Confidential Computing

Security is a key driver accelerating the adoption of cloud computing, but it is also a major concern when you are moving extremely sensitive IP and data scenarios to the cloud.

There are ways to secure data at rest and in transit, but you need to protect your data from threats as it is being processed. Now you can. Azure Confidential Computing adds new data security capabilities using trusted execution environments (TEEs) or encryption mechanisms to protect your data while in use. TEEs are hardware or software implementations that safeguard data being processed from access outside the TEE. The hardware provides a protected container by securing a portion of the processor and memory. Only authorized code is permitted to run and to access data, so code and data are protected against viewing and modification from outside of TEE.

Hardware and compute:

Get access to hardware-based features and functionality in the Azure cloud before it is broadly available on-premises to build and run SGX-powered applications. The DC-series of virtual machines (VMs) enables the latest generation of Intel Xeon Processors with Intel SGX technology to the Azure cloud. Use these new VMs to build applications that protect data and code in use.

Attestation:

Validate code identity to determine whether to release secrets. Verification is simple and highly available with attestation services.

Development:

Take advantage of enclave creation and management, system primitives, runtime support and cryptographic library support. The Open Enclave SDK project provides a consistent API surface around an enclaving abstraction, supporting portability across enclave types and flexibility in architecture. Build portable C/C++ applications against different enclave types.

Research:

Explore research on new applications for confidential computing, techniques to harden TEE applications and tips to prevent information leaks outside the TEE.