Customer Panel: Applying confidential computing with Intel SGX in regulated industries | DB401
Thanks for uh coming and attending this, uh my name is vikas bhatia. And i am the head of product for azure confidential, computing. Today we will be talking about applying confidential, computing. With intel sgx, in regulated, industries. So thank you for joining us. I have been in microsoft for 13 years, and i have done stints, all over the place, in windows developer, platform. In game streaming. Xbox, one the c plus plus compiler. But today. Let's talk about confidential, computing. Microsoft, spends, over a billion dollars per year on cyber security. And much of that goes into making azure the most trusted platform. From strict data center. Security. Ensuring. Data privacy. Encrypting, data at rest and in transit. Novel uses of machine learning for thread detection. And the use of stringent, operational, software development, lifecycle, controls. Azure represents, the cutting edge of cloud security and privacy. Azure configuration, computing, offers a collection, of features and services, that offers a protection that to date has been missing from the public clouds. Which is encryption, of data in use. This means that data can be processed in the cloud. With the assurance. That it is always. Under customer, control. Your control. Or not start here. Is to constantly, lessen the need for trust, in microsoft. Operationally. As well as your own operators. Your own customer, operators. And enable, those, end-to-end. Confidential, scenarios. Across, privacy, and sensitive, workloads. That we see so often, in regulated, industries. And also workloads. Such as multi-party, data sharing. We have been working very closely with intel, on sgx. Which stands for software card extensions. Which provides the strongest isolation, model that customers, can, use today. With that said. I would like to thank our panelists, who've joined us for this conversation. We have andrew, tawhart. From xprize. We have michael, chalov, from firebox. Fire blocks. Sarah drakely. From mobilecoin. And steve swetco. From novarad. Thank you so much for joining us today i'm glad i'm happy that this will be a great conversation. So with that uh let me introduce our first panelists. Sarah from mobilecoin. Sarah. Hi thanks because. I'm sarah drakely hall an engineering manager, at mobilecoin. We are building a cryptocurrency. To provide, fast, private payments, for everyone. Because it's been great working with you and the azure team, and i want to say thank you to microsoft, for having me and thank you to the audience at home for tuning in. Let's talk about mobilecoin, and the problems that we're solving. As a decentralized, payment system.
Mobilecoin, Payment processing, network consists of multiple nodes who are operated by a series of third-party, actors. These nodes all have to come to agreement, on whether a transaction. Is valid or not. Our payment processing, network is open membership. So anyone can join and offer mobile coin payments. With intel's sgx. We can be sure that none of these processing, nodes have been corrupted. Which, in the worst case if enough nodes were compromised. We could move all the money in the network, or allow someone to print money arbitrarily. To make our payment system resilient, against this type of failure. As well as secure, and private. We created, a layered defense. We use intel's, sgx, because it provides integrity. Via remote, attestation. A special cryptographic, handshake, which proves that the nodes that you're talking to, are running the exact, audited. Open source software, expected by the network. The next letter is the consensus, protocol that we developed, to enable the payment processors, to come to rapid agreement, on the validity, of transactions. The layer below that, is that the contents of the transactions, are encrypted, end to end, so that only the sender and receiver, know that a transaction, occurred, and all other user data is obscured. Blah. Sgx, provides a layer of confidentiality. So that transaction, validation, happens in encrypted, ram, and even if you have access to the machine itself. You can't see any information, about the transaction. Or the validation. Through remote confidential, compute. Like what microsoft, azure offers, we process payments at scale, while leveraging the integrity, and confidentiality. Of intel's sgx secure enclave. Until now, there hasn't been a fast private decentralized, payment system, that works on your mobile device. We're changing that. When you use a mobile messaging, system, you have the expectation, of privacy. When you use other payment systems, they're fast, but your data is being sold. When i worked in finance previously. We bought credit card data, your payment activity, is available, for purchase. At mobilecoin, we believe in user privacy, first. That users, should have control, over sharing their own data. In a private messaging, app for example in signal. Messaging, is fast and users feel secure because it's open source, it's end-to-end, encrypted. So users know that it's private. Even signal messenger, provably. Cannot see the contents, of user messages. Mobile coins the same way. We as well as the third-party network operators, see only