Despite the fact that cloud vendors are very good at security, and your average IT department is not, worries about security have long plagued those trying to advance the state of cloud computing. This week Microsoft executives plan to highlight their company’s approach toward cloud security as a competitive advantage, arguing it is uniquely positioned to handle the ever-expanding number of cybersecurity threats in our world.
Microsoft CEO Satya Nadella will take the stage Monday morning at Ignite, one of the company’s biggest events of the year held in Orlando, and security will be top of mind as he kicks off the show. Nadella will explain how Microsoft’s security teams recently discovered a sophisticated botnet operation thanks to machine-learning cloud tools, and how that expertise will help current and potential Azure customers stay safe within its public cloud infrastructure.
“As companies move to cloud, we need to make sure that they can be confident that their data is handled securely at all stages of its life cycle,” said Rob Lefferts, corporate vice president for security at Microsoft, in an interview prior to Ignite. “That it’s encrypted at rest, encrypted when in transit, and it’s protected even while in use on the processor.”
Nadella and other Microsoft executives will talk about a new “confidential computing” virtual machine based around Intel’s SGX technology that Azure users will be able to rent for sensitive workloads.
Microsoft Azure Chief Technical Officer Mark Russinovich first discussed plans for this confidential computing service at first at Build in May, and it will arrive in public preview next month, Lefferts said. Intel disclosed a security flaw in its SGX technology in August, but Microsoft has applied mitigations that should protect customers against that flaw, he said.
It will also roll out some new products that help protect employees, including Microsoft Authenticator support for apps that use Microsoft’s Azure Active Directory single sign-on technology allowing employees to sign into corporate resources without having to use a password. The Authenticator mobile app generates a code when employees sign into apps that support the technology using their username, a multifactor authentication process that a lot of security experts consider one of the best ways to protect their systems: something you know (username) and something you have (the code on your mobile phone).
“When an end user thinks about cybersecurity, they wish they didn’t have to think about cybersecurity,” Lefferts said. It’s something that is getting in their way, or it is downright frightening.”
The company will also introduce Microsoft Secure Score, a “report card” of sorts originally developed for Office 365 customers that will now analyze a customer’s security posture across Azure cloud services and Microsoft Enterprise+Mobility users. It also plans to introduce Microsoft Threat Protection, a security service for Microsoft 365 customers that uses machine learning to help assess security threats.