Microsoft Corp. today announced a preview of new data security capabilities within its Azure cloud as part of a previously announced Azure Confidential Computing program.

Microsoft introduced Azure Confidential Computing last year, saying it would provide a way for customers to ensure their most critical data is protected at the hardware level so that even its own servers wouldn’t be able to access it without permission.

Azure Confidential Computing does this by running workloads in what are known as “trusted execution environments,” which allow for data to be processed without exposing it to the wider network.

To create these TEEs, Microsoft is using hardware in the form of specialized chips from Intel Corp. that are integrated with a technology called “Software Guard Extensions.” SGX can be thought of as a kind of instruction code that allows the allocation of private regions of memory, known as enclaves, which are protected from other processes running on the chip.

In a blog post, Microsoft Chief Technology Officer Mark Russinovich said the company is now making Intel’s SGX-enabled chips available on Azure in preview, with access limited to its East U.S. Azure region ahead of a wider launch.

Russinovich said there are many potential uses cases for the tech. For example, healthcare providers possess tons of confidential patient data that could be used for training machine learning algorithms. The problem is that use of this data is prohibited by regulations designed to protect patient privacy. But Russinovich said Azure Confidential Computing could satisfy these regulations by ensuring no one can access that data while it’s being used to train algorithms.

The general concept of confidential computing could well become another battleground among the key public cloud providers. While Microsoft is pursuing this hardware-based approach, its rival Google Inc. recently announced an open-source confidential computing framework called Asylo that’s based on software alone.

According to Google, the Asylo framework is superior because its software-based approach provides more portability and flexibility than hardware-based TEEs.

Analyst Holger Mueller of Constellation Research Inc. told SiliconANGLE that these kinds of confidential security features can be a big differentiating factor for public cloud providers such as Microsoft and Google.

“In the race to make its cloud infrastructure secure and easy to use, Microsoft has done that with its September announcements,” Mueller said. “And it is broad, given the use cases, with a variety of programming languages, including database offerings. Now we will see what chief information security officers will decide, as all major cloud platforms offer their ways of securing workloads.”

Image: TheDigitalArtist/Pixabay