Announcing: Microsoft moves $25 Billion in credit card transactions to Azure confidential computing
Microsoft is proud to showcase that customers in the financial sector can rely on public Azure to add confidentiality to provide secure and compliant payment solutions that meet or exceed industry standards. Microsoft is committed to hosting 100% of our payment services on Azure, just as we would expect our customers to do. Microsoft’s Commerce Financial Services (CFS) has completed a critical milestone by deploying a level 1 Payment Card Industry Data Security Standard (PCI-DSS) compliant credit card processing and vaulting solution, moving $25 Billion in annual credit card transactions to the public Azure cloud.Microsoft introduces preview of confidential containers on Azure Container Instances (ACI)
Microsoft announces a limited preview of confidential containers on Azure Container Instances (ACI) enabling customers to easily lift-and-shift Linux containers on Azure. Confidential containers on ACI are the first in the market serverless offering that helps running Linux containers in a hardware-based trusted execution environment with AMD SEV-SNP technology.
Announcing general availability of guest attestation for confidential VMs
We are announcing general availability of guest attestation for confidential virtual machines. Use this feature ensure your confidential VMs are running in a trusted execution environment (TEE) and prevent execution of their sensitive workloads if they are not.Confidential VM node pool with AMD SEV-SNP protection available on AKS in public preview
AKS node pools now support the generally available confidential VM sizes (DCav5/ECav5). Confidential VMs with AMD SEV-SNP support bring a new set of security features to protect date-in-use with full VM memory encryption. This enables confidential VM node pools to target the migration of highly sensitive container workloads to AKS without any code refactoring while benefiting from the full AKS feature support.Latest innovations in Azure confidential computing
Today at Inspire 2022, we announce two major milestones in the Azure confidential computing portfolio: the general availability of Azure confidential ledger and general availability of the DCasv5 and ECasv5-series confidential VMs featuring the third generation AMD EPYC™ processors with Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP).Preview of Azure Confidential Clean Rooms for secure multiparty data collaboration
Today, we are excited to announce the preview of Azure Confidential Clean Rooms, a cutting-edge solution designed for organizations that require secure multi-party data collaboration. With Confidential Clean Rooms, you can share privacy sensitive data such as personally identifiable information (PII), protected health information (PHI) and cryptographic secrets confidently, thanks to robust trust guarantees that help ensure that your data remains protected throughout its lifecycle from other collaborators and from Azure operators. This secure data sharing is powered by confidential computing, which helps protect data in-use by performing computations in hardware-based, attested Trusted Execution Environments (TEEs). These TEEs help prevent unauthorized access or modification of application code and data during use. Organizations across industries need to perform multi-party data collaboration with business partners, outside organizations, and even within company silos to improve business outcomes and bolster innovation. Confidential Clean Rooms help derive true value from such collaborations by enabling granular and private data to be shared while providing safeguards on data exfiltration hence protecting the intellectual property of the organization and the privacy of its customers and addressing concerns around regulatory compliance. Whether you’re a data scientist looking to securely fine-tune your ML model with sensitive data from other organizations, or a data analyst wanting to perform secure analytics on joint data with your partner organizations, Confidential Clean Rooms will help you achieve the desired results. You can sign up for the preview here Key Features Secure Collaboration and Governance: Allows collaborators to create tamper-resistant contracts that contain the constraints which will be enforced by the clean room. Governance verifies validity of those constraints before allowing data to be released into clean rooms and helps generate tamper-resistant audit trails. This is made possible with the help of an implementation of the Confidential Consortium Framework CCF). Enhanced Data Privacy: Provides a sandboxed execution environment which allows only authorized workloads to execute and prevents any unauthorized network or IO operations from within the clean room. This helps keep your data secure throughout the workload execution. This is possible with the help of deploying clean rooms in confidential containers on Azure Container Instances (ACI) which provides container group level integrity with runtime enforcement of the same. Verifiable trust at each step with the help of cryptographic remote attestation forms the cornerstone of Confidential Clean Rooms. Salient Use Cases Azure Confidential Clean Rooms caters to use cases spanning multiple industries. Healthcare: For fine-tuning and inferencing with predictive healthcare machine-learning (ML) models and for joint data analysis for advancing pharmaceutical research. This can help protect the privacy of patients and intellectual property of organizations while demonstrating regulatory compliance. Finance: For financial fraud detection through analysis of combined data across banks and other financial institutions and for providing personalized offers to customers through secure analysis of transaction data and purchase data in retail outlets Media and Advertising: For improving marketing campaign effectiveness by combining data across advertisers, ad-techs, publishers and measurement firms for audience targeting and attribution and measurement Retail: For enhanced personalized marketing and improved inventory and supply chain management Government and Public Sector Organizations: For analysis of high security data across multiple government and public sector organizations to streamline benefits for citizens Customer Testimonials We are already partnering with several organizations to accelerate their secure multi-party collaboration journey with confidential clean rooms. Confidential computing in healthcare allows secure data processing within isolated environments, called 'clean rooms', protecting sensitive patient data during AI model development, validation and deployment. Apollo Hospitals uses Azure Confidential Clean Rooms to enhance data privacy, encrypt data, and securely train AI models. The benefits include secure collaboration, anonymized patient privacy, intellectual property protection, and enhanced cybersecurity. Apollo’s pilot with Confidential Clean Rooms showed promising results, and future efforts aim to scale secure AI solutions, ensuring patient safety, privacy, and compliance as the healthcare industry advances technologically. - Dr. Sujoy Kar, Chief Medical Information Officer and Vice President, Apollo Hospitals Azure Confidential Clean Rooms is a game changer to make collaborations on sensitive data both seamless and secure. When combined with Sarus, any data processing job is automatically analyzed using the most advanced privacy technology. Once validated, they are processed securely in Confidential Clean Rooms protecting both the privacy of data and the confidentiality of the analysis itself. This eliminates administrative overheads and makes it very easy to build advanced data processing pipelines. With our partner EY, we're already leveraging it to help international banks improve AML practices without compromising privacy. - Maxime Agostini, CEO & Cofounder of Sarus Read here to learn more about how Sarus is using Confidential Clean Rooms. As co-leaders on this Data Consortium Pilot, we are thrilled to be working with industry partners, Sarus and Microsoft, to drive this initiative forward. By combining Sarus’ privacy preserving technologies and Microsoft’s Azure Confidential Clean Rooms, not only does this project push the edge of technology innovation, but it strives to address a pivotal issue that affects us as Canadians. Through this work, we aim to help financial services organizations and regulators navigate the complexities of private and personal data sharing, without compromising the integrity of the data, and adhering to all relevant privacy regulations. For the purposes of this pilot, we are focusing our efforts on how this technology can play a pivotal role in helping better detect cases of human trafficking, however, we recognize that it can be used to help organizations for multiple other use cases, and cross industries, including health care and government & public sector. - Jessica Hansen, Privacy Partner EY Canada, and Dana Ohab, AI & Data Partner EY Canada Retrieval-Augmented Generation (RAG) applications accessing Large Language Models (LLMs) are common in private AI workflows, but managing secure access to sensitive data can be complex. SafeLiShare’s integration of its LLM Secure Data Proxy (SDP) with Azure Confidential Clean Rooms (ACCR) simplifies access control and token management. The joint solution helps ensure runtime security through advanced Public Key Infrastructure (PKI) and centralized policy management in Trusted Execution Environments (TEEs), enforcing strict access policies and admission controls to guarantee authorized access to sensitive data. This integration establishes trust bindings between the Identity Provider (IDP), applications, and data, safeguarding each layer without compromise. It also enables secure creation, sharing, and management of applications and data assets, ensuring compliance in high-performance AI environments. - Cynthia Hsieh, VP of Marketing, SafeLiShare Read here to learn more about how SafeLiShare is using Confidential Clean Rooms. Learn More Signup for the preview of Azure Confidential Clean Rooms Confidential Consortium Framework (CCF) Confidential containers on Azure Container Instances (ACI)What’s new: RHEL 9.3 support for AMD confidential VMs, temp disk encryption, new regions
We are thrilled to announce the RHEL 9.3 support for AMD confidential VMs, expansion of Azure Confidential VMs featuring AMD SEV-SNP technology to the following new regions: Italy North, Germany West Central and UAE North, temp disk encryption support and General Availability (GA) release of Azure Databricks support for AMD-based confidential VMs.
