Skip to main content

Microsoft’s confidential computing improves security for banks

Man looking at computer

Air travel is a big part of my role at Microsoft. Being on planes for hours allows me to get a lot of work done without much interruption. One thing I always install before I touch my surface keyboard is the privacy screen. Unless someone is just about sitting in my seat with me, the work that I am crafting on the screen can only be seen by me. That physical privacy screen is a critical component for protecting me, Microsoft and ultimately our customers and partners.

Well in parallel, the digital “privacy screen” for Microsoft’s Azure Cloud platform includes the hardening of data access using methods such as encrypting data at rest when stored in blob storage, or in databases, etc. And encrypting the data in transit between datacenters, across machines and throughout the network. Even if customers don’t encrypt the data they provide to us, we encrypt it anyway.

Privacy must go even further

When I think about data at rest and data in transit, these data stages are only 2 of the 3 really important stages to find data in. The third stage is where Microsoft is using its engineering prowess to encrypt data that is in use during computation. Now why is that important to a banking business executive or technology executive?

Bottom line, safeguarding data is an increasingly complex endeavor in today’s banking world. External threats are more sophisticated, and customers are becoming increasingly vigilant on how their data is both stored and utilized.

Did you know?

Data fraud or theft are now two of the top five risks CEOs are most likely to face according to the latest World Economic Forum report on global risks. Almost 80 percent of organizations are introducing digitally fueled innovation faster than their ability to secure it against cyberattackers. When it comes to banks innovating by leveraging current on-premises infrastructure, the vulnerabilities exponentially increase.

Executing business models on top of secure data

The question is no longer “how secure is the public cloud”, but instead, “how comparatively secure are legacy systems?” Microsoft Azure shares the burden of compliance and security, offering expertise that can be hard to find in-house. As banks continue to digitally transform, they have aspirations to build the ultimate curated experience for customers by serving as the financial nucleus, dependent upon the accessibility and richness of relationship, personal, behavior and social data. The channels used to collect such data during in-person visits or online banking sessions like contact, demographic, geographic, and governmental data, can also include their third-party partners for use of cookies, web beacons or other technologies to collect and store other information about sites visited. Banks are partnering with third party software providers to leverage more sophisticated solutions and reduce the time-to-market for products and services. Security during computation is even more important when data is traversing from one third party to the next.

The bank is in full control of its data

That data collection and use by the bank is covered by Azure Confidential Computing – which uses a Trusted Execution Environment (TEE) or “enclaves,” increasing the security of application code and data, and offering cloud-based attestation that is simple and highly available through advanced security features, granular privacy controls, and cloud optimized specifically for financial services. Azure Confidential Computing helps to secure the bank’s data while it’s in use. Azure is the first cloud platform to protect the confidentiality and integrity of data while it’s processed in the cloud. It is the cornerstone of our ‘Confidential Cloud’ vision, which includes the following principles:

  • Mitigate top data breach threats
  • Customers are in complete control of their data whether it’s at rest, in transit or in compute
  • Code running in the cloud is protected and verifiable by the customer
  • Data and code are opaque to the cloud platform, or put another way the cloud platform is outside of the trusted computing base

What’s the bottom line?

Today, it is becoming increasingly important to understand the full information data supply chain in order to ensure adequate data protection – even while being analyzed. Azure Confidential Computing takes data security to the next level and protects data while it’s processed in the public cloud through the use of secure enclaves. This security capability provides the missing piece for full data protection at rest, in transit, and in use.

Check out Azure for banking and capital markets to learn more about cloud solutions that address the biggest challenges in financial services.