Azure for Executives

Confidential Computing with Graham Bury, Eden Cohen, and Anna Montalat Campamar

Episode Summary

Microsoft believes security and information privacy are fundamental rights. And Microsoft has taken this to heart with a Confidential Computing initiative as part of the overall Azure promise on trust and security. On this episode, Graham Bury, Eden Cohen, and Anna Montalat Campamar talk about what Confidential Computing is, what is Microsoft’s vision for Confidential Computing in the Azure space is, pros and cons to computing confidentially on the cloud rather than a private data center, and a few stories about how partners and customers are working with Microsoft to move forward their own Confidential Computing initiatives.

Episode Notes

Microsoft believes security and information privacy are fundamental rights. And Microsoft has taken this to heart with a Confidential Computing initiative as part of the overall Azure promise on trust and security.

In this episode, Graham Bury, Eden Cohen, and Anna Montalat Campamar talk about what Confidential Computing is, what is Microsoft’s vision for Confidential Computing in the Azure space is, pros and cons to computing confidentially on the cloud rather than a private data center, and a few stories about how partners and customers are working with Microsoft to move forward their own Confidential Computing initiatives.

Episode Links:

Customer stories:


Graham Bury joined Azure’s Compute organization two years ago to lead the commercialization and developer platform for confidential computing.  He brings over 15 years of experience at Microsoft across client and service products from Windows to Surface Hub and HoloLens.

Follow him on LinkedIn or Twitter.

Eden Cohen joined Azure's Compute organization earlier this year and leads the infrastructure product team within Confidential Computing. He is responsible for virtual machine and hardware-based products. 

Follow him on LinkedIn.

Anna Montalat Campamar leads the product marketing efforts for Azure Security platform and Confidential Computing. She has experience in a wide array of technologies – from infancy such as quantum to growing ones, including confidential computing.

Follow her on LinkedIn or Twitter


David Starr is a Principal Software Engineer in the Commercial Marketplace Services team at Microsoft.

Follow him on LinkedIn and Twitter.

Episode Transcription

DAVID: Confidential Computing.  

Welcome to the Azure for Executives Podcast, the show for technology leaders. This podcast covers trends and technologies in industries and how Microsoft Azure is enabling them. Here you'll hear from thought leaders in various industries and technologies on topics important to you. You'll also learn how to partner with Microsoft to enable your organization and your customers with Microsoft Azure.  

Microsoft believes security and information privacy are fundamental human rights. And Microsoft has really taken this to heart with a confidential computing initiative as part of our overall Azure promise on trust and security. And to talk about that with us today, we have three wonderful guests who are deeply involved in Microsoft's confidential computing initiatives. And I'm going to ask that they introduce themselves. And Graham, I'll start with you. Graham Bury, if you wouldn't mind introducing yourself, that would be great.

GRAHAM: Thanks, David. It's a pleasure to be here. My name is Graham. I'm the lead on the commercialization and developer and deployment platform for Azure confidential computing. I've been on this team for a couple of years. Overall at Microsoft, I've been over 15 years. And I've typically done some pretty exciting V1 products from Surface Hub to HoloLens, from client to services. And now it's super exciting to be driving some of Azure's core future initiatives with confidential computing. I think my colleague Eden is here as well.

EDEN: Hey. Thanks, Graham. I'm Eden Cohen. I'm a peer of Graham. We both work on confidential computing. My team is focused on the infrastructure side of things. So we bring to market the products and the infrastructure that help computing become confidential, so think of things like virtual machines and other hardware-based products.  

I can't really hold a candle to Graham's 15 years at Microsoft. I only joined two and a half years ago. And my background is from the world of hardware and software, the combination. So I've worked at companies like Intel and Qualcomm before. And our last and most important guest is Anna. Anna, do you want to introduce yourself?

ANNA: Absolutely. Hello, everyone. I'm super excited to be here. My name is Anna Montalat. And I lead the product marketing efforts for Azure Security as well as Azure confidential computing. I've been at Microsoft now almost two years. And during those two years, I had the chance to work for different types of technologies such as quantum computing High-Performance Computing (HPC), and now being part of the confidential computing team, which I'm super excited of. Thank you so much for having me.

DAVID: Oh, this is great. We've got a lot of talent and brainpower here on the show today. I'm looking forward to this conversation. So let's start at the beginning. And that is that we heard a little bit already that Microsoft is really committed to a confidential computing Initiative for cloud. And some listeners may not even be familiar with the term confidential computing. Graham, I wonder if you could help us with that. What is confidential computing?

GRAHAM: Yeah, absolutely. Confidential computing is all about protecting data. So if we go back several years, we thought about solutions that do protection of data at rest and in transit through encrypting that data. So as an example, disk encryption or BitLocker protects that data. It can protect your data while it's in storage.  

Where confidential computing comes in, it's that final leg of that data protection lifecycle that says in addition to protecting at rest and in transit, how can we also protect it while in use? While data is loaded into memory running on a CPU, how can we ensure that the data is fully protected in that state as well? And then that will complete this end-to-end data protection.

For example, there are lots of cases where companies might be reluctant to move their data to the cloud because it is subject to very sensitive PII being included in their datasets that it's just regulations or compliance that would maybe keep this data on-premises. Or just being able to unlock that data with potential with scalable infrastructure is the desire. And then, some of these regulatory constraints keep them from moving to the cloud.  

So confidential computing in the cloud is really about bringing some of these data-in-use protections to the Azure cloud to go and unlock some of these different types of use cases. And it's more than just single companies. We see multiple times companies joining together to combine datasets in a very secure and confidential way to provide deeper analytics. I'm sure we can get into some of those customer examples today.

I can tell you we're taking it very serious in Azure. We're actually the first cloud provider to offer VMs and containers running with confidential computing. And it's beyond Azure as well. We're part of a consortium of cloud providers, vendors, and solution providers as part of Confidential Computing Consortium, the CCC. We were a founding member of this organization two years ago. And it's effectively trying to push the needle forward across the industry so that we can holistically together protect data-in-use.

DAVID: So it sounds like we've got some standardization out there already with the Confidential Computing Consortium working together, which is pretty cool and highlights Microsoft's investment in confidential computing. It goes far beyond the organization, bigger than Microsoft as an initiative, in fact. So given that we're deeply committed to the cause, Anna, I wonder if you could talk with us a little bit about what Microsoft's vision for confidential computing is in the Azure space.

ANNA: Yes. Absolutely, David. So the way that Microsoft is envisioning confidential computing is that we really need to transform the Azure cloud into the Azure confidential cloud. And this is something that customers these days are already asking for. We need to do this for them. Customers really want to innovate. They want to build and securely operate their applications. And this means that we need to provide them with the highest level of privacy and security solutions.  

So really, with confidential computing, what we are trying to do is moving from computing in the clear to computing confidentially. So what we are trying to do with confidential computing is really moving from computing in the clear to computing confidentially. And Microsoft's commitment in security is super strong and very firm.  

Microsoft has already committed to invest more than $20 billion over the next five years in advancing our security solutions. And we also have very strong partnerships to deliver further innovation. We have very strong partnerships with our hardware vendors and innovations with Microsoft to bring the highest levels of data security and privacy to our customers.  

And last but not least, from a roadmap perspective, we are going to continue to drive confidential computing innovations horizontally across our Azure infrastructure but also vertically through all the Microsoft services that run on Azure.

DAVID: I wonder if you could expand on that just a little bit, Anna. The idea, as I understand it, was that we already in Azure treat data very confidentially by ensuring that data at rest and in transit is encrypted. Is there something more that we're going to do there with the services that you just mentioned in Azure?

ANNA: Yes. As of now, Azure is the cloud provider that has more solutions in regards to confidential computing and that expands hardware and software, including services. So we are offering not only a wide array of hardware and infra solutions that includes virtual machines, that includes containers, but also services that customers can also leverage within Azure to ensure that they run confidential workloads, for example, SQL Always Encrypted, Azure Confidential Ledger, Microsoft Azure Attestation, and so on. And all that contributes to having a very confidential and secure cloud ecosystem for our customers.

GRAHAM: I'll just add on one thing. The way we see it is when customers bring their workloads to Azure, it's not just about using the compute, or it's not just about using a single service. They really come and build an entire solution or application solution within Azure. So when thinking about protecting the data as best as possible, we do have some of these great security mechanisms in place today, whether it's Sentinel and detecting potential malicious behavior, whether it's policies that keep data from being accessed by anyone from within Microsoft.  

Confidential computing, we really go one step further with added defense in depth right down to the silicon. And that's the differentiation that we're bringing to our customers through Azure. We're just adding into the controls we already have in place with innovative new hardware that we recently announced. I think that's where Eden can go into lots more details there.

DAVID: Yeah. You've mentioned it already, but there have been some really big announcements made recently to deliver on this personal computing vision, I understand. So, Eden, maybe you could take us through those. What are some of the things Microsoft is doing to further the effort?

EDEN: Definitely. So we're recording this in November. And November has been that very eventful month for Azure in general but specifically for confidential computing because we announced an array of important releases that give a lot of substance to that vision that Anna described. And let me perhaps touch on a few of these announcements and what they mean to our customers.  

So the first was that Trusted Launch is now in general availability. And what Trusted Launch is, is a free add-on feature that you can now enable on most of your virtual machines. And it helps you prevent and detect sophisticated attacks that target core components in the machine's boot path. So think, for example, about your OS, the kernel, any elevated device drivers, and so on. If malware can infect these foundational components, it's quite easy for it to hide in place for years and to go unnoticed. But with Trusted Launch, attacks like these which we're seeing more and more in the wild, including, by the way, from nation-state actors, they become in order of magnitude harder to pull off. So that's Trusted Launch.  

Another major announcement that we made was the availability of public preview of our new virtual machines powered by Intel's Ice Lake processor with SGX. SGX stands for Software Guard Extensions. And SGX is this fantastic platform if you want to process the most security-sensitive data. It really doesn't get more secure than this with modern server architectures. And the nitty-gritty of this, to Graham's point, is that you have a hardware enclave which is part of the Intel CPU. And you can deploy and process all the sensitive data as part of the applications or as part of containers that run inside the boundaries of this enclave.  

So whatever is in the enclave, it remains encrypted; it remains isolated. And nothing outside the enclave gets access to the code or to the data, not even the admin of the virtual machine, not the cloud administrator, not any technician walking inside the data center, not software components running on the customer's own VM. It's all protected by hardware to keep everything outside the enclave at what I call safe cryptographic distance.

And what we've done with Ice Lake is we've worked together with our partners at Intel to turbocharge what you can run inside that enclave by a factor, believe it or not, of more than 1000. So you can now process workloads of 250 gigabytes in that enclave as opposed to something like 200 megabytes in the previous generation. And you can do this with VMs that have up to 48 physical CPU cores, which is again several times more than the previous generation. So this is Ice Lake. That was our second announcement.  

And last but not least, we also announced an upcoming public preview of confidential VMs that are powered by AMD, specifically AMD's 3rd generation EPYC processors. And this is a really interesting technology because it harnesses what AMD calls SEV-SNP. Graham, do you remember what that stands for? [chuckles]

GRAHAM: Secure Encrypted Virtualization with Secure Nested Paging.

EDEN: Awesome. Thank you. [laughs] Don't try this at home, guys. But what this allows us to offer is fully encrypted virtual machines, both the memory and the CPU state as the machine is running. And this is done with keys that are generated by the CPU and that never leave the CPU. So essentially, this is designed to offer confidentiality not only between different cloud customers but also between the customers and the cloud itself.  

And it's all in the virtual machine layer. And this is what our customers use the most. So you don't need to change any code. You don't need to deploy in any container. You don't need to rebuild any apps. It's all very straightforward to go confidential on the cloud but without the technical expertise or that investment which is often required to do that. So that was our third big announcement, those AMD-powered confidential VMs.

GRAHAM: And don't forget, Eden, we're also making those VMs available in Kubernetes. So customers can bring their container-based workloads onto these data-encrypted VMs as well.

EDEN: Absolutely. And this, with confidential computing, is our vision. We want to make it available to customers where they expect to meet it. Customers who operate at the PaaS level will have a battery of options. Customers who prefer to operate at the infrastructure level can harness those confidential VMs, whether they're powered by Intel with its unique value proposition or AMD with their unique value proposition.

DAVID: That's a really great trip through some pretty impressive technology, I have to say. And I'm wondering what it really means to folks who maybe some of our listeners who've been hesitant to move to the cloud because of confidentiality. We've got all these capabilities now. But what does it really mean when we're talking about people bringing their confidential workloads to Azure and giving them some confidence in those compute workloads?  

