Compute Services

Security From Chip to Cloud: Data-in-Use Protection Only on IBM Cloud

Share this post:

IBM Cloud offers an industry-first data-in-use protection solution for cloud-native applications

Cloud-native applications have been growing rapidly, escalating the development of innovative solutions that enable enterprise digital transformations. A recent Cloud Native Computing Foundation (CNCF) study indicates that the production usage of cloud-native applications has grown by an average of more than 200 percent in the last year. Among those applications, 73 percent use containers as a core technology in their journey to cloud.

Despite brisk growth, data security concerns continue to constrain cloud-native expansion. According to Ponemon Institute’s 2018 Cloud Data Security Study, the majority of respondents—71 percent—consider conventional security inadequate to protect sensitive data in cloud environments. And nearly half of all organizations surveyed say their organizations demand security measures such as encryption to safeguard cloud computing resources.

Founded on the principle that the cloud offers a unique opportunity to do security right, IBM Cloud now offers an industry-first data-in-use protection solution for cloud-native applications. These new capabilities are poised to allow a new set of data-centric applications to move to the cloud, enabling enterprises to adopt cloud with confidence.

Data-in-use protection for infrastructure

IBM introduced a security technology offering on IBM Cloud infrastructure that provides secure enclaves designed to protect data used in application runtimes. Using Intel Secure Guard Extensions (SGX) technology on cloud servers, application developers can enhance their application code to protect sensitive data within protected areas of execution, called enclaves. This offering paves the way for a proactive approach to cloud security and allows developers to build apps safely with highly agile tools that can bring them to market faster.

Data-in-use protection for containers integrated into IBM Cloud Kubernetes Service

To help developers building containerized applications, IBM recently announced the availability of secure enclave technologies to be used with the IBM Cloud Kubernetes Service. IBM is the first cloud provider to integrate this data-in-use protection technology into Kubernetes services, allowing developers to orchestrate their container apps that already exploit secure enclaves designed to be deployed in SGX servers on IBM Cloud.

Data-in-use protection for apps using IBM Cloud Data Shield

Security skills are hard to come by. It has long been a dream for some developers to be able to protect their applications with hardware-rooted security enclaves without the necessity to learn the nuances of hardware SDKs. Developers want security without having to make any code changes.

This is no longer a dream.

IBM introduces IBM Cloud Data Shield as an experimental capability. Using this offering, developers can build a Python or C/C++ app or one of many pre-canned cloud native technologies—like NGINX or MySQL—and containerize and shield with IBM Data Shield. Such a shielded app can be deployed on IBM Cloud Kubernetes Service, allowing protection of sensitive data in use without code changes!

Protect data-in-use as part of your holistic cloud data protection strategy. Try out these capabilities on IBM Cloud. We look forward to your feedback and to learning how you take your apps to the next level of security.


To request a demo, receive a Slack invite for Data Shield workspace, or ask any questions, please email

Distinguished Engineer, CTO & Director, Cloud Security

More Compute Services stories
April 18, 2019

Bring Your Own ALB: DNS with Health Checks and SSL Certificates (Beta)

If you've ever wanted to run a web server, an API gateway, an Ingress controller, a Kafka proxy, a service that has a binary protocol like an MQTT service or database, or essentially anything that runs on TCP (or UDP), you can now run it in IBM Cloud Kubernetes Service on a host name.

Continue reading

April 17, 2019

Container Orchestration Explained

In the past, we've talked about containerization technology and dove into Kubernetes as an orchestration platform, but we're going to take a step back to look at why container orchestration is necessary and the benefits it brings to both developers and operations teams.

Continue reading

April 9, 2019

Improve Your Application Insights Using Log Analysis with LogDNA

IBM Log Analysis with LogDNA has a solution for multi-tenant services running on IBM Cloud. Starting now, platform service logs from your IBM Cloud multi-tenant services will be appearing in your provisioned LogDNA instances.

Continue reading