Microsoft adds cloud security to keep out hackers — and government snoops

The new product, called Azure confidential computing, placed customer information in a virtual enclave, essentially a black box that keeps anyone outside the customer — including Microsoft itself — from accessing the data.

Microsoft, working with chipmaker Intel, is offering a cloud-computing service with more powerful encryption to secure data from hackers – and protect it from secret government data-gathering.

Called Azure confidential computing, the technology encrypts data while it is in use – which is when most security breaches occur, according to Azure Chief Technology Officer Mark Russinovich. The new product works by placing customer information in a virtual enclave, essentially a black box that keeps anyone outside the customer — including Microsoft itself — from accessing the data. That can keep cyberthieves, malicious insiders and governments from getting in without customer authorization.

The new service also means that Microsoft won’t have the capability to turn over unencrypted data in response to government warrants and subpoenas without customer involvement, an issue at the heart of a current Microsoft lawsuit against the U.S. government fighting the requirement to turn over client data, sometimes without the customer’s knowledge.

The confidential computing service is intended to reassure customers that are considering moving data and applications to Microsoft’s cloud that the switch will not open them up to hacks, spying and secret subpoenas.  While many companies worldwide have grown more willing to move even sensitive data to internet-based computing in the past few years, some unease about security and privacy persists.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

“They can be sure that they can’t do any better than this on their own premises,” Russinovich said. “This data is completely protected from us and from any attackers.”

Azure confidential computing, which has entered a preview phase with initial customers, will offer two ways to create these secure enclaves. One is based on Microsoft’s own server software, while the other uses Intel chips with that company’s built-in security features. Intel unveiled this sort of data-enclave capability for desktop machines in 2015 but hadn’t planned to offer it for the servers that underpin cloud networks for several years. Russinovich persuaded the chipmaker to speed that up, said Rick…

Read the full article from the Source…

Leave a Reply

Your email address will not be published. Required fields are marked *