Azure CTO: Cloud encryption of data 'in use' coming soon
Microsoft Azure is improving security on its platform in the hope of attracting companies which have yet to migrate to the cloud because of security concerns. Cloud platforms allow for what Mark Russinovich, CTO of Microsoft Azure, described as Security Features as a Service, like trusted execution environments — or enclaves — and encryption at rest and, now, in use.
Encryption in use has been the "missing piece" in cloud data security thus far, said Russinovich, speaking at D.C. CyberWeek’s CyberTalks event Wednesday. Azure’s "Always Encrypted" technology allowed companies to encrypt data in the cloud in the past, but regular expressions could not be performed on the data. With upcoming deployments of enclave technology on the Azure SQL Database, running regular mathematical expressions on the encrypted data will be possible.
Big Data analytics is the backbone of the cloud, and confidential computing is the next phase of cybersecurity, according to Russinovich. With these advances, Microsoft’s Hadoop analytics system can be placed in an enclave and run analytics without ever putting data in the clear by encrypting data in use and analytics outputs.
Microsoft is working hard to maintain its No. 2 spot in the cloud market and catch up to AWS. Aided by its software customer base, two-thirds of which are expected to move to cloud-based Office 365 by FY 2019, Microsoft has a natural advantage over other emerging cloud competitors given its familiarity from other technology offerings.
The company rolled out new security features for Azure in September at the Ignite Conference, including anti-phishing solutions, workload management reduction, conditional access capabilities and Information Protection solutions. For companies dragging their heels on cloud migration, the company also kept pace with its competitors with a mail-in service to move company data to the cloud.
In light of recent events, such as Yahoo's disclosure of 2 billion more affected accounts and Equifax's breach, security is on the front of everyone's minds. News that Equifax did not encrypt the data at rest which was compromised served as an important reminder that companies need to secure data from the input to output phase, especially when dealing with PII. Encryption of data in use is an important advancement for cloud platform security.
Expert consensus recognizes that current encryption systems will become irrelevant in a matter of years in the face of quantum computing, and companies like Microsoft have their work cut out for them to keep up with modern encryption tech and preparing for what is to come.
Follow Alex Hickey on Twitter