IBM Cloud Brings the Most Open and Secure Public Cloud for Business
6 min read
By: Harish Grama
New data protection and security leadership, open source innovation, and more enterprise grade capabilities than ever before reinforce IBM Cloud as the best public cloud for business.
Until recently, the demand for enterprise cloud has been on migrating relatively simple applications and workloads to cloud infrastructure, using public cloud to test new technologies, and extending existing applications. And now? A growing need for agility and readily accessible data to quickly create new insights and customized features has shifted enterprise cloud focus from migrate and modernize to build and innovate. This crucial demand comes with the need for secure solutions—especially for regulated industries—surrounding compliance and security, difficulty managing across clouds and IT, and tangible delivery methods.
IBM Cloud delivers enterprise grade workload capabilities, market-leading data and app protection, and open source innovations that the world’s largest and most complex enterprises demand, including 47 of the Fortune 50.
We are proud to share that Aegean Airlines, BNP Paribas, Elaw Tecnologia SA, and Home Trust have chosen IBM’s public cloud to run their dynamic, demanding, secured mission-critical workloads and transform operations. See the news announcement here.
IBM Cloud has enhanced the public cloud portfolio with a wide array of new cloud security, data and app protection, open source innovation, and enterprise grade services to help enterprises, especially those in regulated industries, modernize and build new applications.
Security leadership, including data protection advancements
When it comes to moving sensitive and confidential data to the cloud, especially in regulated industries like financial services, insurance, and healthcare, security is of utmost importance because many of these enterprises must handle large quantities of highly sensitive personal data spread across numerous environments. To help meet these demands, IBM’s public cloud is extending its security offerings to protect data in-memory, in-flight, and at-rest. This includes the following:
- Expansion of “keep your own key” to VMware and Cloud Object Storage, based on the IBM Cloud Hyper Protect Crypto Service. This service is also extended to support application-level encryption support for developers to encrypt and decrypt using these same capabilities, as well as perform TLS/SSL offloading to the Cloud HSM. Only IBM offers this level of encryption, with IBM Cloud Hyper Protect Crypto Service being based on IBM Z cryptocards—the only commercially-available technology to have achieved a FIPS 140-2 Level 4 security certification.
- Beta of IBM Cloud Hyper Protect Virtual Servers, which provide a way to deploy a virtual server in a Secure Service Container to ensure confidentiality of data and code run within the virtual server. No external access to data is possible, including privileged users such as cloud administrators.
- Broader availability of IBM Cloud Hyper Protect Database-as-a-Service (DBaas). The service is now available in IBM’s availability zones in Sydney, Frankfurt, and Dallas (US South) so that clients in these regions can provision and manage highly secure databases for their most sensitive information.
- Extended protection for data in-use. IBM is making available support for securing containerized Java applications in secured enclaves on the IBM Cloud Kubernetes Service through IBM Cloud Data Shield. IBM is also announcing a technology preview for Data Shield on Red Hat OpenShift. Data Shield is designed to make it easier for developers to enable data-in-use protection without any code changes for their applications before deploying them in containers. This also means that organizations can maintain control over their in-memory data; not even IBM can see it.
- Extensions for IBM Security Advisor to automate corrective actions/remediations as well as custom integrations with open source tools. In addition, capabilities around automating the detection of security misconfigurations of platform resources are coming by the end of the year.
IBM Cloud has a long history of supporting open source innovation to help clients—including those in regulated industries—embrace cloud with the visibility into the code they’re deploying. We’re helping clients to build and run applications using native cloud services or deploy on managed Red Hat OpenShift on the IBM’s public cloud in the following ways:
- Templating with IBM Cloud Schematics that makes it faster than ever for developers to discover, organize, provision, and use the IBM Cloud Catalog so they can more easily create new innovative applications. IBM Cloud Schematics is an IBM-managed service that hosts templates in the cloud to create cloud resources, helping development teams codify their own templates in an “Infrastructure as Code” DevOps environment. In addition, developers can now choose predetermined configurations of an entire stack and automatically connect and synchronize multiple tools without having to manually configure each piece.
