Security From Chip to Cloud: Data-in-Use Protection Only on IBM Cloud

5 min read

IBM Cloud offers an industry-first data-in-use protection solution for cloud-native applications

Cloud-native applications have been growing rapidly, escalating the development of innovative solutions that enable enterprise digital transformations. A recent Cloud Native Computing Foundation (CNCF) studyindicates that the production usage of cloud-native applications has grown by an average of more than 200 percent in the last year. Among those applications, 73 percent use containers as a core technology in their journey to cloud.

Despite brisk growth, data security concerns continue to constrain cloud-native expansion. According to Ponemon Institute’s 2018 Cloud Data Security Study, the majority of respondents—71 percent—consider conventional security inadequate to protect sensitive data in cloud environments. And nearly half of all organizations surveyed say their organizations demand security measures such as encryption to safeguard cloud computing resources.

Founded on the principle that the cloud offers a unique opportunity to do security right, IBM Cloud now offers an industry-first data-in-use protection solution for cloud-native applications. These new capabilities are poised to allow a new set of data-centric applications to move to the cloud, enabling enterprises to adopt cloud with confidence.

Data-in-use protection for infrastructure

IBM introduced a security technology offering on IBM Cloud infrastructure that provides secure enclaves designed to protect data used in application runtimes. Using Intel Secure Guard Extensions (SGX) technology on cloud servers, application developers can enhance their application code to protect sensitive data within protected areas of execution, called enclaves. This offering paves the way for a proactive approach to cloud security and allows developers to build apps safely with highly agile tools that can bring them to market faster.

Data-in-use protection for containers integrated into IBM Cloud Kubernetes Service

To help developers building containerized applications, IBM recently announced the availability of secure enclave technologies to be used with the IBM Cloud Kubernetes Service. IBM is the first cloud provider to integrate this data-in-use protection technology into Kubernetes services, allowing developers to orchestrate their container apps that already exploit secure enclaves designed to be deployed in SGX servers on IBM Cloud.

Data-in-use protection for apps using IBM Cloud Data Shield

Security skills are hard to come by. It has long been a dream for some developers to be able to protect their applications with hardware-rooted security enclaves without the necessity to learn the nuances of hardware SDKs. Developers want security without having to make any code changes.

This is no longer a dream.

IBM introduces IBM Cloud Data Shield as an experimental capability. Using this offering, developers can build a Python or C/C++ app or one of many pre-canned cloud native technologies—like NGINX or MySQL—and containerize and shield with IBM Data Shield. Such a shielded app can be deployed on IBM Cloud Kubernetes Service, allowing protection of sensitive data in use without code changes!

Protect data-in-use as part of your holistic cloud data protection strategy. Try out these capabilities on IBM Cloud. We look forward to your feedback and to learning how you take your apps to the next level of security.


To request a demo, receive a Slack invite for Data Shield workspace, or ask any questions, please email

Be the first to hear about news, product updates, and innovation from IBM Cloud