Leveraging the capabilities of AMD’s Epyc processors, Microsoft now allows anyone to run confidential containers on Azure. The public preview follows an earlier limited beta phase.

Microsoft releases confidential containers as public preview. The confidential or sensitive machines are part of Microsoft Azure Container Instances. This solution was released as a private preview in May 2022, but now anyone can get started.

encryption

Confidential containers use the same principle as confidential virtual machines. In other words, the solution ensures that data remains encrypted from outside prying eyes at all stages, even when the data is used by the processor.

This is extraordinary: data is traditionally encrypted when it is stored or transmitted, but the encryption is broken the moment it is loaded into memory by the CPU for calculations. This opens the door for abuse, although you need to be a talented hacker with advanced access to steal data this way. Typically, an attack must take place via a cracked hypervisor.

AMD technology

Such a risk is unacceptable for sectors that could be the target of targeted attacks. Microsoft is now accommodating companies in these sectors. To do this, it relies on Secure Encrypted Virtualization and Secure Nested Paging. These are two technologies that AMD has built into its server chips. The hardware-based technology allows encryption of storage while it is in use and is quite unique in the market. With SGX, Intel also offers a kind of encrypted “enclaves” on its chips, but the range of functions is not as extensive as that of AMD.

With confidential containers on Azure, Microsoft has an interesting solution to convince even more reluctant organizations to migrate to the cloud. Finally, encryption solves the most important security concerns.