AzureBootcamp2023: Data Clean Rooms & Confidential Computing by David Sturzenegger & Primo Amrein

Transcript

1. 2023 #azurebootcampch

2. www.azurebootcamp.ch www.azurezurichusergroup.com https://www.meetup.com/de-DE/ Azure-Cloud-Bern-User-Group/

3. Manu Meyer Stefan Roth Stefan Johner

4. https://www.azurebootcamp.ch/sessions/

5. Please be on time! https://www.azurebootcamp.ch/sessions/

6. «…a non-profit community conference…»

7. https://www.irene-bizic.com/ Fotographer: Irene Staff:

8. Upcoming Events §16.05.2023 Azure Zurich: Scale with KEDA and Container

   Apps §07.06.2023 Azure Bern: Manage and Govern your Hybrid Servers using Azure Arc §29.08.2023 DotNET Day Switzerland 2023 §18. – 20.09.2023 Experts Live Europe, Prague
9. None

10. Over a decade of helping our customers on their journey

    to/in the Microsoft cloud We are supporting them wherever they are.

11. Modernisation Change management Strategy development Governance/ security Compliance/ placement Solution

    design Migration Compliance Security Optimisation/ FinOps Support/ reliability Buy-in/ commitment Migration strategy (7 Rs) Architecture Costs/ benefits Set-up of landing zone Governance Business continuity Operation/ lifecycle Innovation Concept Implementation & transformation Operation & optimisation Strategy Risk management Strategy approved Roadmap available Rollout 3 2 1

12. 12 We are the trusted advisor of choice for many

    companies

13. 10:40h, Room 3.14: Azure FinOps: The Quiz 16:35h, Room 3.54:

    Fully automated & cloud-native data platform Whole day: Swisscom / itnetX booth 13 Our presence today
14. None

15. Azure Swiss DCs Update Primo Amrein – Cloud Lead Microsoft

    Switzerland

16. Azure Workloads Launched Since Last Bootcamp (1/2) • Azure Container

    Apps in Switzerland North Deploy containerized apps without managing complex infrastructure with this fully managed serverless platform service. Build and deploy modern apps and microservices at scale. Applications built on Azure Container Apps can dynamically scale based on the following characteristics: HTTP traffic, event-driven processing, CPU or memory load. • Azure IoT Hub in Switzerland North and West Cloud-hosted solution to connect, monitor and manage IoT assets • Azure Ultra Disks in Switzerland North Highest-performing storage, suited for data-intensive workloads such as SAP HANA, top-tier DBs and transaction-heavy loads

17. • Azure Spring Cloud Service in Switzerland North Open-source application

    framework providing infrastructure support for developing Java applications • Azure DNS Private Resolver in Switzerland North Enables to query Azure DNS private zones from on-prem environment and vice versa without deploying VM based DNS servers. Customers no longer need to provision IaaS based solutions on their Virtual Networks to resolve names registered on Azure Private DNS Zones and can do conditional forwarding of domains back to on-prem, multi-cloud and public DNS servers. • Lasv3 VMs in Switzerland North Storage-optimized VMs: using the local disk on the node attached directly to the VM rather than durable data disks, allowing greater IOPS and throughput for workloads. First AMD-based VMs in Swiss DCs. Azure Workloads Launched Since Last Bootcamp (2/2)
18. None

19. New Customer Stories YouTube Video 1 YouTube Video 2 YouTube

    Video 3 German English AGEFI Article in French Inside IT Article in German

20. Earlier Customer Stories • German • French • English •

    German • French • English

21. • German • French • English

22. Azure cloud security is best in class More than 650,000

    customers and 90 of the Fortune 100 trust Microsoft SCI solutions Microsoft employs +8,500 security experts and committed $20B in security investment over the next 5 years In 2020, 9 billion malware threats were blocked on endpoints by Microsoft 365 Defender Microsoft processes over 24 trillion signals every 24 hours

23. Cloud customers are increasingly looking for ways to trust as

    little as possible Full control over the data lifecycle Privacy Untrusted collaboration Regulations and compliance Customer trust

24. Data protection EXISTING ENCRYPTION Data at rest Encrypt inactive data

    when stored in blob storage, database, etc. Data in transit Encrypt data that is flowing between untrusted public or private networks

25. Azure Confidential Computing EXISTING ENCRYPTION Data at rest Encrypt inactive

    data when stored in blob storage, database, etc. Data in transit Encrypt data that is flowing between untrusted public or private networks CONFIDENTIAL COMPUTING Data in use Protect/encrypt data that is in use, while in RAM, and during computation Protect against privileged admins or insiders exploiting bugs in the Hypervisor/OS accessing data without customer consent In Azure, confidential computing means… A hardware root-of-trust, customer verifiable remote attestation, and memory encryption

26. Confidential Cloud Data is fully in the control of the

    customer at rest, in transit, or in use. The cloud platform provider is outside the trusted compute base. Code running in the cloud is protected and verified by the customer. Activity history is immutable and auditable.