cryptographic. Noise, instead of any user data. We're a pre-launch cryptocurrency. Currently running our test net, upon launch we will be one of the largest, consumer-facing. Sgx, services. Try our test net and review our open source software at our github, mobile coin official. Also check out our case study featured by microsoft, at the url on the slide. Thanks because. That's awesome, thank you sarah, these are the key innovations, that will move our entire industry, forward. That sounds super awesome. So with that let me introduce, uh michael from fireblocks. Michael. Thanks vikas, and, thank you, for having me on this panel and very exciting. So i'm michael schall i'm the ceo and co-founder, of fire blocks. And my background is actually in cyber security so spent the. Last 20 years in the cyber security space, through. Servicing the israeli cyber command. Started my previous company that was sold to, a checkpoint. Led the. The mobile security and cloud security for checkpoint, for about three years, and we started firebox, about two years ago. Our goal at, firebox. Is basically to provide. An enterprise, grade highly secure platform, for financial, institutions. That are dealing with, blockchain, technologies. Uh digital, assets, and cryptocurrencies. So, um, since we launched our, platform, about, a year ago when we came out of stealth mode, we had really an exponential. Growth, uh we currently have over 100. Institutional. Customers, that are using our platform. All the big brand names. In, in our space and in global. Finance. And. We've, transferred. Over, 100, billion dollars, worth of digital, assets through our platform. And currently, when and basically in the last couple of months or the last quarters, we basically were doubling this volume, quarter, over quarter and currently we are transferring, about 20 billion dollars per quarter, right. Sorry per month. Um. Our our customers, are actually. Uh. The the financial, institutions. That, we all familiar, with right so those are the the banks the big banks. Custodians. Brokers. Uh lending providers.
And Some specific. Technology. And the commercial, uh platform. Uh that. Offer services, in the, in the, cryptocurrency. Space. Now, clearly, with uh whom you're familiar, with uh. Uh digital assets and cryptocurrencies. It's sort of well known that about, that a huge amount of cryptocurrency. Was stolen over the last uh. Several years actually the number is uh. 15 billion. And. For us really the challenge, and, basically, the goal is to provide an infrastructure. That allows our customers, to securely, store, those assets. And transfer, those assets. Across the ecosystem. And you know really our customers, basically. Rely on us to provide, a highly secure. And very scalable, platform, that allows them to do it. So when we approach the technology, challenge of actually solving, really, probably one of the most. Difficult, problems, around blockchain. Uh we had to figure out how to combine, security, with speed security, with efficiency. And security. Regulation, and we'll talk about it a bit later. And. In terms of how we, find. A solution, for that we actually approach, it in a very, sort of defense, in depth, type of uh. Approach. Where we layered, multiple, technologies. One on top of the other so we're using multi-party, computation. To actually distribute, the private key, but every, uh. Every share of that private key is actually running in internet gx, and protected. Using the technology. Uh that we've, engineered. And, and. We've actually using, azure confidential, cloud computing. To host, the vast majority, of our infrastructure. But we also, able to distribute, across availability, zones and other cloud providers. As well for for redundancy. So, from our standpoint. Our ability, to rely on interest gx, and, the ability, to rely, on azure, confidential. Cloud computing, was really a key to our success, and to the skill that we were able to, achieve, in a very short period of time. That is awesome. Thanks for that michael this this is so exciting. I'm so happy to see the growth that you've just seen in such a short time so, and the way sjx is helping you so i'm, super excited to see, the journey that you've been on so far. With that i'd like to introduce, andrew. From express. Andrew. Thank you vicas, uh and thank you to microsoft, and intel for working with us, with us on this project uh so i'm andrew tower uh vp of partnerships, and strategic, initiatives, at x prize. In case you're not familiar express but different from probably, others that you see on here is we're a non-profit. Uh with over 25 years history, in incentivizing. Crowds. To solve, major world problems usually, along the lines of equity environment, and exploration. Through competition, large-scale, competitions, run typically run multiple years. And have, large incentives, to drive, innovation. But what brings me here today is really two initiatives, that kind of came together, um, one is our data collaborative, so a few years back we. Found, that uh there was an increased dependency. On data data sciences. Uh ai and ml, to be able to develop the solutions, that are associated with our prizes. And there's a huge amount of value that comes out of our prizes because very often they are in of themselves.
Activities Which generate, large value data. Um so we started that a couple years ago incidentally built on azure. Um, and we've been running that horizontally, across all of our programs, within, the xprize foundation. Um, then when the pandemic, hit um x prize thought about how could we respond to the pandemic, and one of our strengths, is convening, is solution development is competition, so, we partnered with anthem health and we launched the x prize pandemic alliance. Today that's 80 some odd uh. Corporates, ngos, nonprofits. Academia. Who all get around the table and innovate around new competitions. And challenges we can launch to, provide a more near-term. Solutions. Set of solutions to the pandemic. So in that process of course we offered up the data collaborative, as the means of which developing, a number of these solutions. And we started going around the table to the to the different folks, uh who were part of the pandemic, alliance many of whom are health care providers. Um, or sitting on high value data assets. To say, how can we, leverage the data that you're sitting on today. To be able to. Enable the solution development, our data collaborative, provides a number of uh ml sandboxes. Per each competitor. They can pull in data sets the the data collaborative has a number of diverse open data sets, but then of course the hope was let's bring in these these very. Close private high value data sets. Enable, solution developers, and domain experts to run inference, on a combination. Of the. Public data sets that are already there the private data sets that we acquired. Um and in enable new solutions these solutions could be, uh, mechanisms, of doing a new vaccine, discovery. Um, new ways to predict the spread of covid, and new ways to run mitigations, around the uh covet 19 and we have a number of these different challenges, and projects underway which if you go to xprize.org. You'll see them. We face then the next challenge, though which is, many of those data sets that those healthcare providers, in particular, are sitting on, are very locked away, um they're very hesitant, to open them up, for both technical, and, um. Policy, reasons. Um so we, the we then needed a way to assure, them, that there's a means, of. Providing, access, to the data with of course not.
Opening Up yourself to new vulnerabilities. Uh remote computation, being um. One of the key, elements we were looking for, happily, uh actually intel introduced, us to the folks uh the acc, folks at microsoft. Uh and highlighted, that if there was a means, of combining. The, essence, of what is the data collaborative, today which is an open environment, where, uh, where innovators, can use machine learning and data sciences, to develop solutions, on open data sets. With, the, ability, to pull in private data sets, uh, enabled, through acc. The assumption, is that we'll get the best of both worlds. We'll get these folks to unlock, the, data, that is currently not being used to deliver. To drive new solution development. Um will allow them to interact between that data set and the other data sets that are on our data collaborative. So today, um you know we've we've been uh working with microsoft, very closely, on combining, these two, sets of technologies. Uh we're uh you know we're pretty far down the path and eager to engage our our audience, and our, our set of competitors, around leveraging, this, and really providing. A still a seamless, way that solution development can occur, but uh doing it over, a very, private, secure, highly, uh highly valued data sets that today are not being used for solution development. That's excellent. This is one of those use cases that we see resonating, a ton. In confidential, computing. Where. Our customers, are trying to solve this problem of sharing data that data is so private, and sensitive. And, confidential, computing, is one of those technologies. That can help solve that problem and andrew it has been an absolute. Pleasure to work with you and your team, looking forward. Continued, success here thank you so much. With that uh i want to. Call out steve from novorad, hi steve. Hi. Yeah my name is dr, steve cevetko. From novorad, novorad, is a, leading provider, of, enterprise, healthcare, technologies. Uh, in in the world. And. Uh, personally, i've had 30 years of experience. In. Medical. Imaging. My current focus. Has been using. Artificial, intelligence. For, image enhancement. And feature recognition. And diagnostic. Purposes. Another focus of mine, uh, is also using augmented, reality. Uh with medical, images, uh aiding the surgeons. Uh. Showing the image of the patient images, right over the patient. And for that we use microsoft. Hololens. I'm really grateful for this opportunity, to. To sit on this panel and share my experience. Some of the, well really the main challenge we. We experience, is is security, when we, work with hospitals. And imaging, centers. We help. Them to manage, petabytes, of medical images. Along with the associated, diagnostic, findings. And that's very crucial data. There are some government, regulations, such as hipaa. But, as alluded, as was alluded to earlier the institutions, are very protective, of their data. And traditionally, most applications. Using that data ran on site. And a new, cloud. Computing, application, would require, extensive. Vetting by every, every customer. An example, of this one of those services, novorad. Offers, is, off-site, encrypted, data archiving. Which provides the highest level of data integrity, and security. Uh but every time we, we go to implement this at a new customer. Uh the questions are always different it can take up to a year. For, for that implementation, to occur. Because of the the secure. Security, vetting process. So this does present a serious trade-off between ease of use and quality of patient care. And, sharing of patient data, with security. And that, you know. That's been a problem that we're always facing, in this industry. Uh, the current, the slide there shows a current solution that we developed. It's called an overhead, coveted, 19. Ai, digital, assistant. What it does is it uses. Ai. To look at chest ct, scans. And. And looks for. Uh. For cove. You know visible, artifacts, that would, would show covet 19.. We we currently, have, released, this, to limited pilot, sites.
