This article is contributed. See the original author and article here.
Rapid adoption of Azure globally has resulted in a need to provide strong security assurances to customers on the state of their workloads and Azure’s ability to protect their data. Azure confidential computing offers a state-of-the-art hardware, software & services platform to protect sensitive customer data in-use while minimizing the Trusted Computing Base (TCB). Azure Attestation reinforces the security promises made by cutting-edge security paradigms such as confidential computing.
Azure Attestation offers a simple PaaS experience to enable customers solve the complicated problem of gaining trust and verifying the identity of an environment before they interact with it. As a result, customers can tap into what were previously impossible opportunities using disruptive business models that require highly scalable compute resources and uncompromising trust.
What is Azure Attestation?
Azure Attestation is a unified solution that supports attestation of platforms backed by Trusted Platform Modules (TPMs) alongside the ability to attest to the state of Trusted Execution Environments (TEEs) such as Intel® Software Guard Extensions (SGX) enclaves
Azure Attestation receives evidence from an environment, validates it with Azure security standards and user-defined policies, and produces cryptographic proofs (termed as attestation tokens) for claims-based applications. These tokens enable relying parties to gain confidence in trustworthiness of the environment, integrity of the software binaries running inside it and make trust-based decisions to release sensitive data to it. The tokens generated by Azure Attestation can be consumed by services in scenarios such as enclave validation, secure key sharing, confidential multi-party computation etc.
Why use Azure Attestation?
Azure Attestation provides the following benefits:
- Offers a unified solution for attesting
- Allows creation of custom attestation providers and configuration of policies to customize attestation token generation
- Provides ability to securely communicate with the attested platform with the help of data embedded in an attestation token using industry-standard formatting
- Highly available service with Business Continuity and Disaster Recovery (BCDR) configured across regional pairs
Customer success stories
We are excited to see multiple scenarios benefiting from Azure Attestation such as:
SQL Always Encrypted with secure enclaves
“Microsoft Azure Attestation is a key component of a solution for confidential computing provided by Always Encrypted with secure enclaves in Azure SQL Database. Azure Attestation allows database users and applications to attest secure enclaves inside Azure SQL Database are trustworthy and therefore can be confidently used to process queries on sensitive data stored in customer databases.”
– Joachim Hammer, Principal Group PM Manager, Azure SQL
Future roadmap for Azure Attestation
Our long-term aspiration is partnering with people and organizations around the planet to help them achieve more, and more securely with Microsoft Azure Attestation. Azure Attestation will be the one Microsoft service that attests multiple platforms used by Azure customers such as Confidential Containers, Confidential VMs, IOT edge devices and more. We expect Azure Attestation to be the leading cloud service for customers to establish unconditional trust in infrastructure and runtime across Azure, on-prem and edge. It will drive the adoption of Microsoft services while strengthening customer data governance.
Learn more about Azure Attestation
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments