With ransomware attacks virtually becoming daily news events, it is imperative to acquire a cyber-security measure capable of withstanding a malware or ransomware attacks. Industries, enterprises and even governments around the globe can’t help but feel threatened by the advent of software that are focused on data encryption and disrupt mission critical operations. acquire a security measure capable of protecting all of the sensitive backed up data.

With ransomware attacks virtually becoming daily news events, it is imperative to acquire a cyber-security measure capable of withstanding a malware or ransomware attacks. Industries, enterprises and even governments around the globe can’t help but feel threatened by the advent of software that are focused on data encryption and disrupt mission critical operations. As cloud backup has become an essential part of almost every organization and business, it is vital to acquire a security measure capable of protecting all of the sensitive backed up data.

Azure Confidential Computing: Powerful Data Encryption

Microsoft spends a billion dollars per year to come up with innovative cyber-security solutions. Their continuous research into data encryption and protection has led to the recent innovation of Azure Confidential Cloud Computing. According to studies, security breaches mostly occur when data is in use. This service secures data by encrypting it while it is in use. What it does is that it places customer information in a virtual enclave, basically a black box. This box keeps anyone, other than the original owner, from accessing it. Even Microsoft cannot access the data secured using Azure Cloud Computing.

As part of the service, Microsoft will no longer have the capability to turn over unencrypted data in response to government warrants without customer say so. This is in light of Microsoft’s recent lawsuit against the U.S government. Microsoft holds the opinion that facilitating the government to monitor emails violates the free-speech rights of their customers. This confidential computing service assures customers who are considering cloud backup to Azure that their data will be protected against hacks and spying. This service is also directed at reducing the global unrest about security and privacy pertaining to cloud backup services.  

Difference between Azure Confidential Cloud Computing & Conventional Encryption Methods

Azure Confidential Cloud Computing has been in the making for four years. It addresses a persistent weakness in data processing systems and conventional encryption methods. Hackers and malware coders exploit this opening to breach private data such as Personally Identifiable Information (PII), financial data, and corporate intellectual property.

Many breaches are the result of poorly configured access controls but most security breaches can be traced to data accessed when in use; this is the persistent weakness. Hackers and/or malware access sensitive data using either administrative accounts or by leveraging compromised keys to access secured data. Azure Confidential Computing secures data while it is in use, apart from encrypting the data at transit and at rest. Conventional encryption methods are limited to securing/encrypting data before transit and after transit. Software and tools can also be used to encrypt the data using advanced encryption methods. However, all of these security measures are removed when this data is processed.

Normally, this is the window that hackers and malware utilize. Azure Confidential Computing takes away this window.

How Azure Confidential Computing Works?

Azure Confidential Computing secures data from the following threats:

• Malicious Inside Threats: Insiders with administrative privileges or direct access to hardware on which the data is being processed.
• Hackers: Hackers and malware looking to exploit the lack of security protocols while data is being processed.
• Third parties: Third parties that access data without protocols or consent of the original owner.

The service blocks processes initiated by code that alters or tampers with a Trusted Execution Environment (TEE). This safeguard remains active as long as code is being computed. This makes Confidential Cloud Computing an ideal mechanism to protect environments where development and testing takes place. The service also prevents malware or hacking target application, hypervisor, operating system or physical server exploits from gaining access to the data being used. It is also capable of blocking insiders with direct access to data, code or system and people with administrative privileges as well.

Initially Microsoft will support two TEEs: Virtual Secure Mode (VSM) and Intel SGX. VSM is a software based TEE, that’s integrated by Hyper-V in Windows 10 and Windows Server 2016. Hyper-V prevents administrator code running on the computer or server, as well as local administrators and cloud service administrators from viewing the data inside the VSM; it also prevents modifying the execution as well. With Intel SGX, customers not wanting to include Azure, Microsoft or Amazon can leverage SGX TEEs instead, developed by Microsoft and Intel.

Early Access Program

In light of the recent launch of the cloud backup service, Microsoft is offering an early access program for its customers so they can utilize the service and experience it for themselves. You can gain access to the program by visiting Microsoft’s official website.