Microsoft Azure Confidential Computing Protects Data in Use | eWeek

Microsoft Unveils Azure Confidential Computing for Secure Cloud Data Processing

cloud security
Sep 14, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft is making it harder for cyber-attackers to steal data from its cloud customers and invade their privacy with a new suite of services and features called Azure Confidential Computing, the company announced on Sept. 14.

Four years in development, Azure Confidential Computing addresses a lingering weakness in data processing systems that hackers and malware coders can exploit to breach private data. Although organizations can use encryption that protects data at rest and in transit, along with a variety of other security tools and controls, those protections are stripped away when it comes time to process the data and run computational tasks on it.

It’s this data-in-use state that often affords hackers malware watch for to access an organization’s sensitive data. Azure Confidential Computing prevents this with an approach that essentially encrypts data while it’s in use, explained Mark Russinovich, CTO of Microsoft Azure, in a blog post.


“Confidential computing ensures that when data is ‘in the clear,’ which is required for efficient processing, the data is protected inside a Trusted Execution Environment (TEE – also known as an enclave),” wrote Russinovich. “TEEs ensure there is no way to view data or the operations inside from the outside, even with a debugger. They even ensure that only authorized code is permitted to access data.”

Azure Confidential Computing blocks operations triggered by code that is altered or tampered with, shutting down the entire TEE for good measure. It’s a safeguard that remains active as along as code is being executed in a TEE.

The technology prevents malware or attackers targeting application, operating system or hypervisor exploits from gaining access to data that is in use. It can also block malicious insiders with direct access to a system or who have administrative privileges.

At the outset, Microsoft will be supporting two types of TEE technologies. The first is the software-based Virtual Secure Mode found in the Hyper-V virtualization software components in Windows Server 2016 and Windows 10. The other is Intel’s Software Guard Extensions (SGX) technology built into the processors running on Azure cloud servers. Microsoft is working with additional software and hardware partners on enabling other types of TEEs, Russinovich said.

Microsoft also revealed that its Coco Framework, an open-source system that ensures confidentiality in enterprise blockchain systems, is being used to supplement the existing Always Encrypted feature in Azure SQL Database and SQL Server. The technology will provide similar encryption-in-use protections to the database products without affecting the normal operations of SQL queries.

Interested customers can join the Azure Confidential Computing early access program here. Microsoft also plans to demonstrate the technology at the upcoming Ignite conference in Orlando, Fla. (Sept. 25-29), which will “go on as planned” after hurricane Irma swept through the region, the company confirmed in a Sept. 13 tweet.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.