Enabling Virtual Private Cloud Security with Microsoft Azure and Fortanix®

richard searle fortanix
Dr Richard Searle
Published:Jul 13, 2023
Reading Time:4 mins
virtual private cloud security

Public cloud infrastructure provides organizations with a range of business benefits. Companies migrating to a cloud infrastructure model can obtain the ability to leverage potential cost efficiencies and enhance their operational flexibility and agility.

Through effective management of cloud computing, the enhanced customer experience and available competitive advantage can provide a foundation for growth and resilient in the face of contextual factors influencing the business.

The transition to cloud computing and realization of associated strategic objectives is not, however, without its challenges. Organizations incorporating infrastructure outside of the traditional security perimeter must ensure that operational efficiency does not come at the cost of systemic security.

Concerns regarding compliance with an increasing raft of data privacy legislation must be properly addressed within each jurisdiction where data resides and wherever that data is processed.

In an ideal scenario, organizations should be able to incorporate external cloud resources within their combined infrastructure without abdicating responsibility for control of data security to the cloud provider.

Fortunately, being an inaugural member of the Confidential Computing Consortium alongside IBM and Intel and the first to deliver confidential computing solutions based on Intel® Software Guard Extensions puts Fortanix and Microsoft Azure in a unique position to allow Azure customers to adopt cloud computing while retaining full control of data security and regulatory compliance.

Microsoft Azure has demonstrated leadership in the enablement of confidential computing technology within its datacenters, providing a range of deployment options across multiple geographic regions. Customers can take advantage of virtual machine instances, serverless infrastructure, and secure Kubernetes® clusters to suit the needs of their workloads.

Confidential computing protects data in use by performing computation inside a hardware-based, attested Trusted Execution Environment (TEE). Azure provides support for the deployment of TEEs powered by Intel®  Software Guard Extensions (Intel® SGX) and the new Intel® Trusted Domain Extensions (Intel® TDX)

As a pioneer of confidential computing technology, Fortanix® – the data-first security company, based in Santa Clara (CA) – has worked closely with customer organizations to support migration of sensitive data and applications to Azure. Fortanix® provides an independent control plane for enterprise key management and confidential computing implementation via the Fortanix Data Security Manager™ and Fortanix Confidential Computing Manager™ services, available via the Azure Marketplace.

Using the separate Fortanix Node Agent™ service from the Azure Marketplace, or within the Azure console environment, users can enroll confidential computing resources within a Fortanix Confidential Computing Manager™ account.

Once enrolled, data and containerized applications can be deployed within the Azure cloud using patented Confidential Computing Workflows, with independent control of cryptographic keys used to encrypt and anonymize data being retained by the data owner with Fortanix Data Security Manager™.

The ease of integration between Azure public cloud infrastructure and Fortanix® software enables deployment of data and applications secured by confidential computing within a matter of minutes. The incorporation of tamper-proof object level logs, indicating the attestation of TEEs, approval and execution of Workflows, and utilization of cryptographic keys, provides customers with an auditable record of data protection in use.

These logs can be used to demonstrate to regulatory agencies and end-users where data was used, based on the location of the hardware processor, and that data was shielded from both Azure employees and unauthorized applications.

The combined capabilities of Microsoft Azure and Fortanix® are, today, allowing their mutual customers to establish virtual private cloud (VPC) environments, across different Azure regions, to protect data encompassing Personally Identifiable Information (PII) and Protected Healthcare Information (PHI).

New, innovative, business models can now be successfully and safely implemented by customers while maintaining a consistent security posture between cloud and on-premises resources. Compliance teams can verify that data is processed in accordance with legal and organizational requirements under the strict privacy and security controls that are required by HIPAA, EU GDPR, and the Schrems II ruling.

With the increased power and memory space of 4th Generation Intel® Xeon® Scalable processors, high performance workloads can now be deployed at scale on Azure, including complex AI and machine learning applications. Intel®-based DCsv2, DCsv3, and DCdsv3 series virtual machine instances on Azure are used to support these services

Microsoft Azure and Fortanix® have demonstrated the ability to secure modern workloads across a broad spectrum of use-cases, including health care, financial services, and government applications. Find out how confidential computing within an Azure VPC environment can enhance organizational security posture and enable business innovation via the following resources:

Fortanix software can be deployed via the following Azure Marketplace listings:

Share this post: