Skip to main content

Confidential containers on Azure Container Instances reaches public preview

by MSCN Reporter
Staff Writer, MSDynamicsWorld.com

Microsoft has announced the public preview of confidential containers on Azure Container Instances. With this offering, Microsoft will allow customers to import container workloads while Microsoft manages the privacy and security compliance.

“[This is a] truly innovative offering that balances that tug of war between ease-of-use user experience, as well as security and privacy on data that you bring to running Azure. It's a first of its kind, confidential serverless offering, taking the best of both serverless with flexibility and reduced costs and security and privacy with data protection from confidential computing,” Graham Bury, product leader for Azure Confidential Computing, told attendees at the recent Microsoft Secure digital event.

Customers are demanding increased control of their data to comply with privacy laws in the European Union and around the world. Confidential computing is intended to secure data while in processing, expanding on existing encryption that protects data at rest and in transit, as a way to guard against insider threats and cross-tenant attacks.

See also: 

To achieve these goals, Microsoft has created a consortium with other organizations dedicated to confidential computing, collaborated on purpose-built hardware, and set up attestation for workloads. Services like SQL Always Encrypted work with tamper-protected Confidential Ledger.

According to Bury, Microsoft’s AMD SEB SNP confidential VMs and Intel SGX VMs with application enclaves support trusted computer base limitations as small as a few lines of code, as a way to build toward zero trust.

“From a zero trust architecture perspective, all confidential computing offerings start with that hardware root of trust. Because we partner with these vendors outside of Azure, it is a third-party root of trust outside of Azure, right down to the silicon. These memory encryption keys are baked into the CPUs, so no one from Microsoft has access to them,” he said.  A secure key enablement mechanism allows customers to prevent decryption until data is within a trusted execution environment.

With its renewed emphasis on confidential computing, Microsoft signaled that AI capabilities are only part of the puzzle. Reliable infrastructure with zero trust security is critical to meeting compliance burdens, operating effectively, and achieving insights.

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About MSCN Reporter
More about MSCN Reporter