- The Managed Istio service delivers an open-source-based independent service mesh that allows enterprises to run a secured distributed microservice architecture for containers. This service provides simplified management, security, connectivity, and discoverability of services for developers that build on IBM Cloud Kubernetes Service. From controlling traffic flow to securing node-to-node traffic with encryption to providing end-to-end monitoring of these containers, this integration strengthens clients’ ability to deploy enterprise workloads using IBM's managed Kubernetes services.
- Tekton is a set of shared components for building continuous integration and continuous delivery (CI/CD) systems, managed by the open source Continuous Delivery Foundation (CDF). Use Tekton with IBM Cloud Kubernetes Service to expedite continuous delivery by providing industry specifications for pipelines, workflows, and other building blocks.
- With Razee, an open source project that was developed by IBM, you can automate and manage the deployment of Kubernetes resources across clusters, environments, and cloud providers, and visualize deployment information for your resources. This helps you to monitor the rollout process and find deployment issues more quickly and enables your Day2 management.
Enterprise grade capabilities
IBM’s public cloud offers clients a wide range of choice in how they migrate, provision, and configure critical workloads in the cloud, with broad support for Kubernetes, Knative, Istio, and Cloud Foundry. IBM’s public cloud is the enterprise grade destination for reliable and robust workloads, with the following capabilities:
- Increased network performance—up to 80Gbps—for IBM Cloud Virtual Servers on VPC, making IBM’s public cloud hyperscale ready. IBM’s public cloud clients can provision a virtual server based on an open source virtualized hypervisor in under a minute (1) — providing significantly higher levels of networking than otherwise available for VPC. This means they can access cloud services and scale their networks far more quickly than ever before, all within IBM VPC’s controlled environment. This provides more flexibility as clients look to access public cloud services for sensitive workloads.
- A large-scale expansion of its global footprint, IBM Cloud will open three new multizone regions (MZRs) in Toronto, Canada, Sao Paulo, Brazil, and Osaka, Japan by 2021, adding to the existing six MZRs. These regions are designed to increase disaster recovery capabilities within a geography and deliver a consistent set of IBM public cloud services, such as DevOps, analytics, and application development. These MZRs are designed to deliver SLAs of 99.99% uptime and bring IBM public cloud’s existing global network to a total of 60 cloud data centers and 18 availability zones across six multizone regions.
- We lowered our bare metal prices and included between 5TB and 20TB of bandwidth, depending on geography, to enable our customers to move bandwidth-intensive workloads at a reduced cost with the same power and flexibility. For customers who need extreme performance, pure bare metal servers with single tenant and offered without a hypervisor can eliminate the ‘noisy neighbor’ effect. Bare metal servers can be acquired in a preconfigured form or from among thousands for custom configurations for your exact specifications.
- We are on target to have SOC2 Type 2 and PCI certification for another key set of cloud platform services at the end of year to help support enterprise workloads on IBM’s public cloud. IBM has also developed an EBA Cloud Compliance Certificate (formerly EU-FSS Attachment) to help EU financial institution clients fully benefit from the value of the cloud while staying compliant with the European Banking Authority (EBA) Guidelines.
- Expected by the end of this year, IBM clients running AI, ML, and HPC environments that are looking to improve performance and productivity will be able to do so with IBM Cloud Virtual Servers for VPC on POWER—the same technology used to power the world's fastest, smartest supercomputers, Summit and Sierra—accessible via the IBM Cloud VPC infrastructure.
- IBM’s support of Red Hat OpenShift on IBM Power Systems reinforces our commitment to clients to provide a flexible, secure and open, hybrid multicloud platform for their workloads.
(1) Benchmark testing showed five minutes between ordering time and provisioning on previous generation IBM Cloud Virtual Servers compared to less than one minute, on average, (5x faster) between ordering time and provisioning for IBM Cloud Virtual Servers on VPC.
Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice and represent goals and objectives only.