And Of course, uh. We are soon going to, to release this worldwide. Uh free for any medical institution, that wants to use it. It, runs in azure. Um. The. There's a small. Client service that runs on site. Takes the medical, images. From the, imaging. Scanner. Or the local hospital, pack system. And, anonymizes. Those images. Upload. Upload, those to the azure cloud. Where the ai processing, is done. Now, uh locally, on site it prints out a. Paper. Form, that has the patient, id the patient name. The study of the exam date. It also includes, includes a qr, code. That allows the patient to use, the or the doctor. To use a smart phone. And. And pull up the. Diagnostic, results. Since the diagnostics. Results, are, based off the, anonymized, data that's in azure cloud. That diagnostic, report doesn't have the patient name, but it has the same case number. Uh it gives the probability. Of. Of covid19. It. It also gives some, key images. Of the patient's lungs, and that way you can see the extent, of any. Lung damage. The accuracy, of this solution, is. Greater than 99, percent. And can detect. Very subtle cases. Of. Of covid. Where and it can take minutes you can get your results within five minutes. Where you know traditional, the, nasal swab test can take. Days or a week to get your results back and they can miss up to 40 percent of, patients with, covert. So we feel like this. Could. Revolutionize. Um. Covid management. Across the world of course not everyone gets ct scans. But, most people that are admitted to the hospital. For uh, for. You know for chess problems, would get a ct scan and then having this, uh freely, instantly available. We feel like is uh is is game changing. Thank you so much this is. This is awesome thank you so much for that uh, steve, uh this is such innovation, and such. So timely, given the world that we are living in uh, thank you for this we are we are super excited to see you, making progress here. Thanks thanks. So with that uh i'll switch to the panelists. Uh we have a bunch of uh questions that we would like our panelists.
Uh Let me start with uh sarah. Uh sarah, how can you help us, understand how is working with intel and azure supported, your solution, development. Yeah sure, so. When we set about the task of designing a cryptocurrency. For mobile instant messaging. We knew it needs to be fast, it needs to be secure, and it needs to be private. No other cryptocurrency. Or payment offering meets those three criteria, which is why we had to create mobilecoin. So we developed a suite of technology, that enables mobile cryptocurrency, payments, without users, ever having to sacrifice, their security. And hand over their keys to a third-party, service. The design of our mobile payments infrastructure, requires, multiple. Horizontally. Scalable, sgx, enclave services. And azure makes that possible. Allowing us to use infrastructure, tools like kubernetes, to seamlessly, provision, sgx, nodes on demand. Running sgx, at scale is difficult. As you know. In the beginning, we had to build everything from scratch, including, custom memory allocation, and bespoke, provisioning, software. At that point sure mobilecoin, could manually, run sgx, servers, but we also had a number of partners in the foundation. And third-party, node operators who were not as tech savvy. So we were really lucky to find microsoft, as a partner who was capable of running sgx, at scale. We'll soon be one of the largest consumer-facing. Sgx services. And we're thrilled to be capable of offering a payment system, with the performance, and privacy that users demand. Thanks sarah. So as you mentioned in your intro right like there are, you're dealing with really, sensitive, data, right around financial, instruments. So how is intelligex. And confidential, computing, on azure helping you meet, these, problems, that you would run into around regulations, and stuff. Yeah excellent question. And, privacy, and data protection, are two of the core values, of mobilecoin. And these are also, areas where we are seeing more and more regulation. We see measures, like the new privacy regulations, in the eu, such as gdpr. As well as the right to be forgotten. And, mobilecoin. Puts user privacy, first. And we want to put the control of data in the hands of the users, and so we're actually ahead of the curve on regulation. On many fonts. And so how do we, use sgx, technology, to be ahead of the curve on privacy regulation. We built the