Loading...

Azure confidential ledger is now Generally Available!

Azure confidential ledger is now Generally Available!

I am pleased to announce that Azure confidential ledger is now generally available! Azure confidential ledger is an unstructured, trusted data store for important identifiers of sensitive data that require high integrity. Data records stored on Azure confidential ledger remain immutable (i.e. Write Once, Read Many) and can be cryptographically verified. It offers a simple experience with REST APIs that can be easily integrated into the application architecture.

As the name suggests, Azure confidential ledger utilizes the Azure Confidential Computing platform and the Confidential Consortium Framework to provide high levels of integrity that is protected and evident. Through the permissioned blockchain model, the service implements a network of nodes within dedicated, fully attested hardware-backed confidential enclaves. This unique approach provides the benefit of keeping the cloud administrator out, along with durability and high transaction performance.

The service is ideal for storing audit logs, hashes or metadata that must not be modified and will require verification. For example:

  1. Records relating to business transactions (e.g. money transfer or confidential document edits)
  2. Updates to trusted assets (e.g. core application or contracts)
  3. Administrative and control changes (e.g. granting access permissions)
  4. Operational IT and security events (e.g. alerts, compliance records)  

 

USE CASES

 

Application verification for audit

Azure confidential ledger can be a simple mechanism for identifying unexpected modifications that occurred. For instance, the log or signature of a database can be added in the tamper protected Azure confidential ledger. If a mismatch is identified between the database signature and the record kept in the confidential ledger, it indicates additional investigation is required. This approach can be helpful in complying with regulatory requirements.

ShubhraS_0-1657926412113.png

 

 

Multi-party transparency for audit

When multiple parties need to selectively disclose parts of the ledger for audit purposes, Azure confidential ledger can be useful. Imagine Bank A authenticates with a client certificate and then adds encrypted logs about operations on sensitive data; Bank B does the same. Each bank can only see what is relevant to them. When the bank needs to demonstrate compliance about the logs, they can selectively choose to share recorded ledger transactions with the auditor. The auditor can obtain the cryptographic proof of the presence of the transaction in the confidential ledger through a receipt.

ShubhraS_1-1657923870133.png

Customers and partners who are using Azure confidential ledger


Carbon Assets Solutions is a precision measurement, recording and verification platform for atmospheric carbon removal via soil carbon sequestration.  With Azure confidential ledger, we deliver higher integrity Carbon Credits than any other method.
– Sara Saeidi, Chief Operating Officer, Carbon Asset Solutions

ShubhraS_2-1657923944129.png

 

It is critical within Financial Services that ledgers are accurate, resilient, and tamperproof.  Azure confidential ledger enables RTGS.global to verify the integrity of all its ledgers, providing assurances to customers, central banks, and regulators that data held within RTGS.global is truly immutable.

– Andrew Smith, Chief Technology Officer, RTGS.global

ShubhraS_3-1657923944132.png

 

The ledger technology in Azure SQL Database helps protect customer data from tampering. This is achieved by storing the data in a cryptographically protected data structure and generating digests that capture the database state. Customers use the digests to verify the database integrity, which is why storing them in a trusted and secure location is critical for the security of the system. Azure confidential ledger provides hardware level protection for the data it maintains. That makes it an ideal digest storage solution for Azure customers with the most stringent security requirements.

– Raghu Ramakrishnan, Chief Technology Officer for Data, Technical Fellow

ShubhraS_4-1657923944133.png

 

Confidential computing is an evolution of how data is secured during processing. Avanade believes it will be critical as organisations begin to collaborate and share data in new ways, whether for customer sensitive data in finance and healthcare, or as part of the digital transformations happening now in manufacturing and logistics. Azure confidential ledger is a secure and flexible solution allowing developers to store any data in a trusted environment, backed by blockchain technology. Unlike other blockchain solutions, configuration and custom setup requirements are minimal. ACL is a lightweight addition to Microsoft’s confidential compute services, enabling information to be stored immutably with ease. ACL can form part of any solution requiring provenance for sensitive data, with hardware-backed guarantees that storing and processing activities are tamper-proof. ACL is ideally suited for data-owners to track, monitor, and audit changes over time securely.

– Fergus Kidd, Research and Development Engineering Lead, Avanade

ShubhraS_5-1657923944133.png

How do I get started? 

  1. Sign in to Azure 

    Sign in to the Azure portal at https://portal.azure.com. 
  2. Create a confidential ledger  

    Follow step-by-step portal instructions on creating a ledger.  You can alternatively use the Python SDK.
  3. Transact with the confidential ledger

    Use the functional APIs (data plane) to store data or verify information about the data.  

 

Resources:

 

 

 

 

 

 

 

Published on:

Learn more
Azure Confidential Computing Blog articles
Azure Confidential Computing Blog articles

Azure Confidential Computing Blog articles

Share post:

Related posts

Azure Developer CLI (azd) – November 2024

This post announces the November release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – November 2024 appeared...

1 day ago

Microsoft Purview | Information Protection: Auto-labeling for Microsoft Azure Storage and Azure SQL

Microsoft Purview | Information Protection will soon offer Auto-labeling for Microsoft Azure Storage and Azure SQL, providing automatic l...

1 day ago

5 Proven Benefits of Moving Legacy Platforms to Azure Databricks

With evolving data demands, many organizations are finding that legacy platforms like Teradata, Hadoop, and Exadata no longer meet their needs...

2 days ago

November Patches for Azure DevOps Server

Today we are releasing patches that impact our self-hosted product, Azure DevOps Server. We strongly encourage and recommend that all customer...

3 days ago

Elevate Your Skills with Azure Cosmos DB: Must-Attend Sessions at Ignite 2024

Calling all Azure Cosmos DB enthusiasts: Join us at Microsoft Ignite 2024 to learn all about how we’re empowering the next wave of AI innovati...

3 days ago

Getting Started with Bicep: Simplifying Infrastructure as Code on Azure

Bicep is an Infrastructure as Code (IaC) language that allows you to declaratively define Azure resources, enabling automated and repeatable d...

4 days ago

How Azure AI Search powers RAG in ChatGPT and global scale apps

Millions of people use Azure AI Search every day without knowing it. You can enable your apps with the same search that enables retrieval-augm...

8 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy