The Road to Confidential Computing Ubiquity
Erin Chapple, Corporate Vice President, Azure Core, Microsoft
As the enthusiasm for the confidential approach to data security increases, one of its most important advocates is Erin Chapple, head of product for Azure Core. Today, Azure has more confidential compute options spanning hardware and software than any other cloud vendor and Chapple believes that confidential computing will be a necessary ingredient of all cloud infrastructure — as ubiquitous as HTTPS is for protecting data during internet web browsing.
Chapple is both an expert in the world of data security and a passionate advocate for the increased role of women in technology. We recently caught up with her to learn more about both.
Why is confidential computing so important?
As datasets continue to grow, fueled in part by a new wave of AI, the insights generated through data are also continuing to drive more data to scale in the cloud. Meanwhile, there's growing scrutiny on how data can be exposed — both from a consumer perspective with data privacy and from a compliance perspective with regulations and data security. We're seeing more complex threats of cybersecurity and an increased risk of automated control systems being compromised with breaches or injection of false data. For example, the Colonial Pipeline ransomware and the SolarWinds software supply chain breach. The integrity of code and data being processed to make real-time automated decisions is just too crucial for the systems that many businesses rely on for day-to-day operations.
Confidential computing technology encrypts data in memory and only processes it once the cloud environment is verified, thus providing secure and scalable infrastructure while preventing data access from cloud operators and malicious privileged admins. It helps keep data protected throughout its lifecycle — in addition to at rest when stored on disks and databases or in transit when traveling on a network or the internet, data is now protected while in use.
Confidential computing provides a scalable, data-protective environment in the cloud, like a black box, where no one can snoop into what's going on in that box.
What are some interesting uses of confidential computing today?
Regulated industries like financial services and healthcare have led the way in driving innovation in these businesses that wouldn't be possible without confidential computing. For example, we see customers creating platforms to enable multi-party data analytics, where multiple organizations can combine data to process machine learning algorithms that benefit from broader datasets. These solutions keep data private across the participants, by processing in confidential computing infrastructure, which was previously not possible due to regulations. Confidential computing provides a scalable, data-protective environment in the cloud, like a black box, where no one can snoop into what's going on in that box. We also see banks joining together to securely combine datasets to tackle industry-wide money laundering challenges, and hospital systems responsibly combining information for researchers to improve disease diagnosis by enabling secure processing. The models and data are sensitive, and confidential computing ensures that contributing parties only see their permitted data and insights.
Is confidential computing moving into new areas?
We're seeing growing interest across industries, from manufacturing to retail and energy, for example. Some of the common scenarios we're seeing include privacy-preserving data analytics, both for individual companies looking for greater data protection, and for groups looking to combine data across companies that don't want to expose access to each other's data but want to benefit from shared insights. A great example of this is the communication service Signal Messenger, which uses Azure confidential computing powered by Intel SGX to protect their user contact lists by creating a blind service where Signal administrators cannot see or access user data, nor can anyone in Azure.
How has the pandemic impacted the need for confidential computing?
The events surrounding the pandemic have accelerated digital transformation and ultimately migration to the cloud. As companies look to move more workloads to the cloud, much broader datasets are processed. These include personal and sensitive data that requires further hardware-based protections and add greater defense-in-depth on data beyond existing security mechanisms in Azure. This unlocks more workloads and data that can move to the cloud. The pandemic has also surfaced new awareness of personal data privacy. We saw things like anonymized-device IDs for contact tracing on mobile phones, as well as vast data sharing across hospitals and countries for COVID-19 diagnoses and vaccine development. Confidential computing can aid in speeding up the ability to combine data by removing the time needed to anonymize, which can also be prone to human errors and reduced insights.
How is Azure helping drive confidential computing to the mainstream?
The confidential computing effort requires broader industry participation, which is why we, along with Intel, were a founding member of the Confidential Computing Consortium (CCC). The group brings together hardware vendors, cloud providers and solution vendors to jointly work on ways to improve data protection across the tech industry. In addition, we're educating customers on how to best protect their data and driving service owners within Microsoft to use confidential computing capabilities to deliver the best protection for customer data. Data can come in various forms – from code to customer databases, machine learning insights and even monitoring logs – all of which may need to be protected in different ways. Just as the industry seamlessly moved from HTTP to HTTPS, we expect the industry to move from computing in the clear to computing confidentially. So, we're working to make it simple for customers to take their existing virtual machines, containers, and other application platform capabilities, and make them confidential. In many ways, we see that the path to mainstreaming confidential computing is where we can provide a superior experience to customers and at the same time enable APIs that enable customers to verify the security of their data in the Azure cloud themselves.
What does the future of Azure look like, inclusive of confidential computing?
Our vision for Azure is to be the world's computer from cloud to edge. Customers of all sizes, across all industries, want to innovate, build and securely operate their applications across multicloud, on-premises and edge, and that's what we're enabling for them. That includes supporting all their applications — spanning IT workloads, mission critical systems, cloud native applications and even quantum computing. Critically important in this equation is trust, and that requires a commitment to invest in and evolve the platform in this area. In fact, Microsoft's vision is to lead the industry on confidential computing. To help earn and maintain customer trust to run their most sensitive applications, Microsoft is quadrupling our security spend to $20 billion over the next five years. Today, Azure has more confidential compute options spanning hardware and software than any other cloud vendor. We believe that confidential computing will be a necessary ingredient of all cloud infrastructure — indeed it will become as ubiquitous as HTTPS is for protecting data during internet web browsing.
Can you tell us more about your work to increase the involvement of women in tech?
I'm a strong believer in exposing more women to technology as a possible career path and ensuring those who are interested remain in STEM programs. This includes playing an active role in our work within higher education around the world. Supporting and participating in hackathons specifically designed for women is something I love to do, and it's a great way to inspire women to pursue technology careers. Empowering women in technology requires a holistic effort to build communities that interject energy and impact at the various touchpoints where women enter the technology industry. It's not about one single action, thing, or moment, but the collective effort – starting early with STEM, carrying that through college, then to the workforce and beyond. Experiences throughout influence career path, trajectory, and velocity. To make a difference requires energy investments throughout that cycle in communities, modeling, and mentoring.
Has the pandemic impacted your efforts there?
The last 18 months have presented us all with many challenges and opportunities. This is especially true for women, and more broadly for parents and caregivers, and we know some challenges loom larger for certain groups of women. For instance, McKinsey's 2020 Women In the Workplace report notes that Latinas are more likely to worry about layoffs and furloughs, LGBTQ+ women are almost twice as likely as employees overall to cite mental health as one of their biggest challenges, and mothers are more likely than fathers to worry that their performance is being negatively judged due to their caregiving responsibilities. Many of the childcare responsibilities shifted overnight even more proportionately to women. This placed greater demand on their time and fewer degrees of freedom. That's why it's important to focus on diversity, equity, and inclusion to drive systemic change, so we can ensure that everyone is supported and can thrive in the workplace and society.
Learn more about confidential computing:
- Confidential computing: the final frontier of data security
- Everyone's moving to the cloud – here's how to keep your data secure while it's there
- Open-source movement fuels push toward confidential computing
- Financial firms lock down their data with confidential computing
- Confidential computing: The security that helps accelerate medical breakthroughs
- Trust, but verify: the promise of confidential computing
- Confidential computing plays critical role in keeping government data safe