The growth of “confidential computing” approaches will help clear away any “last mile barriers” for enterprises that are concerned about processing highly sensitive data in the cloud, Microsoft Azure chief technology officer Mark Russinovich believes.
Microsoft in September announced the launch of Azure confidential computing as a limited preview, using the SGX (Software Guard Extensions) capabilities of Intel’s Skylake CPUs to create a hardware-based Trusted Execution Environment (or “enclave”). (Microsoft also announced it would offer Virtual Secure Mode, a software-based TEE for its Hyper-V hypervisor.)
The Azure CTO describes the trusted enclave at the heart of confidential computing as a “little black box” that not even Microsoft can retrieve unencrypted data from.When you run your computation and store your data in an SGX enclave, nothing outside of that enclave can see what’s in it,” Russinovich said. “It’s encrypted, down at the processor level, and nothing can tamper with what’s in it.It is possible to cryptographically confirm that the expected code is running within the enclave, however.
“We worked closely with Intel to be the first public cloud to introduce Skylake servers into a public cloud data centre and then made them available through a limited preview where customers can sign up and we work with them to give them access to the servers, to start to play with this kind of technology,” Russinovich told Computerworld during a visit to Australia that coincided with Microsoft’s launch of new cloud regions and the company receiving the greenlight to store and process classified government data within Azure.