Skip to content
Microsoft Industry Blogs - United Kingdom

An illustration that represents AI, next to a drawing of Bit the Raccoon.

Security is a key driver accelerating the adoption of cloud computing, but it’s also a major concern when you’re moving extremely sensitive IP and data scenarios to the cloud.

There are ways to secure data at rest and in transit, but you need to protect your data from threats as it’s being processed. Now you can. Confidential computing adds new data security capabilities using trusted execution environments (TEEs) or encryption mechanisms to protect your data while in use.

TEEs are hardware or software implementations that safeguard data being processed from access outside the TEE. The hardware provides a protected container by securing a portion of the processor and memory. Only authorised code is permitted to run and to access data, so code and data are protected against viewing and modification from outside of TEE.


Confidential computing with Azure

While data is typically encrypted at rest and in transit, Azure confidential computing also protects your data while it’s being processed. You can share machine learning datasets with multiple sources without exposing proprietary data, and prevent unauthorised access to your data and code by isolating computations in a hardware-based trusted execution environment (TEE).

Confidential computing provides an additional layer of protection from potentially malicious insiders at a cloud provider, minimises the risk of data leaks and may even address some regulatory compliance needs.

It also enables several previously not possible use-cases. For example, customers in regulated industries can now collaborate together using sensitive partner or customer data to detect fraud scenarios, without giving the other party visibility into that data.


How it works for Kubernetes

You can get this additional layer of data protection for your Kubernetes workloads with the code running on the CPU with secure hardware enclaves. This can be done in just a few steps:

  • Use the open enclave SDK for confidential computing in code.
  • Create a Kubernetes cluster on hardware that supports Intel SGX, such as the DC-series virtual machines running Ubuntu 16.04 or Ubuntu 18.04.
  • Install the confidential computing device plugin into those virtual machines.

Kubernetes users can then schedule pods and containers that use the Open Enclave SDK onto hardware which support TEEs. The Open Enclave SDK was recently open sourced by Microsoft and made available to the Confidential Computing Consortium under the Linux Foundation for standardisation.



Join the conversation

Leave a reply

Your email address will not be published. Required fields are marked *

Loading comments...