Confidential Computing Protects Data in Use

• New Azure VM series enable full or partial encryption of running workload in memory, improving security against attacks.
• Referred to as confidential computing, these capabilities enable new use scenarios that could interest highly regulated or security-conscious organizations.
   

Confidential computing technologies leverage CPU hardware advances to support Trusted Execution Environments (TEEs), which are secure areas of memory that can be encrypted and verified (attested), providing runtime security against advanced attacks such as those from compromised hypervisors. Whereas disk and network encryption protect data “at rest” and data “in transit,” confidential computing technologies enable protection for data “in use.”  

New Azure VM types provide key building blocks for TEEs, protecting data in use by applying encryption and other technologies to VMs and applications in memory. However, making full use of confidential computing may require changes in server applications or deployment practices.