Azure adds data protection infrastructure to data centres
Thu 11 Oct 2018
Azure has announced a public preview of data centre-based virtual machines in US and Europe that protect data confidentiality.
The announcement is part of Azure’s “confidential computing” project. With the project, Azure hopes to become the first cloud platform to enable new data security capabilities that protect customer data while in use, rest, or in transit.
Azure says that with the data centre series of VMs, users can now build, deploy, and run applications in the cloud while ensuring their data is protected.
The data centre series of VMs required Azure to bring application isolation technology to hardware in its data centres. Azure says that while the VMs may ‘look and feel’ like standard VM sizes from the control plane, they are backed by hardware-based Trusted Execution Environments (TEEs), such as Intel Xeon processors.
Cloud providers are under increasing pressure to demonstrate that users’ data is opaque and protected. Azure hopes data protection assurances will give it an edge over its cloud competitors.
Azure says that as the DC-series is its first set of “Generation 2” virtual machines, they have limited OS compatibility. For now, only Ubuntu Server 16.04 and Windows Server 2016 are supported, although custom image support is planned.
In addition to infrastructure changes, Azure has announced that its Open Enclave SDK has gone open-source. The project provides constant API surface and enclaving abstraction to enable confidential application development.
Azure says the announcements shows its commitment to providing ‘building blocks to build enclave-based applications that protect data and code confidentiality and integrity’.
T-Mobile is already relying on the new data centre infrastructure in its blockchain project to increase security.
“Leveraging the latest generation of trusted execution environments through Azure confidential computing has been an exciting opportunity for us to increase both the security and efficiency of our solutions,” said Christopher Spanton, Senior Architect for Blockchain at T-Mobile.
