Microsoft Previews New Azure Security Services


For those who do not wish to have anything to do with either Microsoft or its Azure platform, a second implementation, Intel SGX, is offered on the hardware side. The feature will allow applications running on Azure to keep data encrypted not only when it's at rest (in storage) or in transit (over a network) but when it's being computed on in-memory.

Intel and Microsoft would probably take the new technology to the server computers that companies used in their own data centres, he said.

Microsoft has revealed a major new addition to its Azure cloud platform, aimed at keeping user data safe.

Managed Service Identity Preview The preview of Azure AD Managed Service Identity is designed as an aid for developers such that they won't have to manage security credentials when using code with various Microsoft Azure services.

"This means that data can be processed in the cloud with the assurance that it is always under customer control", wrote Mark Russinovich, CTO of Microsoft Azure, in a blog post.

For now, Microsoft is planning to support two Trusted Execution Environment (TEEs), Virtual Secure Mode and Intel SGX. Microsoft also plans to demonstrate the technology at the upcoming Ignite conference in Orlando, Fla.

Some companies have historically been wary of moving sensitive data to the cloud because of worries about their data being attacked when it is in use.

The new service also means that Microsoft won't have the capability to turn over unencrypted data in response to government warrants and subpoenas without customer involvement, an issue at the heart of a current Microsoft lawsuit against the USA government fighting the requirement to turn over client data, sometimes without the customer's knowledge. The TEE enforces these protections throughout the execution of code within it. And from today, they are expanding it to Azure SQL Database and SQL Server.

The company already uses them to protect blockchain financial operations (Coco Framework), data stored in SQL Server and its own infrastructure within Azure, Russinovich said.

He also noted that US-based technology is no guarantee of 100 percent security, and said the Kaspersky ban "is, in reality, ultimately unsafe as it gives a false sense of confidence that USA national security interests are being protected from foreign threats, when in fact such bans do not really address the realities of United States dependencies on foreign supply chains". Healthcare organizations can collaborate by sharing their private patient data, like genomic sequences, to gain deeper insights from machine learning across multiple data sets without risk of data being leaked to other organizations.

Russinovich expressed confidence in its technology and ensured customers that their data is protected from attackers as well as Microsoft itself. There's so many opportunities and use cases we can secure together using the Azure cloud, Intel hardware, along with Microsoft technologies, services, and products.