So we just heard about a bunch of great announcements. And I'm wondering what they mean for organizations around the world that are currently using Azure but may be holding back on some of those workloads or for folks who might be considering bringing workloads to Azure. And, Anna, maybe you can take us through that.

ANNA: Yeah, absolutely. So we basically see that the path to mainstreaming confidential computing is where we can provide a superior experience to customers, and at the same time, enable APIs that enable customers to really verify the security of their data in the cloud, in the Azure cloud by themselves.  

And when we have a look at the industries that are being adopters of the technology, it's no longer the regulated industries that maybe they originally got more interested in confidential computing. Now we also see a lot of interest across industries, and by that, I mean retail, manufacturing, energy. So it's really expanding across the board.  

And what we expect with these announcements and also with the many more innovations that we will have coming very soon is that we really want to make it super simple for customers to take their existing virtual machines, containers, and other application platform capabilities and make them confidential.  

And the reality is that as we are closely working with customers. We also acknowledge that one size does not fit all. Organizations are going through different journeys. They need different solutions. And with Azure confidential computing, we are really offering multiple solutions tailored to each organization's needs to make sure that still their data is private and secured. And you can move to the cloud with confidence.

DAVID: That makes a lot of sense that people at this point who might be running compute on-premises because of concerns about privacy and confidentiality maybe can have a bit more confidence in bringing their workloads to the cloud. So with that, Eden, maybe you could take us through a little bit about what the pros and cons might be of computing confidentially on the cloud rather than maintaining my own data center or maintaining an on-premise installation of my servers.

EDEN: So organizations that we talk to...large companies that hail from all industries, and SMEs, governments, nonprofits, and so on, all want to be in the cloud. And they want to accomplish as much as they can on the cloud. There's no question about it. What confidential computing empowers organizations to do is to migrate additional workloads to the cloud but also to upgrade the security posture of existing cloud applications.

So quite naturally, there's an attempt, I guess, to compare confidential cloud computing to on-premises. But, David, the reality is that confidential computing is a different paradigm altogether. And there are a few reasons for this. On one hand, you benefit from the enormous business and operational and technical advantages of cloud computing. And on the other hand, you don't need to compromise on security. In fact, you upgrade your security as you move to the cloud. And this is because security isn't only about operations or who has access to what. Security is just as much about configuration and maintenance.  

When you operate on-premises, your data might physically reside on your property. But if the network technician, for example, didn't install the right software updates for the firewall, or maybe you're still running this five-year-old server for your Active Directory, well, that data is at risk. And that's how some recent ransomware attacks have started. It's important to remember that what protects data isn't where it physically is. It's how it moves around and how it gets processed.  

So with confidential computing, customers have the peace of mind that comes with the cloud's managed infrastructure, but without the data being exposed to that infrastructure, that's really the key point. So it's really additive to what the cloud already does and does very well. And as Graham was mentioning, the final leg of the data protection lifecycle data isn't only secure at rest when it's on storage or disc, and it's not only secured in transit when it moves across the network. But it's also protected in use when it's processed inside a database, or by a data visualization platform, or when it's used to train an AI model.  

So to summarize, confidential computing is really the missing piece in today's data model. It allows data to be protected throughout that entire lifecycle. And that's rarely the case with on-prem deployments. And we're working to make sure that this will be the case on the cloud.

DAVID: That makes a really good case. And I am starting to get the difference between the value of being isolated on-premise versus computing in the cloud with these security measures in place. So that makes a great deal of sense. It's really great to hear about some of our partners or customers who have taken advantage of the technologies and initiatives that we offer. So maybe to Graham, do you have one or two stories that you might be able to share about our partners who are working with us to move forward on their own initiatives?

GRAHAM: Yeah, absolutely. That's my favorite part of the job is seeing successes through our customers and partners. Anna specifically mentioned before the regulated industries. We've had lots of customers coming from these healthcare or financial type companies to be able to move to the cloud with some really sensitive data. This is personal healthcare information, medical records, or financial transaction data. And these are all industries that are very regulated and governed in terms of what can be done with that data.  

