Azure confidential ledger is now Generally Available!
I am pleased to announce that Azure confidential ledger is now generally available! Azure confidential ledger is an unstructured, trusted data store for important identifiers of sensitive data that require high integrity. Data records stored on Azure confidential ledger remain immutable (i.e. Write Once, Read Many) and can be cryptographically verified. It offers a simple experience with REST APIs that can be easily integrated into the application architecture.
As the name suggests, Azure confidential ledger utilizes the Azure Confidential Computing platform and the Confidential Consortium Framework to provide high levels of integrity that is protected and evident. Through the permissioned blockchain model, the service implements a network of nodes within dedicated, fully attested hardware-backed confidential enclaves. This unique approach provides the benefit of keeping the cloud administrator out, along with durability and high transaction performance.
The service is ideal for storing audit logs, hashes or metadata that must not be modified and will require verification. For example:
- Records relating to business transactions (e.g. money transfer or confidential document edits)
- Updates to trusted assets (e.g. core application or contracts)
- Administrative and control changes (e.g. granting access permissions)
- Operational IT and security events (e.g. alerts, compliance records)
USE CASES
Application verification for audit
Azure confidential ledger can be a simple mechanism for identifying unexpected modifications that occurred. For instance, the log or signature of a database can be added in the tamper protected Azure confidential ledger. If a mismatch is identified between the database signature and the record kept in the confidential ledger, it indicates additional investigation is required. This approach can be helpful in complying with regulatory requirements.
Multi-party transparency for audit
When multiple parties need to selectively disclose parts of the ledger for audit purposes, Azure confidential ledger can be useful. Imagine Bank A authenticates with a client certificate and then adds encrypted logs about operations on sensitive data; Bank B does the same. Each bank can only see what is relevant to them. When the bank needs to demonstrate compliance about the logs, they can selectively choose to share recorded ledger transactions with the auditor. The auditor can obtain the cryptographic proof of the presence of the transaction in the confidential ledger through a receipt.
Customers and partners who are using Azure confidential ledger
Carbon Assets Solutions is a precision measurement, recording and verification platform for atmospheric carbon removal via soil carbon sequestration. With Azure confidential ledger, we deliver higher integrity Carbon Credits than any other method.
– Sara Saeidi, Chief Operating Officer, Carbon Asset Solutions
It is critical within Financial Services that ledgers are accurate, resilient, and tamperproof. Azure confidential ledger enables RTGS.global to verify the integrity of all its ledgers, providing assurances to customers, central banks, and regulators that data held within RTGS.global is truly immutable.
– Andrew Smith, Chief Technology Officer, RTGS.global
The ledger technology in Azure SQL Database helps protect customer data from tampering. This is achieved by storing the data in a cryptographically protected data structure and generating digests that capture the database state. Customers use the digests to verify the database integrity, which is why storing them in a trusted and secure location is critical for the security of the system. Azure confidential ledger provides hardware level protection for the data it maintains. That makes it an ideal digest storage solution for Azure customers with the most stringent security requirements.
– Raghu Ramakrishnan, Chief Technology Officer for Data, Technical Fellow
Confidential computing is an evolution of how data is secured during processing. Avanade believes it will be critical as organisations begin to collaborate and share data in new ways, whether for customer sensitive data in finance and healthcare, or as part of the digital transformations happening now in manufacturing and logistics. Azure confidential ledger is a secure and flexible solution allowing developers to store any data in a trusted environment, backed by blockchain technology. Unlike other blockchain solutions, configuration and custom setup requirements are minimal. ACL is a lightweight addition to Microsoft’s confidential compute services, enabling information to be stored immutably with ease. ACL can form part of any solution requiring provenance for sensitive data, with hardware-backed guarantees that storing and processing activities are tamper-proof. ACL is ideally suited for data-owners to track, monitor, and audit changes over time securely.
– Fergus Kidd, Research and Development Engineering Lead, Avanade
How do I get started?
-
Sign in to Azure
Sign in to the Azure portal at https://portal.azure.com. -
Create a confidential ledger
Follow step-by-step portal instructions on creating a ledger. You can alternatively use the Python SDK. -
Transact with the confidential ledger
Use the functional APIs (data plane) to store data or verify information about the data.
Resources:
- Documentation: https://aka.ms/ACL-Docs
- How-to-guides:
- Webinars
Published on:
Learn moreRelated posts
Azure Developer CLI (azd) – November 2024
This post announces the November release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – November 2024 appeared...
Microsoft Purview | Information Protection: Auto-labeling for Microsoft Azure Storage and Azure SQL
Microsoft Purview | Information Protection will soon offer Auto-labeling for Microsoft Azure Storage and Azure SQL, providing automatic l...
5 Proven Benefits of Moving Legacy Platforms to Azure Databricks
With evolving data demands, many organizations are finding that legacy platforms like Teradata, Hadoop, and Exadata no longer meet their needs...
November Patches for Azure DevOps Server
Today we are releasing patches that impact our self-hosted product, Azure DevOps Server. We strongly encourage and recommend that all customer...
Elevate Your Skills with Azure Cosmos DB: Must-Attend Sessions at Ignite 2024
Calling all Azure Cosmos DB enthusiasts: Join us at Microsoft Ignite 2024 to learn all about how we’re empowering the next wave of AI innovati...
Query rewriting for RAG in Azure AI Search
Getting Started with Bicep: Simplifying Infrastructure as Code on Azure
Bicep is an Infrastructure as Code (IaC) language that allows you to declaratively define Azure resources, enabling automated and repeatable d...
How Azure AI Search powers RAG in ChatGPT and global scale apps
Millions of people use Azure AI Search every day without knowing it. You can enable your apps with the same search that enables retrieval-augm...