Microsoft Azure Cloud Security Encrypts In-Use Data

Pixabay

Pixabay

The new security services and features are called Azure confidential computing.

Microsoft has announced a new Azure (cloud) data security capability: confidential computing.

"While many breaches are the result of poorly configured access control, most can be traced to data that is accessed while in use, either through administrative accounts, or by leveraging compromised keys to access encrypted data", Russinovich said. Data at rest is inactive data that is not being used and is stored in any form, either on physical media, in databases, data warehouses or anything else of the sort.

Those companies were storing the data on their own networks rather than with the big cloud providers such as Microsoft, Google and market leader Amazon.com. Russinovich said that, initially, Azure will support two TEEs, Virtual Secure Mode and Intel SGX, and will work with Intel and other hardware and software partners to develop additional TEEs and will support them as they become available. The TEE, which Microsoft also refers to as an "enclave", will check code trying to access the data and will disable operations "if the code is altered or tampered". Data can be accessed only after authorization of customers.

Customers use Azure for a plethora of tools, including computing, analytics, storage and networking.

Xenoblade Chronicles 2 will be launching this December
This game serves as a sequel to the original game that came out for the Wii. There is certainly no expense spared on this RPG title.

The new service also means that Microsoft won't have the capability to turn over unencrypted data in response to government warrants and subpoenas without customer involvement, an issue at the heart of a current Microsoft lawsuit against the US government fighting the requirement to turn over client data, sometimes without the customer's knowledge. Virtual Secure Mode is software based solution offered by Hyper-V in Windows 10 and Windows Server 2016. Hyper-V prevents administrator code running on the computer or server, as well as local administrators and cloud service administrators from viewing the contents of the VSM enclave or modifying its execution.

The company says it has been working on the features for four years, as part of its annual $1 billion spend on cybersecurity, and is the first public cloud to offer such protection.

Additionally, Microsoft said, it will be extending its in-house enterprise blockchain tools, like those in its Coco Framework, to provide additional security for SQL Server and SQL Database instances in Azure.

The confidential computing service is meant to reassure customers that are considering moving data and applications to Microsoft's cloud that the switch will not open them up to hacks, spying and secret subpoenas. Healthcare organizations can share private patient data, like genomic sequences, to gain insights from machine learning across multiple data sets, without risk of data being leaked to other organizations.

He also noted that US-based technology is no guarantee of 100 percent security, and said the Kaspersky ban "is, in reality, ultimately unsafe as it gives a false sense of confidence that USA national security interests are being protected from foreign threats, when in fact such bans do not really address the realities of United States dependencies on foreign supply chains". The Intel technology isn't exclusive to Microsoft and will be sold to other customers.

Latest News