27. Confidential Computing Market Hardware & software market Multi-party computing Financial,

    healthcare, life sciences and more Global market Confidential computing TAM US$ billion 2021 2024 2026 16-18 52-54 1.9-2.0

28. Data Clean Rooms powered by Azure Confidential Computing Azure Bootcamp

    May 2023

29. 29 Imagine all data silos get unlocked overnight. Every start-up

    founder, every data scientist, magically gets access to all data ever collected. What'd be the impact? Will this double world GDP in 5 years? 10? What if I told you we can already do this? Elad Verbin 29

30. 30 Unlocking all data silos raises legitimate privacy concerns PRIVACY

    VS UTILITY “Unlocking all data silos” High Utility, Low Privacy Today’s situation Low Utility, High Privacy PRIVACY UTILITY

31. 31 PRIVACY VS UTILITY Confidential Computing can improve this trade-off

    PRIVACY UTILITY CC-based Data Collaboration Good Utility, High Privacy

32. 32 32 32 Bill Gates (2019) on how to learn

    more from data while maintaining privacy “ What if we had a way to collect data but not reveal individual records? ” Cost Compliance Security Control SENSITIVE DATA COLLABORATION CHALLENGES 32

33. AGENDA DATA COLLABORATION CONFIDENTIAL COMPUTING DECENTRIQ & USE CASES 1

    2 3 33

34. AGENDA DATA COLLABORATION CONFIDENTIAL COMPUTING DECENTRIQ & USE CASES 1

    2 3 34

35. 35 DATA COLLABORATION INSURANCE BANK External party trusted with all

    data (or trust each other) Only contractual & organisational measures protect the data at the trusted external party As the external party has access to all data, there is risk for unintentional or intentional misuse Person-level customer data Person-level customer data Aggregated and anonymous customer insights Aggregated and anonymous customer insights INTRODUCTORY EXAMPLE – THE TRADITIONAL WAY

36. 36 DATA COLLABORATION New confidential computing technology makes it impossible

    for the third party to access data or modify the allowed processing operations Confidential computing enables technical verification of this fact, also for remote users This renders the risk of data leakage & misuse minimal Data Clean Room Azure Confidential Computing Data cannot be accessed, not even by admins INSURANCE BANK Person-level customer data Person-level customer data Aggregated and anonymous customer insights Aggregated and anonymous customer insights INTRODUCTORY EXAMPLE – WITH CONFIDENTIAL COMPUTING

37. 37 DATA COLLABORATION This collaboration model covers many use-cases: in

    medical research, in marketing etc. Personal data Personal data Aggregated statistics Data Owner B Data Owner A Data Clean Room Aggregated statistics Azure Confidential Computing Data cannot be accessed, not even by admins

38. 38 DECENTRIQ DATA CLEAN ROOMS Sensitive data Sensitive data Data

    owner Analyst PYTHON SQL Data owner R

39. 39 REQUIREMENTS FOR CONFIDENTIAL DATA PROCESSING Personal data Aggregated statistics

    Data Owner A Data Clean Room As Data Owner, I want…. 1. When the data is “in the box”, nobody should be able to access it (confidentiality) 2. Nobody should be able to modify the computations I approved to be run (integrity, purpose-limitation) 3. To be able to remotely verify that 1 & 2 hold such that I don’t need to trust the third party (verifiability) Personal data Data Owner B Aggregated statistics Azure Confidential Computing Data cannot be accessed, not even by admins

40. AGENDA DATA COLLABORATION CONFIDENTIAL COMPUTING DECENTRIQ & USE CASES 1

    2 3 40

41. 41 Confidential Computing is the protection of data in use

    by performing computation in a CPU-based Trusted Execution Environment (TEE) CONFIDENTIAL COMPUTING

42. 42 Trust perimeter Intel SGX Feature in Intel IceLake Server

    CPUs CONFIDENTIAL COMPUTING Confidential Computing is the protection of data in use by performing computation in a CPU-based Trusted Execution Environment (TEE)

43. 43 CONFIDENTIAL COMPUTING Can’t access / modify data Trust perimeter

    Hypervisor Intel SGX Operating System App Enclave Virtual Machine TEEs provide new security primitives Run-time Isolation • Encryption & isolation of process memory • Memory confidentiality and integrity Remote Attestation • Verify genuine TEE platforms and their healthiness • Authenticate remotely running enclave code Software Feature in Intel IceLake Server CPUs Confidential Computing is the protection of data in use by performing computation in a CPU-based Trusted Execution Environment (TEE)

