Announcing the next generation of IBM Hyper Protect Virtual Servers in IBM’s Confidential Computing solution portfolio – IBM Hyper Protect Virtual Servers for Virtual Private Cloud (VPC).
This new version takes advantage of Secure Execution technology to further enhance the protective boundary that Hyper Protect offers and lays the groundwork for a Kubernetes-based future.
Gartner estimates that by 2027, more than 90% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 40% in 2021. 
Companies are containerizing their applications in a large-scale effort to modernize and move to cloud, but security is still a top concern. Hackers are exploiting the vulnerabilities of exposed containers by injecting malicious code and escalating privileged access.
IBM Hyper Protect Virtual Servers for VPC is designed to protect cloud-native applications with open container initiative (OCI) deployments that utilize confidential computing. Unique to the market, IBM offers a solution with Secure Execution for Linux.
This new product in the Hyper Protect family is the next generation of Hyper Protect Virtual Servers and a stepping stone to a Kubernetes-based offering. The protection boundary moves from the logical partition level (which includes the operating system and application) to complete isolation of the application from the operating system. Customers’ code and data are exclusively controlled by their admins — no exceptions.
Hyper Protect Virtual Servers for VPC is developer-friendly and designed to use industry-standard open-container initiative (OCI) images with a standard user interface to provision, manage, maintain and monitor in the Virtual Private Cloud (VPC) Infrastructure of IBM Cloud. By leveraging VPC, this next generation of Hyper Protect Virtual Servers gains additional network security, as well.
Hyper Protect Virtual Servers for VPC is available in Sao Paolo and Toronto Multi-Zone Regions (MZRs) to start, with London, Washington D.C. and Tokyo to come throughout July and August 2022
- Secure execution: Enjoy technical assurance that unauthorized users — including IBM Cloud admins — do not have access to the application. Workloads are locked down by individual, instance-level secure boundaries
- Multi-party contract and attestation of deployment: Apply Zero Trust principles from workload development through deployment. As multiple personas and legal entities collaborate, it is essential to separate duty and access. Hyper Protect Virtual Servers for VPC is based on an encrypted contract concept, which enables each persona to provide their contribution, while being ensured through encryption that none of the other personas can access this data or IP. The deployment can be validated by an auditor persona through an attestation record, which is signed and encrypted to ensure only the auditor has this level of insight.
- Malware protections: Utilize Secure Build to set up a verification process to ensure that only authorized code is running in an application. Hyper Protect Virtual Servers for VPC only deploys container versions, which are validated at deployment.
- Bring your own OCI image: Use any open-container initiative (OCI) image and gain the benefits of a confidential computing solution for additional levels of protection
- Flexible deployments: Choose from a variety of profile sizes and grow as needed to protect containerized applications and pay-as-you-go on an hourly basis.
Using Hyper Protect Virtual Servers for VPC will help customers with a variety of strategic projects where security is the underlying concern:
- Superior security for containerized workloads: Whether you are building a cloud-native application or on an application modernization journey, you can now do both with peace of mind by leveraging IBM’s Secure Execution for Linux technology. Containerizing applications within a confidential computing environment ensures that your applications are protected (even the IBM Cloud admin doesn’t have access), and workloads are isolated by a secure boundary to prevent privileged user escalation.
- Digital assets: IBM Digital Asset Infrastructure provides the building blocks to create and enhance end-to-end solutions for storing and transferring large quantities of digital assets in highly secure wallets. Customers’ applications are secured in a Trusted Execution Environment – a hardware-based, Common Criteria-certified isolation designed to thwart compromised insider attacks. By leveraging features like Secure Build and the Encrypted Multi-Party contract, code is validated before it is deployed to reduce the risk of malicious code insertion using a code manifest accessible only to the custodian's designated security apparatus. Policy workflows are transformed into immutable binary executables that effectively make these policies tamperproof from unauthorized rule manipulation.
- Secure machine learning: Often, the most valuable data is also the most sensitive data, making it risky to provide too many people with access. Now, you can run your machine learning or artificial intelligence models with sensitive data in a locked-down environment that protects against unauthorized access, the IP of the model as well as the privacy of the data being processed.
Get started today
Try out this new service for free by requesting a promotion code from your local IBM Sales Team. For more information on this product, please visit this page.
 CTOs’ Guide to Containers and Kubernetes —Answering the Top 10 FAQs; Published 31 May 2022 - ID G00763328 - 17 min read; By Analyst(s): Arun Chandrasekaran, Wataru Katsurashima