Skip to content

Commit b59dbfa

Browse files
authored
Merge pull request #124093 from saketmicrosoft/patch-5
Update overview.md
2 parents 0677b0a + 0485bb4 commit b59dbfa

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

articles/confidential-computing/overview.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,14 @@ Confidential computing is an industry term established by the [Confidential Comp
1919
>
2020
> These secure and isolated environments prevent unauthorized access or modification of applications and data while they are in use, thereby increasing the security level of organizations that manage sensitive and regulated data.
2121
22+
Microsoft is one of the founding members of the CCC and provides Trusted Execution Environments (TEEs) in Azure based on this CCC definition.
23+
2224
## Reducing the attack surface
2325

2426
:::image type="content" source="media/overview/three-states-and-confidential-computing-consortium-definition.png" alt-text="Diagram of three states of data protection, with confidential computing's data in use highlighted.":::
2527

28+
Azure already encrypts data at rest and in transit. Confidential computing helps protect data in use, including cryptographic keys. Azure confidential computing helps customers prevent unauthorized access to data in use, including from the cloud operator, by processing data in a hardware-based and attested Trusted Execution Environment (TEE). When Azure confidential computing is enabled and properly configured, Microsoft is not able to access unencrypted customer data.
29+
2630
The threat model aims to reduce trust or remove the ability for a cloud provider operator or other actors in the tenant's domain accessing code and data while it's being executed. This is achieved in Azure using a hardware root of trust not controlled by the cloud provider, which is designed to ensure unauthorized access or modification of the environment.
2731

2832
When used with data encryption at rest and in transit, confidential computing extends data protections further to protect data whilst it's in use. This is beneficial for organizations seeking further protections for sensitive data and applications hosted in cloud environments.

0 commit comments

Comments
 (0)