44. 44 CONFIDENTIAL COMPUTING Can’t access / modify data Trust perimeter

    Hypervisor Intel SGX Operating System App Enclave Virtual Machine Security model: Hardware manufacturer is trusted There are VM-isolation versions too • AMD SEV/SNP, Intel TDX Azure Confidential Computing is the only cloud offering VMs allowing proper remote attestation Software Feature in Intel IceLake Server CPUs Confidential Computing is the protection of data in use by performing computation in a CPU-based Trusted Execution Environment (TEE)

45. 45 REQUIREMENTS FOR CONFIDENTIAL DATA PROCESSING As Data Owner, I

    want…. 1. When the data is “in the box”, nobody should be able to access it (confidentiality) 2. Nobody should be able to modify the computations I approved to be run (integrity, purpose-limitation) 3. To be able to remotely verify that 1 & 2 hold such that I don’t need to trust the third party (verifiability) Personal data Aggregated statistics Data Owner A Data Clean Room Personal data Data Owner B Aggregated statistics Azure Confidential Computing Data cannot be accessed, not even by admins

46. 46 Now data can be kept encrypted in memory also

    when computed impossible before confidential computing Data in use Data is encrypted when stored on hard disks standard for decades Data at rest Data is encrypted when transferred (HTTPS/TLS) Data in transit standard for decades CONFIDENTIALITY THROUGH ENCRYPTION OF DATA IN USE Data and code of the enclave process are encrypted and integrity checked when transferred from CPU to memory. Data only ever is decrypted in the CPU and the CPU is virtually impossible to attack. Computation Data Storage Data Results

47. 47 REQUIREMENTS FOR CONFIDENTIAL DATA PROCESSING 47 As Data Owner,

    I want…. 1. When the data is “in the box”, nobody should be able to access it (confidentiality) 2. Nobody should be able to modify the computations I approved to be run (integrity, purpose-limitation) 3. To be able to remotely verify that 1 & 2 hold such that I don’t need to trust the third party (verifiability) Personal data Aggregated statistics Data Owner A Data Clean Room Personal data Data Owner B Aggregated statistics Azure Confidential Computing Data cannot be accessed, not even by admins

48. 48 certificate authority Enclave measurement Acceptabe hardware configuration Data Clean

    Room definition DEFINE THE ALLOWED COMPUTATIONS AND PERMISSIONS

49. 49 DEFINE THE ALLOWED COMPUTATIONS AND PERMISSIONS certificate authority Enclave

    measurement Acceptabe hardware configuration Data Clean Room definition

50. 50 DECENTRIQ UI - TABLE DEFINITIONS & INPUT SCHEMA

51. 51 DECENTRIQ UI - COMPUTATIONS

52. 52 DECENTRIQ UI - USER PERMISSIONS

53. 53 REQUIREMENTS FOR CONFIDENTIAL DATA PROCESSING As Data Owner, I

    want…. 1. When the data is “in the box”, nobody should be able to access it (confidentiality) 2. Nobody should be able to modify the computations I approved to be run (integrity, purpose-limitation) 3. To be able to remotely verify that 1 & 2 hold such that I don’t need to trust the third party (verifiability) Personal data Aggregated statistics Data Owner A Data Clean Room Personal data Data Owner B Aggregated statistics Azure Confidential Computing Data cannot be accessed, not even by admins

54. 54 Step 1 – SGX program (enclave) launch 1. Its

    binary (compiled code) is hashed. This value is the measurement. 2. A random enclave key-pair is generated. 3. { measurement, enclave public key } is signed with a secret, CPU-specific key. Only SGX programs can get this signature. Intel can verify this signature. VERIFIABILITY THROUGH REMOTE ATTESTATION SGX program launch Measurement and enclave key pair generation Signature with CPU key Initialization User Intel SGX Trusted execution environment

55. 55 Step 1 – SGX program (enclave) launch 1. Its

    binary (compiled code) is hashed. This value is the measurement. 2. A random enclave key-pair is generated. 3. { measurement, enclave public key } is signed with a secret CPU-specific key. Only SGX programs can get this signature. Intel can verify this signature. Step 2 – Verification 1. Check signature with Intel to see if it is genuine and all security patches were applied 2. Check if the measurement corresponds to the expected value (code authenticity) 3. User shares own public key to establish secure communication 4. User checks data room definition (purpose limitation) & uploads data VERIFIABILITY THROUGH REMOTE ATTESTATION SGX program launch Measurement and enclave key pair generation Signature with CPU key Initialization Verification User key {measurement, enclave public key, signature} User Intel SGX Trusted execution environment

56. 56 RECAP – DATA COLLABORATION REQUIREMENTS As Data Owner, I

    want…. 1. When the data is “in the box”, nobody should be able to access it (confidentiality) 2. Nobody should be able to modify the computations I approved to be run (integrity, purpose-limitation) 3. To be able to remotely verify that 1 & 2 hold such that I don’t need to trust the third party (verifiability) Personal data Aggregated statistics Data Owner A Data Clean Room Personal data Data Owner B Aggregated statistics Azure Confidential Computing Data cannot be accessed, not even by admins

57. 57 RECAP – CONFIDENTIAL COMPUTING New confidential computing technology makes

    it impossible for the third party to access data or modify the allowed processing operations Confidential computing enables independent technical verification of this fact, also by remote users Personal data Aggregated statistics Data Owner A Data Clean Room Personal data Data Owner B Aggregated statistics Azure Confidential Computing Data cannot be accessed, not even by admins

58. AGENDA DATA COLLABORATION CONFIDENTIAL COMPUTING DECENTRIQ & USE CASES 1

    2 3 58

59. 59 59 Enabling secure sensitive data collaborations via Data Clean

    Rooms 59 | HOTTEST PRIVACY MARTECH SOLUTIONS | FOUNDING MEMBER Deployed on Azure Confidential Computing Trusted and neutral SaaS platform (Switzerland-as-a-Service) Confidential Computing means no one can see your data ORGANIZATION 1 ORGANIZATION 2 ORGANIZATION N

60. 60 Data Clean Room ORGANIZATION 2 Sensitive data ORGANIZATION N

    Sensitive data ORGANIZATION 1 Sensitive data DECENTRIQ DATA CLEAN ROOMS COLLA B OR A T E on sensitive & federated data P R OT ECT data confidentiality end-to-end ST R ICT LY CONT R OL how data is processed B E INNOV A T IV E Use-cases never possible before

61. 61 HOW DOES IT WORK? encrypted data Data Clean Room

    Configuration Compliant results DATA CLEAN ROOM DATA OWNER 1 DATA OWNER 2 DATA OWNER N DATA ANALYST encrypted data encrypted data DATA CONSUMER

62. 62 Confidential Computing Hardware Input Security Output Privacy User Experience

    Decentriq UI Exploratory sandbox Access Controls K-anonymity filter Decentriq API Synthetic data generator Differential Privacy* SQL Python R Docker* Intel SGX AMD SEV Intel TDX* NVIDIA GPU* PLATFORM COMPONENTS

63. 63 63 CASE STUDY Collaborate with an insurer to identify

    next best product with an ML model keeping customer data confidential Improve product prediction efficiency Predicted new attributes TRAINED PRODUCT ML MODEL customer data customer data BANK INSURER

64. 64 64 CASE STUDY Benchmarking against confidential data without a

    trusted 3rd party Extended scope to more sensitive data Data validation and governance INDIVIDUALIZED BENCHMARKS Queries & Reference data Confidential Sales data Healthcare Consulting PHARMA 2 PHARMA 1 PHARMA 20

65. 65 65 CASE STUDY Combine confidential phishing emails to improve

    cyber defence Compute benchmarks and run NLP models on phishing email text data Emails remain confidential SIX SWISS NATIONAL BANK P H I S H I N G D A T A ZKB P H I S H I N G D A T A P H I S H I N G D A T A

66. 66 66 CASE STUDY Optimize marketing campaigns without data sharing

    Target right audience across publishers without data sharing Unveil new audience insights Increased targeting reach based on lookalikes TOP AFFINITY SEGMENTS FOR ADV CAMPAIGN customer data customer data CAR RESELLER PUBLISHER 2 PUBLISHER 1 PUBLISHER 3

67. 68 INDIVIDUALIZED CARE FOR CVD PUBLIC PARTNERS Data Clean Room

    INDUSTRY PARTNERS OBJECTIVE Improve personalized care delivery by developing treatment recommendation models for cardiovascular disease (CVD) patients APPROACH Partners will validate models on the largest CVD patient data set (>1M patients). The ecosystem will be open to the wider clinical community in the future. DECENTRIQ Decentriq will be the main analysis platform of the collaboration

68. 69 Take-Aways Confidential Computing is a CPU-based technology enabling encryption-in-use

    and remote attestation Confidential Computing improves privacy-utility trade-offs in data collaborations The Decentriq Platform on Azure Confidential Computing makes this technology easy to use

69. 70 Thank You [email protected] www.decentriq.com P R I V A

    C Y B Y D E S I G N N E U T R A L G R O U N D – D A T A C L E A N R O O M S P O W E R E D B Y C O N F I D E N T I A L C O M P U T I N G
70. None