Microsoft boosts cloud security
• Azure also protects against state snooping
Microsoft, working with Intel, is offering a cloud computing service with more powerful encryption to secure data from hackers and government data gathering.
Microsoft, working with chip maker Intel, is offering a cloudcomputing service with more powerful encryption to secure data from hackers and to protect it from secret government data gathering.
Called Azure confidential computing, the technology encrypts data while it is in use, which is when most security breaches occur, according to Azure chief technology officer Mark Russinovich.
The new product works by placing customer information in a virtual enclave, essentially a black box that keeps anyone outside the customer — including Microsoft itself — from accessing the data.
That can keep cyberthieves, malicious insiders and governments from getting in without customer authorisation.
The new service also means that Microsoft will not have the capability to turn over data in response to government warrants and subpoenas.
That is an issue at the heart of a Microsoft lawsuit against the US government fighting the requirement to turn over client data, sometimes even without the customer’s knowledge.
The confidential computing service is intended to reassure customers that are considering moving data and applications to Microsoft’s cloud that the switch will not open them up to hacks, spying and secret subpoenas.
While many companies worldwide have grown more willing to move even sensitive data to internet-based computing in the past few years, some unease about security and privacy persists.
“They can be sure that they can’t do any better than this on their own premises,” Russinovich said. “This data is completely protected from us and from any attackers.”
Azure confidential computing, which entered a preview phase with initial customers on Thursday, will offer two ways to create these secure enclaves.
One is based on Microsoft’s own server software, while the other uses Intel chips with that company’s built-in security features. Intel unveiled this sort of data-enclave capability for desktop machines in 2015, but had not planned to offer it for the servers that underpin cloud networks for several years.
Russinovich persuaded the chip maker to speed that up, said Rick Echevarria, an Intel vicepresident and general manager of the platform security division. The Intel technology is not exclusive to Microsoft and will be sold to other customers.
Customers remain on edge about network security after massive and damaging attacks on companies such as online portal Yahoo, retailer Target, entertainment conglomerate Sony, the Democratic National Committee and, most recently, credit reporting company Equifax, whose breach put the personal data of as much as half of the US population at risk.
Those companies were storing the data on their own networks rather than with the big cloud providers such as Microsoft, Google and market leader Amazon.com.
Between customer needs and the ever-evolving skills of hackers seeking to penetrate networks, Microsoft and its rivals have been rushing to add layers of security.
“As a cybersecurity professional, it’s very tough to read the news every morning,” Intel’s Echevarria said.
Intel and Microsoft would probably take the new technology to the server computers that companies used in their own data centres, he said.
Google has been working on its own chips, called Titan, that offer a different type of security.