The Azure team, alongside Microsoft Research, Intel, Windows, and our Developer Tools group, have been working together to bring Trusted Execution Environments (TEEs) such as Intel SGX and Virtualization Based Security (VBS - previously known as Virtual Secure mode) to the cloud. TEEs protect data being processed from access outside the TEE. We’re ready to share more details about our confidential cloud vision and the work we’ve done since the announcement.
Azure Confidential Computing is aimed at protecting data while it’s processed in the cloud. It is the cornerstone of our 'Confidential Cloud' vision, which includes the following principles:
- Top data breach threats are mitigated
- Data is fully in the control of the customer regardless of whether in rest, transit, or use and even though the infrastructure is not
- Code running in the cloud is protected and verifiable by the customer
- Data and code are opaque to the cloud platform, or put another way the cloud platform is outside of the trusted computing base