Microsoft unveils new secure solution to protect that will keep data protected, even from themselves. Every step towards better protection for cloud data is welcome. But a few points have to be considered - not all encryption solutions are equal.
In light of recent data breaches, attackers are showing no signs of slowing down their efforts in exposing vulnerabilities within organizations and extracting personally identifiable information (PII) whether that be financial data, citizen information or corporate data. And with requirements becoming ever more stringent due to the looming General Data Protection Regulation (GDPR), which has laid down strict conditions for data protection and security, it has left many still concerned about using cloud platforms due to their security frailties. Cloud vendors have been left no option but to step up the security ante.
To that end, Microsoft and Intel have announced a partnership which will offer a more secure solution for those wanting to protect their confidential data from hackers and governmental agencies when storing data in the cloud.
Azure Confidential Computing offers physical data center security, ensuring data privacy, encrypting data at rest and in use while adopting machine learning for threat detection. For anyone opting to use the solution as a security measure, it is worth noting that the information is virtually impenetrable - even Microsoft is unable to access the data.
Only the customer or organization, that has the solution installed, can give authorization to the information, which won’t be given unless it is vital. This essentially means that if Microsoft was requested from the government or any other official body to retrieve data from a client using the Azure confidential computing solution, it would be unable to divulge the information because of the blocked access. Mark Russinovich, Azure Chief Technology Officer has even said, “This data is completely protected from us [Microsoft] and from any attackers.”
Although this step is welcomed by Microsoft, the following aspects should still be considered for a comprehensive cloud data protection solution:
- The cloud service provider must not have access to cryptographic keys of its customers. That is correct. For this to work, the cloud service provider must not have control over the infrastructure that manages the cryptographic keys. Only a strict separation between the infrastructure of the cloud provider and the key administrator can provide effective data protection solutions.
- Trust is good, control is better. Not all encryption solutions are equal. The core of an encryption solution should be transparent and accessible to everyone in principle. This is the only way to ensure that no backdoors are installed in the encryption software. The core of an encryption software should therefore be open-source, ie: visible to the public.
- Centralization: Monitoring and enforcement of corporate data protection requirements should be managed centrally. A company usually uses several business applications. It is not practical to use a proprietary encryption solution for any business application. Rather, there should be only one encryption infrastructure that controls and monitors privacy policies.
Encryption is fast becoming the sought-after technology for data security, especially for cloud protection. And when organizations remain in complete control of their own data, without even the cloud provider able to access it, then GDPR compliance will be met alongside full data protection.
RECOMMENDED FOR YOU