Title:
Choosing an Azure Ledger Technology
URL: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/choosing-an-azure-ledger-technology/ba-p/2451024
Date Published
(MM/dd/YYYY): 06/17/2021
Overview:
At the annual Microsoft Build 2021 Developer Conference, we announced two
new products that are based on blockchain technology. Azure Confidential
Ledger, now in preview, offers a fully managed service for customers who
need to store sensitive data with high integrity and confidentiality. Azure SQL Database ledger,
also in preview, enables storage of sensitive relational data in a
tamper-evident way.
In this blog post, we’ll introduce you to both of these new products as well
as help you understand when it makes sense to use them individually, together,
and even with an existing blockchain system.
Azure
Confidential Ledger
Enterprises running sensitive workloads need a secure way to store their
logs and important metadata while collaborating with other parties.
The Confidential Consortium Framework (CCF) is a
Microsoft-created open framework for building confidential permissioned
blockchain services. By running a confidential blockchain network of nodes in secure enclaves, data remains append-only with immutability
guarantees and the data from the client goes straight to the ledger’s
enclaves.
Building on the CCF framework, Azure Confidential
Ledger (preview) provides the ability to store sensitive data records
with integrity and confidentiality guarantees, all in a highly available and
performant manner. Stored data remains immutable and tamper-proof in the
append-only ledger with the benefits of a fully managed solution that provides
infrastructure and operations so customers can get started quickly. The service
provides these assurances by harnessing the power of Confidential Computing‘s secure enclaves when setting up
the decentralized blockchain network. Microsoft’s access is limited to setting
up and managing the network, and this specialized design means that only the
customer has access to transaction data in the Confidential Ledger.
Asking yourself the following questions can help you decide if Azure
Confidential Ledger is right for you:
- Do you need to store unstructured data (i.e. files,
digests) that must remain intact for recordkeeping purposes? - Are you working with sensitive workflows where
confidentiality must be maintained? - Are you in need of a service that has high integrity
and security with a minimalistic trusted computing base? - Are you working with parties that need irrefutable
evidence that tampering did not occur to the stored data?
If you said yes to one or more of these, Azure Confidential Ledger is right
for you. Customers have been using Azure Confidential Ledger in various
ways. Novaworks,
an e-parliamentary software solution, is using Azure Confidential Ledger to
securely log votes in a tamper-proof ledger for a high-fidelity voting process.
Azure
SQL Database ledger
Azure SQL Database
ledger (preview) is a tamper-evident solution for your databases that
provides cryptographic proof of your database’s integrity. Using a
blockchain data structure implemented as system tables in your database, the
ledger feature ensures that any transaction which modifies relational data in
your database can be tracked, and any potential tampering detected and easily
remediated. Providing proof that your data has not been tampered with is
as simple as running a stored procedure that compares the calculated
cryptographic hashes in your database against a database digest, which is
published automatically in a secure location, such as Azure Confidential
Ledger.
Ledger is a feature of Azure SQL Database, meaning there is no additional
cost to add tamper-evidence capabilities. You don’t have to migrate data
from your existing SQL databases to add tamper-evidence capabilities and no
changes are needed to your applications as ledger is an extension of existing
SQL table functionality.
Asking yourself the following questions can help you decide if Azure SQL
Database ledger is right for you.
- Do you have business-critical data in Azure SQL
Database where you must ensure data integrity is intact? - Can 3rd parties who interact with your
data accept a “trust, but verify” model rather than each party having a
copy of the ledger? - Do you need to prove to auditors or regulators that
your data has not been tampered with? - Do you have a need for queryability and strong data
management capabilities, such as streaming data from a blockchain to an
off-chain store while maintaining integrity from on-chain to off-chain?
If you can answer “yes” to any of these questions, then Azure SQL Database
ledger is right for you. Customers like RTGS.global, who provide a
global liquidity network for banks, are already using this capability to
provide a ledger of transactions to regulators to prove that global banking
transactions have not been tampered. Read our blog to learn
more.
Putting
it all together
Trust is foundational in any business process that spans organizational
boundaries. Microsoft goes beyond traditional blockchains, using the
building blocks of this technology as the underpinning for the distributed
ledger of Azure Confidential Ledger and the consolidated data store of Azure
SQL Database ledger. These solutions empower our customers to apply the
power of blockchain to sensitive data, simplifying solution development,
reducing cost and providing a new level of digital trust to transactions.
Deciding which technology is best for your needs ultimately depends on the
level of trust between parties transacting with the data, and the type of data
being protected. In addition to the points mentioned above, consider the
following when deciding whether Azure SQL Database ledger or Azure Confidential
Ledger is right for you.
Learn
more
- Read the Azure Confidential Ledger announcement blog and documentation to learn more about how this new
service is empowering our customers and securing their work. - Read the Azure SQL Database ledger documentation and whitepaper to
learn more about how the ledger feature works and how to use it with your
Azure SQL Database.