Azure Confidential Computing and Zero Trust

Azure Confidential Computing and Zero Trust

by Razi Rais, Jeff Birnbaum, Graham Bury, Vikas Bhatia
Released November 2023
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098153809

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Razi Rais, Graham Bury, Jeff Birnbaum, and Vikas Bhatia from Microsoft reveal how Microsoft Azure confidential computing (ACC) empowers organizations to align with zero trust principles while leveraging Azure cloud to design and deploy highly confidential applications. ACC offers a holistic solution for confidential computing and supports a variety of workload modalities ranging from lift-and-shift containerized applications to cutting-edge artificial intelligence use cases.

This report is ideal for CISOs, technical managers, cloud architects, IT decision makers, and anyone else in a senior technical leadership position who wants to learn:

  • What confidential computing (CC) is and what problem it solves
  • How key tenets of CC enable zero trust principles
  • How Microsoft's Azure confidential computing enables organizations to take advantage of confidential computing at cloud scale
  • Various ACC offerings, including core services and support for IaaS-, PaaS-, and SaaS-based workloads
  • Real-world CC use cases and case studies, as well as Microsoft's role in CC advancement

Table of contents

  1. Foreword
  2. 1. Understanding Confidential Computing and Trust
    1. Confidential Computing Overview
      1. Confidential Computing Definition
      2. Key Features of Confidential Computing
      3. Confidential Computing in the Data Protection Lifecycle
    2. Memory Isolation Levels
      1. Confidential Computing and Zero Trust
      2. Zero-Trust Principles
      3. Importance of Hardware Root of Trust for Zero Trust
      4. Importance of Attestation for Zero Trust
      5. Memory Isolation Level and Zero Trust
  3. 2. Use Cases and Scenarios
    1. Lift and Shift
    2. Sovereign Government Workloads
    3. Data Clean Rooms
    4. Confidential AI
    5. Other Use Cases
  4. 3. Azure Confidential Computing Portfolio
    1. ACC VMs
      1. Confidential VMs
      2. VMs with Application Enclaves
      3. Confidential VMs with Confidential GPUs
    2. ACC Container-Based PaaS
      1. Confidential VM Node Pools for Azure Kubernetes Service (AKS)
      2. VM with App Enclave Node Pools for Azure Kubernetes Service (AKS)
      3. Confidential Containers for Azure Container Instance (ACI)
      4. Confidential Containers for Azure Kubernetes Service (AKS)
    3. Supporting Services and Features for ACC
      1. Microsoft Azure Attestation
      2. Guest Attestation
      3. Secure Key Release
      4. Trusted Launch for Gen 2 VMs
      5. Disk Encryption with Customer-Managed Keys
      6. Managed HSM
    4. Other ACC PaaS and SaaS
      1. Azure Confidential Ledger (ACL)
      2. Managed Confidential Consortium Framework (CCF)
      3. Always Encrypted with Secure Enclaves
      4. PaaS with a Confidential VM Option
  5. 4. Road Ahead
    1. Microsoft’s Vision for Confidential Computing
      1. Innovation
      2. Confidential Consortium Framework (CCF)
      3. Confidential Computing Consortium (CCC)
    2. Resources
      1. Customer and Partner Case Studies
      2. Readiness
  6. A. Abbreviations and Acronyms
  7. B. Confidential Computing and Other Privacy-Enhancing Technologies
  8. About the Authors

Product information

  • Title: Azure Confidential Computing and Zero Trust
  • Author(s): Razi Rais, Jeff Birnbaum, Graham Bury, Vikas Bhatia
  • Release date: November 2023
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098153809