Azure confidential computing with NVIDIA GPUs for trustworthy AI

22

Mar

Azure confidential computing with NVIDIA GPUs for trustworthy AI

Many industries such as healthcare, finance, transport, and retail are going through a major AI-led disruption. The exponential growth of datasets has resulted in growing scrutiny of how data is exposed—both from a consumer data privacy and compliance perspective. For example, the use of AI in healthcare has grown rapidly, with hospitals and pharmaceutical companies using AI to improve diagnostics and improve drug discovery and development. In transport, the interaction between humans and vehicles is being re-imagined thanks to AI-powered autonomous driving. However, broader democratization of AI is limited by concerns regarding sharing and use of personal data.1 For example, banks are often unable to collaborate on tasks such as fraud and money laundering detection due to concerns regarding security and privacy of transaction data.

Professor Bryan Williams, Director of Research at University College of London Hospitals acknowledges this challenge; “UCLH and the NHS want to be at the forefront of using AI to transform healthcare. A major obstacle to testing AI algorithms with various partners has been concerned about ensuring the privacy of patient data. Technological solutions that enable the secure sharing of data while protecting patient privacy are a potential game-changer to accelerate the evaluation and adoption of AI in health care.”

University College of London Hospitals logo

In this context, confidential computing becomes an important tool to help organizations meet their privacy and security needs. Confidential computing technology encrypts data in memory and only processes it once the cloud environment is verified, helping protect data from cloud operators, malicious admins, and privileged software such as the hypervisor. It helps keep data protected throughout its lifecycle—in addition to existing solutions of protecting data at rest and in transit, data is now protected while in use.

Microsoft partners with NVIDIA to bring confidential GPUs on Azure

Today, we are excited to announce the next chapter in this journey through a strategic partnership between NVIDIA and Microsoft that brings confidential computing to state-of-the-art NVIDIA GPUs. This partnership is based on a shared vision to empower individuals and organizations to share and collaborate to derive new insights from data without sacrificing security, privacy, or performance. With confidential computing support in Ampere A100 GPUs combined with hardware-protected VMs, enterprises will be able to use sensitive datasets to train and deploy more accurate models without compromising security or performance.

With confidential GPUs, data is encrypted when it is transferred between the CPU and GPU over the PCIe bus with keys that are securely exchanged between NVIDIA’s device driver and the GPU. The only place where data is decrypted is within a hardware-protected, isolated environment within the GPU package where it can be processed to generate models or inference results. Much like other Azure confidential computing solutions, confidential GPUs support cryptographic attestation based on a unique GPU identity provisioned by NVIDIA during manufacturing. Using remote attestation, organizations can independently verify that their data is only processed within genuine and correctly configured confidential GPUs.

Private preview sign up for Azure confidential GPUs

Over the past year, we worked closely with NVIDIA to bring confidential GPUs into the Azure confidential computing ecosystem. Today we are excited to invite you to sign up for the private preview of Azure confidential GPU VMs. In the private preview, confidential GPUs will bring together the security of trusted launch with secure boot and vTPM coupled with up to four NVIDIA Ampere A100 GPUs. With confidential GPUs, you can set up a secure environment in the Azure cloud and run your machine learning workloads utilizing your favorite machine learning frameworks, and remotely verify that your VM boots with trusted code, the NVIDIA device driver for confidential GPUs, and that your data remains encrypted as it is transferred to and from the GPUs.

Confidential computing across industries

We are already partnering with several organizations to accelerate their journey towards confidentiality through confidential GPUs.

Bosch sees confidential computing as a key instrument to help protect data and meet compliance requirements. Dr. Sven Trieflinger, Senior Research Project Manager at Bosch, mentions, “With ever-decreasing cost and performance overheads, confidential computing techniques will be widely adopted in cloud workloads. The new level of security they offer will be instrumental in addressing challenges in the areas of legal compliance, IP protection, and customer trust”.

BOSCH logo

The impact of confidential computing extends to financial services too, where the Royal Bank of Canada (RBC) is already leveraging Azure confidential computing solutions to innovate. Eddy Ortiz, VP of Solution Acceleration and Innovation at RBC, says, “The confidential computing capabilities available in Azure have enabled us to unlock new business capabilities and materially advance existing product offerings by leveraging data in ways that only a few years ago was impossible. We’ve been able to craft novel applications which satisfy and exceed the Bank's most stringent cybersecurity demands. Through these technological advancements we are well-positioned to continue to offer unique and highly personalized experiences to our clients.”

Royal Bank of Canada (RBC) logo

At Microsoft, we remain committed to the vision of a confidential cloud, a cloud where organizations can share data and derive insights while reducing the need for trust across various aspects of the cloud infrastructure. Along with our hardware partners including NVIDIA, we will continue to innovate and advance AI trustworthiness through confidential computing.

Learn more


References
1How to make AI trustworthy