And the most exciting thing that we've seen with customers is thinking a little bit outside of the box from just a single application or within their company because confidential computing can unlock solutions to industry and world-scale type problems. One example is in Canada; the banks are collaborating together. And they're looking to use confidential computing to tackle money laundering and ramifications of fraud in banking.  

So this is where multiple banks can confidentially combine their data within Azure and Azure confidential computing so that they each put their data, control the keys to that data into the black box of confidential computing, run machine learning analysis against that combined set of data where no contributing party can see the data of each other. And then, the insights can be shared back so that each bank can get identifiers of potential fraudulent behavior within each bank, again, not exposing the data to each other. So some really fantastic industry-wide use cases can come to be.

Same in the medical space we see with customers like Secure AI Labs. That is one of our partners working with researchers for a platform that can enable researchers to get access to healthcare data. Or University of California San Francisco, UCSF they have a BeeKeeperAI platform that, again, is aimed to speed up researchers getting access to healthcare data in a compliant and secured way so that they can test their models against a broader set of real-life medical records. And this helps keep medical records secure when they're operating in the cloud as well as speed up the times to get the iterations on their models to really prove out the data models and speed up time to disease diagnoses.  

So we're seeing some really powerful scenarios happen across some of these industries. And it's not limited to regulated industries, as Anna mentioned. We see some very, very interesting cases with Signal messenger. They leverage confidential computing to keep their customer data protected. Because ultimately, there are services that run out there that want to ensure both the data is protected from the cloud provider in terms of Azure as well as being protected from themselves. So they're not liable for that data as well. So these companies can go and provide services to their customers without having to know about or store that personal information, very, very powerful solutions.  

We also have a growing partnership ecosystem that's forming; some are in our Azure marketplace. And we see solutions that customers can work with are software vendors who have these great solutions from easy ways to onboard containers as confidential containers, or even data clean rooms for doing some of this combining datasets into confidential, bigger data sets for shared analysis without giving any access. So again, between the customers lighting up and the solutions that we're seeing our partner ecosystem, it's super exciting to see the impact that these different companies can make with confidential computing in Azure.

DAVID: Those are just some really great stories. And you're making the geek in me want to dig down two more layers into this to really truly understand how it works at the technical level. But that's beyond the scope of what we're going to be able to cover today. Unfortunately, we're winding down in the show.  

And accordingly, we always like to ask a question about getting started. So it seems like there is a right way to navigate these different options. We've heard a lot of them for deploying confidential computing solutions. But, Anna, I'm wondering how people can get started because we've heard a lot of information here today. And we want to be able to sift through it and understand how I, as somebody coming to the Microsoft Cloud, might get started with these initiatives.

ANNA: Yes. I certainly recommend checking our website, which is And this is the best way to stay connected and learn about the latest innovations not only in Azure but in the confidential computing space.  

And last but not least, I totally encourage to have a look at our blog that we release for Microsoft Ignite now in November, which is, where we really lay the foundations of confidential computing in Azure. So this really means what confidentiality means in the Azure cloud as well as sharing a couple of examples of some of our customers and the great things that they are doing leveraging confidential computing for their own organizations and their own consumers.

DAVID: Okay, thanks. That's great. Those are a few great resources for me to sift my way through all of this and get started. And not to sound pedantic about this, but really, better than any other episode I think we've had on the show, this one demonstrates that Microsoft really does run on trust.  

And one thing I'll mention is that, of course, we'll post all of the links that were mentioned in the show today so that people can come to our show notes and proceed from there, and all the social handles, of course, for our guests so you can follow and meet them online.  

And with that, I just want to say thank you so much to our guests today. And Graham, Eden, and Anna, just thank you for the great conversation. And I think our listeners are going to get a lot of value out of considering moving into some of these confidential computing technologies that you are bringing to market. It's great stuff.

EDEN: Awesome. We hope it was helpful.

GRAHAM: Yeah. Thanks, David. Pleasure to be here.

ANNA: Thanks, David, for having us. It was fun.

EDEN: Absolutely. Thank you, David.

DAVID: Thank you for joining us for this episode of the Azure For Executives Podcast. We love hearing from you. And if you have suggestions for topics, questions about issues discussed on the show, or other feedback, contact the show host, David Starr or Paul Maher, through the social media links included in the show notes for each episode. We look forward to hearing from you.