Skip to main Content
Article

Microsoft joins new group to improve cloud security

Matt Barclay
  • Date: 02 October, 2019

Microsoft has teamed up with other big name technology companies including Google, Red Hat, Arm, IBM and Intel to form the Confidential Computing Consortium.

Working under the supervision of the Linux Foundation, the consortium aims to establish standards, frameworks and tools to encrypt data when it’s in use by applications, devices and online services. At the moment, cloud security solutions focus on protecting data that’s either resting or in transit. However, the consortium claims that encrypting data in use is “… possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data”.

As part of the effort, some of the consortium’s participants have already contributed code to support ‘enclaves’ or Trusted Execution Environments (TEEs). A TEE is used to protect the processed data and can be either hardware- or software-based.

Microsoft has agreed to add its Open Enclave SDK for developers to create applications that use TEEs. This open source framework, which supports both Linux and Windows hosts, makes it easy to write and debug code that runs inside TEEs and allows the development of code that’s portable between TEEs, starting with Intel SGX and ARM TrustZone.

Examples of other contributions include Intel’s Software Guard Extensions SDK, which is a hardware-based protection scheme, and Red Hat’s open source Enarx project, which also provides application development support for TEEs.

In addition to the companies already mentioned, the consortium is also bringing together cloud providers, developers, open source experts and academics. And given the Linux Foundation’s leadership, it’s no surprise that one of the key objectives is to build open source tools that provide the right environment for TEE development.

Jim Zemlin, the Linux Foundation's executive director confirmed: “The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use”.

Meanwhile, Microsoft Azure CTO Mark Russinovich explained that: “Protecting data in use means data is not visible in unencrypted form during computation except to the code authorised to access it.

“That can mean that it’s not even accessible to public cloud service providers or edge device vendors. This capability enables new solutions where data is private all the way from the edge to the public cloud”.

Browse Related Brands:
Browse Related Topics:

Matt Barclay

Product Director for Cloud

Matt Barclay is Product Director for Cloud at Global Knowledge UK&I. He has many years of industry experience, with a focus on Cloud and Software Development. He works closely with our key vendors such as AWS and Microsoft to help drive success, address our customers' challenges and ensures our offerings are in line with current trends.

Cookie Control toggle icon