BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Microsoft Announces the General Availability of DCsv2-VM from Azure Confidential Computing

Microsoft Announces the General Availability of DCsv2-VM from Azure Confidential Computing

This item in japanese

Recently, Microsoft announced the general availability of DCsv2-series virtual machines (VMs). With these VMs, customers can deliver applications that protect data while in use.

DCsv2-series VMs are a part of Microsoft's Azure confidential computing offering, and feature hardware-based trusted execution environments (TEE) built on Intel's Software Guard Extensions (Intel SGX). On this Intel foundation, this VM-series makes confidential computing available for those enterprises who want to leverage cloud computing while keeping sensitive workloads protected, for instance, banks combining transaction data to detect fraud and money laundering, and hospitals combining patient records for analysis to improve disease diagnosis and prescription allocation.

Mark Russinovich chief technology officer at Microsoft, wrote in a blog post:

By combining the scalability of the cloud and ability to encrypt data while in use, new scenarios are possible now in Azure, like confidential multi-party computation where different organizations combine their datasets for compute-intensive analysis without being able to access each other's data. 


Source: https://twitter.com/JamesvandenBerg/status/1255022751695474688


Intel's SGX technology is responsible for protecting the customer's data and keeping it encrypted while the CPU is processing it - even the operating system and hypervisor cannot access it, nor can anyone with physical access to the server. However, SGX has been successfully exploited in the past, for instance, by researchers using Plundervolt and Membuster techniques.

Currently, both Microsoft and Google are cloud providers that now offer virtual-machine (VM) instances for highly confidential information to be processed on their cloud platforms. Next to Microsoft's GA release of the DCsv2-series VMs, Google announced its Unified Extensible Firmware Interface (UEFI) and Shielded VM as the default for all Google Compute Engine at no additional charge. Moreover, the Shielded VM offers protection against various threats, such as malicious guest OS firmware, boot and kernel vulnerabilities, and malicious insiders.

Microsoft and Intel are members of the Confidential Computing Consortium, who are committed to collaborating with the industry to deliver a more secure computing infrastructure. Anil Rao, Intel vice president, Data Center Security and Systems Architecture, said in a press release:

Customers demand the capability to reduce the attack surface and help protect sensitive data in the cloud by encrypting data in use. Our collaboration with Microsoft brings enterprise-ready confidential computing solutions to market. It enables customers to take greater advantage of the benefits of cloud and multi-party compute paradigms using Intel SGX technology.

Today the DCsv2-series VMs for Azure is available in three regions (East US, Canada Central and UK South), and Microsoft plans to expand the offer to other regions before the end of the year, according to the announcement. The pricing details for these Azure VMs and others are available on the pricing page.

Rate this Article

Adoption
Style

BT