Individuals and businesses are increasingly creating, storing, and accessing records in the cloud. To be able to trust that their stored information is secure, firms and individuals must have complete control over the cloud environment where their data is stored and understand how it is processed.
Microsoft launched an initiative to create a collection of hardware and software capabilities that allow data owners access to the data environment and verifiable security protection to create a trustworthy cloud.
Microsoft Research’s Confidential Computing group is working with hardware designers to construct trusted execution environments (TEEs), where data is kept encrypted while being stored (encryption at rest) and transported and used. The Azure confidential cloud platform, which allows customers to upload encrypted code and data and receive encrypted results back with high privacy, is powered by this work.
At Build 2022, Microsoft introduced serverless confidential containers with lift-and-shift. This service utilizes Confidential Containers from Microsoft Research, which provides a verifiably secure container environment on Azure so that users can confirm that the program operating on their data is exactly the software they expect to be running and that they can trust the findings. Customers can utilize current container workloads in a private setting using Confidential Containers.
The trusted computing base (TCB), the sum of components in a computing environment that must not compromise computation confidentiality, is decreased by Confidential containers. TCB can include human beings, hardware, and software. Eliminating TCB components reduces the attack surface. Confidential Containers minimizes the TCB while enabling customers to continue using their current workloads similarly by removing Microsoft administrators from it.
Businesses that use on-premises computing now have a choice for cloud data protection thanks to this lower TCB. Although cloud computing allows for flexibility, anyone who manages the servers may have access to data. Access to data is restricted via confidential containers. This could be a single worker or business partner of the company that owns the data. No outsider or Microsoft employee.
The encrypted, policy-constrained computing environment
Data is safeguarded by using safe hardware. Encrypted data is protected from readers outside the system by this hardware-enforced security boundary.
Users of Confidential Containers specify a policy outlining what and how they can execute. An attestation report detailing the secret environment, including the policy-enforcing code, is generated by the AMD SEV-SNP hardware. Users can seek an attestation report before providing the key to decrypt the encrypted dataset for processing.
Sensitive data handling in the cloud
Because internet communication wasn’t secure before HTTPS, businesses couldn’t run a secure web storefront. Sensitive cloud data cannot be containerized by individuals or organizations. With Confidential Containers, this won’t be an issue.
The team highlights that their method will be very helpful for businesses that adhere to national and international data standards, involving hectic and time-consuming processes. Businesses can skip these steps because Confidential Containers protect Azure data greatly. They will also not require servers to be on-site. In the cloud, as opposed to on-premises, Azure users can specify stricter container limits.
Multiparty computations are safeguarded via Confidential Containers. Multiple organizations can share secure datasets without leaking data, or one organization can securely analyze various sensitive datasets. Organizations can run computations on several datasets to train a machine learning model and obtain better results than a single dataset without knowing what is in the datasets.
Moveable Linux containers
Users of Azure who already use or intend to utilize containers can easily build a private container. Switching from Linux to Azure Confidential Containers is simple.
The number of confidential containers is infinite.
Cloud computing will eventually become more secure thanks to these Confidential Containers. Azure clients may unlock unlimited value by computing various datasets in a secure environment. According to the team, restricted preview versions of Confidential Containers will be made available later this year.
'Confidential Containers is currently available for limited preview and will be available for public preview later this year. Sign up for the Confidential Containers preview.' Please Don't Forget To Join Our ML Subreddit
Tanushree Shenwai is a consulting intern at MarktechPost. She is currently pursuing her B.Tech from the Indian Institute of Technology(IIT), Bhubaneswar. She is a Data Science enthusiast and has a keen interest in the scope of application of artificial intelligence in various fields. She is passionate about exploring the new advancements in technologies and their real-life application.