Choosing an Azure Ledger Technology

At the annual Microsoft Build 2021 Developer Conference, we announced two new products that are based on blockchain technology.  Azure Confidential Ledger, now in preview, offers a fully managed service for customers who need to store sensitive data with high integrity and confidentiality. Azure SQL Database ledger, also in preview, enables storage of sensitive relational data in a tamper-evident way.

In this blog post, we’ll introduce you to both of these new products as well as help you understand when it makes sense to use them individually, together, and even with an existing blockchain system.

Azure Confidential Ledger

Enterprises running sensitive workloads need a secure way to store their logs and important metadata while collaborating with other parties.  The Confidential Consortium Framework (CCF) is a Microsoft-created open framework for building confidential permissioned blockchain services. By running a confidential blockchain network of nodes in secure enclaves, data remains append-only with immutability guarantees and the data from the client goes straight to the ledger's enclaves. 

Building on the CCF framework, Azure Confidential Ledger (preview) provides the ability to store sensitive data records with integrity and confidentiality guarantees, all in a highly available and performant manner. Stored data remains immutable and tamper-proof in the append-only ledger with the benefits of a fully managed solution that provides infrastructure and operations so customers can get started quickly. The service provides these assurances by harnessing the power of Confidential Computing's secure enclaves when setting up the decentralized blockchain network. Microsoft’s access is limited to setting up and managing the network, and this specialized design means that only the customer has access to transaction data in the Confidential Ledger.

Asking yourself the following questions can help you decide if Azure Confidential Ledger is right for you:

1. Do you need to store unstructured data (i.e. files, digests) that must remain intact for recordkeeping purposes?
2. Are you working with sensitive workflows where confidentiality must be maintained?
3. Are you in need of a service that has high integrity and security with a minimalistic trusted computing base?
4. Are you working with parties that need irrefutable evidence that tampering did not occur to the stored data?

If you said yes to one or more of these, Azure Confidential Ledger is right for you. Customers have been using Azure Confidential Ledger in various ways. Novaworks, an e-parliamentary software solution, is using Azure Confidential Ledger to securely log votes in a tamper-proof ledger for a high-fidelity voting process.

Azure SQL Database ledger

Azure SQL Database ledger (preview) is a tamper-evident solution for your databases that provides cryptographic proof of your database’s integrity.  Using a blockchain data structure implemented as system tables in your database, the ledger feature ensures that any transaction which modifies relational data in your database can be tracked, and any potential tampering detected and easily remediated.  Providing proof that your data has not been tampered with is as simple as running a stored procedure that compares the calculated cryptographic hashes in your database against a database digest, which is published automatically in a secure location, such as Azure Confidential Ledger. 

Ledger is a feature of Azure SQL Database, meaning there is no additional cost to add tamper-evidence capabilities.  You don’t have to migrate data from your existing SQL databases to add tamper-evidence capabilities and no changes are needed to your applications as ledger is an extension of existing SQL table functionality. 

Asking yourself the following questions can help you decide if Azure SQL Database ledger is right for you.

1. Do you have business-critical data in Azure SQL Database where you must ensure data integrity is intact?
2. Can 3^rd parties who interact with your data accept a “trust, but verify” model rather than each party having a copy of the ledger?
3. Do you need to prove to auditors or regulators that your data has not been tampered with?
4. Do you have a need for queryability and strong data management capabilities, such as streaming data from a blockchain to an off-chain store while maintaining integrity from on-chain to off-chain?

If you can answer “yes” to any of these questions, then Azure SQL Database ledger is right for you.  Customers like RTGS.global, who provide a global liquidity network for banks, are already using this capability to provide a ledger of transactions to regulators to prove that global banking transactions have not been tampered.  Read our blog to learn more.

Putting it all together

Trust is foundational in any business process that spans organizational boundaries.  Microsoft goes beyond traditional blockchains, using the building blocks of this technology as the underpinning for the distributed ledger of Azure Confidential Ledger and the consolidated data store of Azure SQL Database ledger.  These solutions empower our customers to apply the power of blockchain to sensitive data, simplifying solution development, reducing cost and providing a new level of digital trust to transactions.

Deciding which technology is best for your needs ultimately depends on the level of trust between parties transacting with the data, and the type of data being protected.  In addition to the points mentioned above, consider the following when deciding whether Azure SQL Database ledger or Azure Confidential Ledger is right for you.

Learn more

• Read the Azure Confidential Ledger announcement blog and documentation to learn more about how this new service is empowering our customers and securing their work.
• Read the Azure SQL Database ledger documentation and whitepaper to learn more about how the ledger feature works and how to use it with your Azure SQL Database.