protocol, from the ground up, to ensure, privacy, at every layer, and sgx, is a core part of the technology, that enables this privacy. And it does it in multiple ways. First, sdx encrypted ram enhances, privacy by preventing the node operator, or anyone with direct access to the machine. From seeing the contents of the transactions. Or the process of validation. Sgx, also improves, the consensus, between the nodes who are working to agree on whether a transaction, is valid. With remote attestation, it's harder for bad actors to join the network. And it's impossible, for them to commit an invalid transaction. Enhanced consensus, means that transactions, can clear faster. Spx. Changes your assumptions, about remote computing. Typically your trusted computing base consists, only of the machines that you control. And cloud machines are considered untrusted. This means that you assume that any data that you send to the cloud could be vulnerable. Sgx, extends the trusted computing, base of a user's own devices, to the trusted, enclave that's running on the remote, machine.
For Payments on mobile devices, this means we can provide confidential, compute off of the device. Enhancing, performance. And keeping the processing burden, off of users mobile phones. The mobilecoin, protocol practices, defense in depth, and we carefully designed the system so that even in the event of an sgx, compromise. It doesn't threaten user privacy, or transaction, integrity. For more details about how we did this you can check out our tech talk titled ysgx. On youtube. Excellent thanks sarah. That was super awesome and i think one of the key things that you said in there was. Even the. Node operator. Your, own. People on staff, have no access to the data. That is flowing through your servers, as you normally would on a regular. You know regular. Uh node in the cloud so, this is awesome super awesome to see the, the the, innovations, that you're doing. So with that i'd like to call on uh michael. Uh from fireblocks. Uh michael can you help us understand. How your journey has been. With, azure, and intel and kind of making your. Uh solutions, shine on confidential, computing. Yeah sure so. I i guess, similar to the way that sarah described it i think that the interest jax was sort of uh, part of our solution, from the very. Early design, phases, and. I think that, as part of our technology, stack, not only that we focusing, on basically, the, the the privacy, or the private aspects of uh, making sure that the information, is not exposed, outside, but actually, one of the key elements, that are important for us is the ability to guarantee, execution. Right. So, to make sure that, we we cannot be exposed, to, either, insiders. Or hackers, that even were able to compromise, or to somehow break, break into the, actual workflow. To modify, the execution, of the. Of the of the program, and. That basically. Uh helped us to create i would say two, specific, technologies. The first one, was the ability, to secure, what we call security custody or to secure the private key management. And the second one was actually to create at the station around communication. And making sure that the transactions. Are, moving uh, end to end and essentially creating a secure, network. Um, and that's part of our, ip. Um so that would basically. Uh. Help us uh from a from an. Um. Internally. Sgx, standpoint, but i think the next step really was to working with uh, uh michael christopher the juror because. Um we really had to scale the solution right so i mentioned that our business is actually, scaling, fairly rapidly, on the on the basis of. Just our ecosystem, expanding. And we had to basically. Find, um. A really strong. Partner. That is also. Very, uh, that our customers, our customers are financial institutions, some of them are very big, institutions. Are comfortable, with, so. Microsoft, of course is a brand name in. In the in the financial, space, and a lot of our customers, they. Have a, very strong relationship with microsoft, and, they're very keen to basically. Deploy. And. Leverage. Azure confidential, cloud computing, as part of the, deployment, it's very natural for them. And. What, and and working with microsoft, we really were able to, uh. To leverage, that you know i think that over the last couple of months. We we were able to to funnel over 30 customers, that i think deployed. Workloads. With our solution. On there. On, the azure confidential.
Cloud Computing. And just, been you know an awesome experience. Excellent, thanks so much michael that. That sounds pretty awesome thank you. So with that let me. Call on, steve from novarad. And the same question to andrew, following that. Which is you. Had, existing. Solutions. Uh. That, would benefit from a higher level of security, as you mentioned. In your intro. So how do you see confidential, computing. Or intelligex. Help, in. You achieving your business goals. Uh. Thanks when uh, when we found out about the, intel sgx, and the, azure confidential, computing. Uh. I immediately, saw the. The usefulness, in in our development, as as i described, earlier. Uh. The ai, models we developed, for our kovid, 19, project. They represent, a huge investment. In. In. Technical, development. Uh patient data, and the expertise, of doctors, who've spent countless hours labeling and highlighting, covid, on. On these tens of thousands of images. Um. You know we'd like to keep that. You know that data that, those models, uh secure. But, more than that. Uh we had to go through kind of a this anonymization. Step, where we anonymized. And stripped a lot of the the protected, health information, from these images before uploading them to azure. You know we did that so that, in the case of covid19. We could deploy this. You know rapidly, everywhere, everywhere, without. Uh, concerns, from the medical, uh. Medical institutions, but. It's you know now we don't have that luxury with other products that we are currently developing. And. For us to be able to. To tell these customers, that their. Medical data. Is good when it when it leaves their institution, and is uploaded, it's encrypted. And, none of our employees. None of microsoft. Employees, have access to that data. Our processes. Don't have access to that data, just, the, you know that that. That signed code that is running. The sgx, environment. Um. Can use the and, we and we don't even have the limited data we'll have the full medical data, to make our inferencing. And our diagnosis. So it's. It's more data, that we can use. It's more secure. And there's really no drawbacks, to it yeah and, i feel like it would be it would it would be quicker to deploy and and an easier sell for our customers, and, and in the sen and then in turn it would make. Um the healthcare. Uh, experience, for for patients. It would speed it up, and. Give better diagnosis. And and better healthcare. Excellent. Thanks so much, that that's awesome steve this is this is great, hey andrew same question for you from for xprize. Uh. What are your thoughts on. Uh confidential, computing achieve that, higher level of security, for your workload. Yeah i mean in a nutshell, you know we've built the platform, for a collaboration, around data we built an ecosystem, with our pandemic, alliance where different providers including healthcare providers, could bring their data to the table but. Now that we have to take it to that next step and the next step is really unlocking, getting, getting those parties, confident, that they can unlock, that data, and allow a community, of of uh, competitors, who they don't know. Um build models, and run inference, on that data, and develop solutions around it it's no small hurdle it's as much a. Political, and a, uh uh organizational. Issue as it is technical but, our hope with uh with confidential, commuting is that uh, at least it check marks the uh the technical box our hope also with uh with further momentum, is that it builds that con confidence across the entire healthcare ecosystem. Excellent excellent thanks so much andrew this is great we are really, excited about our partnership, here. So with that i think i'd like to bring this to a close, uh, again i'd like to thank everyone. For taking the time to watch this. As you can see from the different use cases we outlined here. Uh conflicting, computing, is the, approach that you can take today. Just protect your data and use get that higher level of security, posture. Really, know. Who has access to your code what are you running when you're running it in the cloud. So with that i'd like to call it to a close but we have a few call to actions for you, we have an ignite session where we talk about the new developments.
For Protecting, your data. With azure commercial computing, i encourage you to check it out, i also encourage you to check out our website. Uh the two websites down there the one which has the azure cc, that is the, home page for conference, computing on the azure.com. Website. You can go there to get a link to our blogs, or documentations. Case studies, and so on, and similarly, i encourage you to check out, the intel.com. Trust sgx. Website where you can learn a lot more about how sgx. Can help you elevate. Your security, posture, and provide, better, more secure, solutions. For your products, and your customers. So with that i again want to thank, our panelists. This has been awesome. I am so excited with the amount of innovation. And, uh, progress that we've been, doing together. And i'd like to thank the. People who tuned in. Thanks everyone. Take. Care.
2020-10-02 16:44