Cloud
Security
October 11, 2021 By Hillery Hunter 4 min read

Preventing data breaches in the cloud.

The CIOs and chief security officers (CSOs) I speak with are very concerned about where their next data breach will come from. This is across industries — pharmaceuticals, healthcare, banking, etc. Business leaders understand there are cybersecurity threats they need to plan for, especially during this pandemic, when they’ve had to change their business models so quickly.

These leaders know what they want to avoid: costly data breaches. According to a recent study by IBM and the Ponemon Institute, today’s average cost of a data breach in the U.S. is $8.64 million USD, and it takes 280 days to identify and contain the average breach. Time is money when sensitive data is on the line.

These conversations often lead to confidential computing, what it is and if it can help them avoid a data breach.

What is confidential computing all about?

“Confidential computing” sounds like it’s shrouded in secrecy, but in essence, we’re talking about secure enclave technology to protect your data-in-use. Your data can be at-rest or in-transit and be protected using encryption. Even if the data is intercepted by a hacker, it is meaningless so long as it can’t be deciphered. But this isn’t the case when your data is in-use. Before it can be processed by an application, data must be decrypted. To put it simply: to use data, you must see data. This leaves the data unencrypted in the memory of whatever device it’s stored on and potentially exposed to malicious actors.

Confidential computing is like doing all your data processing in a locked room or bank vault. With IBM Cloud® confidential computing capabilities, sensitive data is isolated in a protected enclave during processing. The contents of this enclave — the data being processed and the techniques used to process it — are only accessible to authorized code, invisible to anything or anyone else, including the operating system and cloud provider. This means that your data is yours and yours alone. Even your cloud provider — IBM, in this case — cannot access it.

If there is a breach, recovery can be complicated by the added risk to your intellectual property and damage to your brand’s reputation. But the hardest thing to recover is your customers’ trust. As the operations and management of data get more and more spread out — with much of it floating at the edge thanks to mobile devices, smartphones, smartwatches, remote consultations with your physician and digital banking, to name a few — avoiding data breaches will only get more complicated.

Addressing the requirements of regulated industries

Back to 2018, we were the first cloud provider in the industry to offer services based on confidential computing. And we still believe that confidential computing is an answer to assuring data privacy in the cloud because with confidential computing, your company’s data remains your data. When confidential computing protocols are in place, a cloud provider simply cannot provide access to third parties, even if compelled to do so by external factors.

We’ve had conversations with leaders across regulated industries, all of whom want us to contextualize confidential computing to their specific industries, especially those who are particularly concerned about cybersecurity. For example:

  • We’ve co-designed IBM Cloud for Financial Services™ with banking partners so they can quickly move to cloud, address financial services’ concerns for security and compliance and adhere to all regulatory requirements.  
  • For the federal government, we just announced the IBM Center for Government Cybersecurity, a collaborative environment to help federal agencies plan not only for addressing current cybersecurity, but also to plan well out into the future.
  • The Decentralized Finance (DeFi) economy is using confidential computing to protect data with complete authority and achieve privacy assurance for their data and workloads. This enables the Decentralized Information Asset (DIA) platform to ensure that no third party can view or manipulate data and protects platform users from malicious internal or external attacks.
  • For healthcare, we offer Hyper Protect iOS SDK for Apple CareKit, powered by IBM Cloud Hyper Protect Services, which helps ensure data is always encrypted. CareKit is an open-source framework for developing apps that help users better understand and manage their health by creating dynamic care plans, tracking symptoms, connecting to care teams and more.

Key to your security effort is that it is planned. Plan how to stay ahead of the hackers. We’ve worked with companies like Daimler to protect their post-sale consumer information and with Apple to enable people to quickly create secure and data-protected applications for the healthcare space. We’ve been able to plan with industries in different sectors and different parts of the world on how to address moving to the cloud with confidence, which includes protecting data in-motion, at-rest and in-use.  

A job well done

With this planning, the CIO, CTO, CSO, IT — everyone — can look to their Board or customers and say, “We’ve implemented the most secure possible data protection technology, even as we’ve worked to digitally transform our organization.”

Currently, businesses may avoid sharing proprietary data with other organizations for fear of that data being exposed. Confidential computing gives organizations the confidence to share such data sets, algorithms and proprietary applications for the purposes of collaboration and research in the cloud — all while preserving confidentiality. Data protection, trust and security are at the heart of IBM’s hybrid cloud strategy. Clients in the financial services, telco, consumer healthcare and automotive industries are using advanced data protection capabilities from IBM to help safeguard their data. They know that the capabilities of confidential computing are critical now and for the future.

Next steps

For more background on data breaches and their prevention, download the report from IBM Cloud and IBM Security, Cost of a Data Breach: A view from the cloud 2021.

Protect your data at-rest, in-transit and in-use with a higher level of privacy assurance. Explore confidential computing on IBM Cloud.

Hillery Hunter
GM & CTO IBM Cloud, IBM Fellow

More from Cloud
November 29, 2023

Sensors, signals and synergy: Enhancing Downer’s data exploration with IBM

3 min read - In the realm of urban transportation, precision is pivotal. Downer, a leading provider of integrated services in Australia and New Zealand, considers itself a guardian of the elaborate transportation matrix, and it continually seeks to enhance its operational efficiency. With over 200 trains and a multitude of sensors, Downer has accumulated a vast amount of data. While Downer regularly uncovers actionable insights from their data, their partnership with IBM® Client Engineering aimed to explore the additional potential of this vast dataset,…

November 29, 2023

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

10 min read - Financial Services clients are increasingly looking to modernize their applications. This includes modernization of code development and maintenance (helping with scarce skills and allowing innovation and new technologies required by end users) as well as improvement of deployment and operations, using agile techniques and DevSecOps. As part of their modernization journey, clients want to have flexibility to determine what is the best “fit for purpose” deployment location for their applications. This may be in any of the environments that Hybrid…

November 21, 2023

Level up your Kafka applications with schemas

4 min read - Apache Kafka is a well-known open-source event store and stream processing platform and has grown to become the de facto standard for data streaming. In this article, developer Michael Burgess provides an insight into the concept of schemas and schema management as a way to add value to your event-driven applications on the fully managed Kafka service, IBM Event Streams on IBM Cloud®. What is a schema? A schema describes the structure of data. For example: A simple Java class…

November 20, 2023

SSD vs. NVMe: What’s the difference?

7 min read - Recent technological advancements in data storage have prompted businesses and consumers to move away from traditional hard disk drives (HDDs) towards faster, lower-latency solid-state drive (SSD) technology. In this post, we’re going to look at this new technology, as well as the fastest and most popular protocol available to connect it to a computer’s motherboard—non-volatile memory express (NVMe). While the terms SSD and NVMe are often used to describe two different types of drives, they are actually different data storage…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters