Microsoft Corp., working with chipmaker Intel Corp., is offering a cloud-computing service with more powerful encryption to secure data from hackers -- and protect it from secret government data-gathering.
Called Azure confidential computing, the technology encrypts data while it is in use -- which is when most security breaches occur, according to Azure Chief Technology Officer Mark Russinovich. The new product works by placing customer information in a virtual enclave, essentially a black box that keeps anyone outside the customer -- including Microsoft itself -- from accessing the data. That can keep cyberthieves, malicious insiders and governments from getting in without customer authorization.
The new service also means that Microsoft won't have the capability to turn over unencrypted data in response to government warrants and subpoenas without customer involvement, an issue at the heart of a current Microsoft lawsuit against the U.S. government fighting the requirement to turn over client data, sometimes without the customer's knowledge.
The confidential computing service is intended to reassure customers who are considering moving data and applications to Microsoft's cloud that the switch will not open them up to hacks, spying and secret subpoenas. While many companies worldwide have grown more willing to move even sensitive data to internet-based computing in the past few years, some unease about security and privacy persists.
"They can be sure that they can't do any better than this on their own premises," Russinovich said. "This data is completely protected from us and from any attackers."