Announcements
Security
February 11, 2019 By Pratheek Karnati
Karna Bojjireddy
3 min read

Announcing IBM Cloud Data Shield beta

We announced IBM Cloud Data Shield experimental in November 2018. Since then, we have been hard at work helping our early adopters (Irene Energy and iExec) develop their Zero Trust platforms and building the next version of Data Shield. Today, we are excited to announce Data Shield beta!

Data Shield, powered by Fortanix, provides data-in-use protection for your container workloads running on the IBM Cloud Kubernetes Service. It leverages Intel® Software Guard Extensions (SGX) technology to run code and data in CPU-hardened “enclaves” or a Trusted Execution Environment (TEE). The enclave is a trusted area of memory where critical aspects of the application functionality are protected, helping keep code and data confidential and unmodified.

Data Shield provides DevOps tools that integrate with your existing build pipelines to convert your container images to shielded (Intel® SGX) counterparts with little to no code changes. It runs on the IBM Cloud Kubernetes Service to bring scalability and high availability to your sensitive workloads.

What’s new in Data Shield?

  • Container conversion tool in the UI enables you to quickly shield your application containers

  • Intel Attestation Report details in the UI

  • Integration with Identity and Access Management (IAM) service and Role Based Access Control (RBAC)

  • Integration with ingress on IBM Cloud Kubernetes Service gives you secure access to Data Shield UI and API

  • Newly redesigned Enclave Manager UI

  • Integration with IBM Logging Service

  • Enhanced deployment experience with Data Shield container image

You can now start your Data Shield journey with the IBM Cloud docs. The “Getting Started” tutorial presents you with steps to get an application protected with Data Shield. The documentation also gives you simple steps to install and manage your Data Shield instance.

You now also have an option to install Data Shield either through native Helm commands or the provided container to install Data Shield to your IBM Cloud Kubernetes Cluster.

Data Shield UI and APIs are now exposed through your IBM Cloud Kubernetes Service cluster’s ingress and TLS enabled. It is also integrated and secured through your IAM tokens.

Data Shield login page exposed through ingress

NOTE: Users with multiple IBM accounts, please make sure you are logged in with the right IBM account where you installed your Data Shield instance.

The new and redesigned Enclave Manager UI brings focus to the things that matter most and presents you with the controls to manage your shielded applications deployed on Data Shield.

Redesigned Data Shield Enclave Manager UI

The UI now enables you to add users with roles scoped to your instance of Data Shield—manager, reader, writer, or a combination of the three.

Role Based Access Controls

The Tools tab in the Enclave Manager UI helps you quickly convert your container images to shielded counterparts.

Data Shield UI conversion service

The UI now gives you a glimpse into your attestation report in addition to allowing you to download it as an x.501 certificate.

Intel Attestation Report

Finally, all your logs from Data Shield are seamlessly exported to IBM logging service. You can enable it in your cluster’s landing page.

Enable logging through IBM Cloud Kubernetes Service

All these new features will further enhance your overall user experience with Data Shield while bringing you our industry-leading runtime memory encryption technology.

Get started with Data Shield beta

To request a demo, get a Slack invite for the Data Shield workspace, or ask any questions, please email shield1@us.ibm.com.

Pratheek Karnati
Architect, Cloud Security Services
Karna Bojjireddy
None

More from Announcements
April 19, 2024

IBM Consulting augments expertise with AWS Competencies: A win-win for clients 

3 min read - In today's dynamic economic landscape, businesses demand continuous innovation and speed of execution. At IBM Consulting®, our unwavering focus on partnerships and shared commitment to delivering enterprise-level solutions to mutual clients have been core to our success.   We are thrilled to announce that IBM® has recently gained five competencies from Amazon Web Services (AWS) in vital domains including Cloud Operations, Internet of Things (IoT), Life Sciences, Mainframe Modernization, and Telecommunications. With these credentials, IBM further establishes its position as a…

April 18, 2024

Probable Root Cause: Accelerating incident remediation with causal AI 

5 min read - It has been proven time and time again that a business application’s outages are very costly. The estimated cost of an average downtime can run USD 50,000 to 500,000 per hour, and more as businesses are actively moving to digitization. The complexity of applications is growing as well, so Site Reliability Engineers (SREs) require hours—and sometimes days—to identify and resolve problems.   To alleviate this problem, we have introduced the new feature Probable Root Cause as part of Intelligent Incident…

April 11, 2024

Reflecting on IBM’s legacy of environmental innovation and leadership

4 min read - Upholding a legacy of more than 50 years of environmental responsibility through our company’s actions and commitments, IBM continues to be a leader in driving sustainability for our business, our communities and our clients—including a 34-year history of annual, public environmental reporting, which we continue today. As a hybrid cloud and artificial intelligence (AI) company, we believe that leveraging technology is key to unlocking impact, and it will play a substantial role in how society addresses, adapts to, and overcomes…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters