top drivers for companies to move to the cloud. However, security concerns still remain a commonly cited blocker for moving extremely sensitive IP and data scenarios to the cloud. Cloud Security Alliance (CSA) recently published the latest version of itsTreacherous 12 Threats to Cloud Computingreport. Not surprisingly, data breach ranked among the top cloud threats, and they included three additional data security concerns, specifically breaches caused by system vulnerabilities, malicious insiders, and shared technology vulnerabilities.
Azure Confidential Computing is aimed at protecting data while it’s processed in the cloud. It is the cornerstone of our 'Confidential Cloud' vision.