Compute Services

Security From Chip to Cloud: Data-in-Use Protection Only on IBM Cloud

Share this post:

IBM Cloud offers an industry-first data-in-use protection solution for cloud-native applications

Cloud-native applications have been growing rapidly, escalating the development of innovative solutions that enable enterprise digital transformations. A recent Cloud Native Computing Foundation (CNCF) study indicates that the production usage of cloud-native applications has grown by an average of more than 200 percent in the last year. Among those applications, 73 percent use containers as a core technology in their journey to cloud.

Despite brisk growth, data security concerns continue to constrain cloud-native expansion. According to Ponemon Institute’s 2018 Cloud Data Security Study, the majority of respondents—71 percent—consider conventional security inadequate to protect sensitive data in cloud environments. And nearly half of all organizations surveyed say their organizations demand security measures such as encryption to safeguard cloud computing resources.

Founded on the principle that the cloud offers a unique opportunity to do security right, IBM Cloud now offers an industry-first data-in-use protection solution for cloud-native applications. These new capabilities are poised to allow a new set of data-centric applications to move to the cloud, enabling enterprises to adopt cloud with confidence.

Data-in-use protection for infrastructure

IBM introduced a security technology offering on IBM Cloud infrastructure that provides secure enclaves designed to protect data used in application runtimes. Using Intel Secure Guard Extensions (SGX) technology on cloud servers, application developers can enhance their application code to protect sensitive data within protected areas of execution, called enclaves. This offering paves the way for a proactive approach to cloud security and allows developers to build apps safely with highly agile tools that can bring them to market faster.

Data-in-use protection for containers integrated into IBM Cloud Kubernetes Service

To help developers building containerized applications, IBM recently announced the availability of secure enclave technologies to be used with the IBM Cloud Kubernetes Service. IBM is the first cloud provider to integrate this data-in-use protection technology into Kubernetes services, allowing developers to orchestrate their container apps that already exploit secure enclaves designed to be deployed in SGX servers on IBM Cloud.

Data-in-use protection for apps using IBM Cloud Data Shield

Security skills are hard to come by. It has long been a dream for some developers to be able to protect their applications with hardware-rooted security enclaves without the necessity to learn the nuances of hardware SDKs. Developers want security without having to make any code changes.

This is no longer a dream.

IBM introduces IBM Cloud Data Shield as an experimental capability. Using this offering, developers can build a Python or C/C++ app or one of many pre-canned cloud native technologies—like NGINX or MySQL—and containerize and shield with IBM Data Shield. Such a shielded app can be deployed on IBM Cloud Kubernetes Service, allowing protection of sensitive data in use without code changes!

Protect data-in-use as part of your holistic cloud data protection strategy. Try out these capabilities on IBM Cloud. We look forward to your feedback and to learning how you take your apps to the next level of security.

Contact

To request a demo, receive a Slack invite for Data Shield workspace, or ask any questions, please email shield1@us.ibm.com

Distinguished Engineer, CTO & Director, Cloud Security

More Compute Services stories
November 12, 2018

Configure Calicoctl for IBM Cloud Kubernetes Service

In the IBM Cloud Kubernetes Service, the Calico configuration file can now be generated automatically with just a single command. For clusters 1.10 and above, you can use the new flag to download your cluster config.

Continue reading

November 12, 2018

Application Modernization is Inevitable

Business pressures demand faster rollout and quality applications, but your existing estate will determine your modernization strategy. Watch the webinar: "Accelerate digital transformation by modernizing apps for the cloud."

Continue reading

November 8, 2018

On-Demand ALB Update Feature on IBM Cloud Kubernetes Service

Effective immediately, IBM Cloud Kubernetes Service customers can gain control over when the IBM Cloud Kubernetes Service ALB pods are updated in their clusters. The default setting for each newly created cluster remains—the Ingress controller will get updated automatically by IBM Cloud Kubernetes Service whenever a new version is available.

Continue reading