Introducing Azure confidential computing
This is interesting. Microsoft has announced that they are introducing the capability of offering a protection that to date has been missing from public clouds, encryption of data while in use. The are calling this "Azure confidential computing".
Confidential computing ensures that when data is “in the clear,” which is required for efficient processing, the data is protected inside a Trusted Execution Environment (TEE - also known as an enclave), an example of which is shown in the picture at the top of this post. TEEs ensure there is no way to view data or the operations inside from the outside, even with a debugger. They even ensure that only authorized code is permitted to access data. If the code is altered or tampered, the operations are denied and the environment disabled. The TEE enforces these protections throughout the execution of code within it.
With confidential computing, customers can move the data to Azure knowing that it is safe not only at rest, but also in use from the following threats:
Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
Hackers and malware that exploit bugs in the operating system, application, or hypervisor
Third parties accessing it without their consent