Air travel is a big part of my role at Microsoft. Being on planes for hours allows me to get a lot of work done without much interruption. One thing I always install before I touch my surface keyboard is the privacy screen. Unless someone is just about sitting in my seat with me, the work that I am crafting on the screen can only be seen by me. That physical privacy screen is a critical component for protecting me, Microsoft and ultimately our customers and partners.
Well in parallel, the digital “privacy screen” for Microsoft’s Azure Cloud platform includes the hardening of data access using methods such as encrypting data at rest when stored in blob storage, or in databases, etc. And encrypting the data in transit between datacenters, across machines and throughout the network. Even if customers don’t encrypt the data they provide to us, we encrypt it anyway.
Privacy must go even further
When I think about data at rest and data in transit, these data stages are only 2 of the 3 really important stages to find data in. The third stage is where Microsoft is using its engineering prowess to encrypt data that is in use during computation. Now why is that important to a banking business executive or technology executive?
Bottom line, safeguarding data is an increasingly complex endeavor in today’s banking world. External threats are more sophisticated, and customers are becoming increasingly vigilant on how their data is both stored and utilized.
Did you know?
Data fraud or theft are now two of the top five risks CEOs are most likely to face according to the latest World Economic Forum report on global risks. Almost 80 percent of organizations are introducing digitally fueled innovation faster than their ability to secure it against cyberattackers. When it comes to banks innovating by leveraging current on-premises infrastructure, the vulnerabilities exponentially increase.
Executing business models on top of secure data
The bank is in full control of its data
That data collection and use by the bank is covered by Azure Confidential Computing – which uses a Trusted Execution Environment (TEE) or “enclaves,” increasing the security of application code and data, and offering cloud-based attestation that is simple and highly available through advanced security features, granular privacy controls, and cloud optimized specifically for financial services. Azure Confidential Computing helps to secure the bank’s data while it’s in use. Azure is the first cloud platform to protect the confidentiality and integrity of data while it’s processed in the cloud. It is the cornerstone of our ‘Confidential Cloud’ vision, which includes the following principles:
- Mitigate top data breach threats
- Customers are in complete control of their data whether it’s at rest, in transit or in compute
- Code running in the cloud is protected and verifiable by the customer
- Data and code are opaque to the cloud platform, or put another way the cloud platform is outside of the trusted computing base
What’s the bottom line?
Today, it is becoming increasingly important to understand the full information data supply chain in order to ensure adequate data protection – even while being analyzed. Azure Confidential Computing takes data security to the next level and protects data while it’s processed in the public cloud through the use of secure enclaves. This security capability provides the missing piece for full data protection at rest, in transit, and in use.
Check out Azure for banking and capital markets to learn more about cloud solutions that address the biggest challenges in financial services.