Microsoft is putting hardware in charge of data protection in Azure to help customers feel confident about sharing data with authorized parties within the cloud environment. The company made a series of hardware security announcements at its Ignite 2022 conference this week to highlight Azure's confidential computing offerings.
Confidential computing involves creating a Trusted Execution Environment (TEE), essentially a black box to hold encrypted data. In a process called attestation, authorized parties can place code inside the box to decrypt and access the information without first having to move the data out of the protected space. The hardware-protected enclave creates a trustworthy environment in which data is tamper-proof, and the data isn't accessible to even those with physical access to the server, a hypervisor, or even an application.
"It's really kind of the ultimate in data protection," Mark Russinovich, Microsoft Azure's chief technology officer, said at Ignite.
On Board With AMD's Epyc
Several of Microsoft's new hardware security layers take advantage of on-chip features included in Epyc — the server processor from Advanced Micro Devices deployed on Azure.
One such feature is SEV-SNP, which encrypts AI data when in a CPU. Machine-learning applications move data continuously between a CPU, accelerators, memory, and storage. AMD's SEV-SNP ensures data security inside the CPU environment, while locking off access to that information as it goes through the execution cycle.
AMD's SEV-SNP feature closes a critical gap so data is secure at all layers while residing or moving in the hardware. Other chip makers have largely focused on encrypting data while in storage and in transit on communication networks, but AMD's features secure data while being processed in the CPU.
That offers multiple benefits, and companies will be able to mix proprietary data with third-party datasets residing in other secure enclaves on Azure. The SEV-SNP features use attestation to ensure incoming data is in its exact form from a relying party and can be trusted.
"This is enabling net new scenarios and confidential computing that was not possible before," said Amar Gowda, principal product manager at Microsoft Azure, during an Ignite webcast.
For example, banks will be able to share confidential data without the fear of anyone stealing it. The SEV-SNP feature will bring encrypted bank data into the secure third-party enclave where it could mingle with datasets from other sources.
"Because of this attestation and memory protection and integrity protection, you can rest assured that the data does not leave the boundaries in the wrong hands. The whole thing is about how do you enable new offerings on top of this platform," Gowda said.
Hardware Security on Virtual Machines
Microsoft also added additional security for cloud-native workloads, and the non-exportable encryption keys generated using SEV-SNP are a logical fit for enclaves where data is transient and not retained, James Sanders, principal analyst for cloud, infrastructure, and quantum at CCS Insight, says in a conversation with Dark Reading.
"For Azure Virtual Desktop, SEV-SNP adds an additional layer of security for virtual-desktop use cases, including bring-your-own-device workplaces, remote work, and graphics-intensive applications," Sanders says.
Some workloads haven't moved to the cloud because of regulation and compliance limitations tied to data privacy and security. The hardware security layers will allow companies to migrate such workloads without compromising their security posture, Run Cai, a principal program manager at Microsoft, said during the conference.
Microsoft also announced that the Azure virtual desktop with confidential VM was in public preview, which will be able to run Windows 11 attestation on confidential VMs.
"You can use secure remote access with Windows Hello and also secure access to Microsoft Office 365 applications within confidential VMs," Cai said.
Microsoft has been dabbling with the use of AMD's SEV-SNP in general-purpose VMs from earlier this year, which was a good start, CCS Insight's Sanders says.
Adoption of SEV-SNP is also important validation for AMD among data center and cloud customers, as previous efforts at confidential computing relied on partial secure enclaves rather than protecting the entire host system.
"This was not straightforward to configure, and Microsoft left it to partners to provide security solutions that leveraged in-silicon security features," Sanders says.
Microsoft's Russinovich said that Azure services to manage hardware and deployment of code for confidential computing are coming. Many of those managed services will be based on Confidential Consortium Framework, which is a Microsoft-developed open source environment for confidential computing.
"Managed service is in preview form ... we've got customers that are kicking the tires on it," Russinovich said.