BT

InfoQ Homepage News Microsoft Releases Azure Attestation into General Availability

Microsoft Releases Azure Attestation into General Availability

Bookmarks

Microsoft recently announced the general availability of Azure Attestation, a unified solution for remotely verifying the trustworthiness of a platform and the integrity of the binaries running inside it.

Azure Assestation service is a part of Microsoft's Azure confidential computing efforts that offers hardware, software & services to protect sensitive customer data in-use while minimizing the Trusted Computing Base (TCB). Microsoft started with its confidential computing efforts a few years ago and, since 2019, joined the Confidential Computing Consortium - which is committed to collaborating with the industry to deliver a more secure computing infrastructure. Other members of this consortium include Google, Intel, and Red Hat. 

Azure Assestation is a Platform as a Service (PaaS) that supports attestation of platforms backed by Trusted Platform Modules (TPMs) alongside the ability to attest to the state of Trusted Execution Environments (TEEs) such as Intel Software Guard Extensions (SGX) enclaves and Virtualization-based Security (VBS) enclaves.

Sindhuri Dittakavi, program manager, Cloud & AI Security at Microsoft, explains in a Microsoft Security and Compliance blog post how Attestion works:

An attestation provider is a service endpoint of Azure Attestation that provides REST contract. You can choose to use the regional shared providers or create your own custom provider. Attestation provider comes with a default policy for each supported attestation type. Azure Attestation also lets you enforce custom rules in your custom provider via a configurable policy. If configured, an attestation policy is used to process the attestation evidence and determines whether the service shall issue an attestation token.

 
Source: https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-azure-attestation-is-now-generally-available/ba-p/2156693

The benefits for customers using Azure Attestation include:

  • An available solution for attesting multiple TEEs or platforms backed by TPMs
  • The ability to leverage regional shared attestation providers to simplify the attestation process without the need for additional configuration
  • The creation of custom attestation providers and configuration of policies to customize attestation token generation
  • The ability to securely communicate with the attested platform with the help of data embedded in an attestation token using industry-standard formatting
  • Highly available service with Business Continuity and Disaster Recovery (BCDR) configured across regional pairs

Regarding the release of Azure Attestation, Holger Mueller, principal analyst and vice president at Constellation Research Inc., told InfoQ:

The cloud is ramping up security, and zero trust and confidential computing are the new true North for safe operations of cloud resources. Microsoft's new Azure Attestation Service is a crucial advancement for Azure, enabling enterprises to trust new server and services landscapes sooner and easier than before. It's a critical step to make cloud security more tangible and achievable.

In addition, Karl Ots, Microsoft regional director and Azure MVP, with years of security experience, told InfoQ:

Trusted execution environments provide mathematical certainty for the confidentiality of highly sensitive data input, sharing, and analysis. I'm looking forward to how the release of Azure Attestation and Open Enclave will support the digitalization of regulated industries such as healthcare.

Azure Attestation service is available at no additional cost in some regions.

We need your feedback

How might we improve InfoQ for you

Thank you for being an InfoQ reader.

Each year, we seek feedback from our readers to help us improve InfoQ. Would you mind spending 2 minutes to share your feedback in our short survey? Your feedback will directly help us continually evolve how we support you.

Take the Survey

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.