“Encryption of data in transit?”
“Encryption of data at rest?”
“Encryption of data while it’s in use?”
That last one might stump you as well, but Microsoft actually announced a new capability today in Azure, called Azure Confidential Computing.
“Put simply, confidential computing offers a protection that to date has been missing from public clouds, encryption of data while in use. This means that data can be processed in the cloud with the assurance that it is always under customer control.”
This is pretty huge. The technology involves trusted “enclaves”, or TEEs (Trusted Execution Environments), utilizing either a “Virtual Secure Mode” in the OS, or Intel® SGX, that Microsoft has been using in Azure on their own infrastructure. Additionally this is what supports the security of their recent blockchain efforts (Coco Framework), and the just-announced improvements to their “Always Encrypted” capabilities of SQL Server and Azure SQL Database that also operate on data that is secured, even when in use.
Microsoft is making this technology available now for testing. If you’re interested in signing up for the early-access preview, CLICK HERE.
And of course, read the full announcement (written by none other than Mark Russinovich), HERE.