Go Beyond Confidential Computing with IBM Cloud Hyper Protect Services

6 min read

Amidst the pandemic, businesses are undergoing a time of unprecedented change, where transformations that once took years are now being completed in a matter of weeks.

Companies — especially those in highly regulated industries — have long been the stewards of sensitive consumer and business data, but now more than ever, they find themselves needing cloud services that offer a greater level of protection.

A recent study shows that the average total cost of a data breach is $3.86 million. While many services are available today to encrypt data at rest and data in transit, a vulnerable area that businesses need to focus on is protection of data in use. Data in use is information that is being processed by a running application or being accessed by a user. Protection of data at rest is now common.

Confidential computing is designed to eliminate the data security vulnerabilities that exist when data is in use. It helps defend against cybercrimes by leveraging security capabilities designed into the chip. The processing of unencrypted data in secure enclaves offers another layer of defense against attacks.

Confidential computing capabilities are delivered at-speed and at-scale through IBM Cloud Hyper Protect Services. Unlike solutions that offer operational assurance (trust that your cloud admins will not access your data), Hyper Protect Services are designed to deliver technical assurance (technology enforced such that cloud admins cannot access data) and to give you complete authority over sensitive data, associated workloads and encryption keys in the public cloud. Learn more about confidential computing on IBM Cloud.

We are enhancing our capabilities and extending our ecosystem by integrating IBM Cloud Hyper Protect Services portfolio into more applications and cloud services, making it easier to apply these services to business workloads.

Privacy assurance for production workloads

Financial institutions around the world are dramatically accelerating digital transformation. In the financial services industry, over 36 billion customer records were exposed in Q3 of 2020. The IBM Cloud for Financial Services provides a way for banks and financial institutions to migrate workloads to the cloud platform, while addressing industry requirements for regulatory compliance, security and resiliency. Several global banks, including BNP Paribas and Bank of America, are a part of a growing ecosystem of financial institutions adopting the IBM Cloud for Financial Services.

Sophisticated encryption capabilities are an integral part of the IBM Cloud for Financial Services, offering confidential computing and Keep Your Own Key with IBM Cloud Hyper Protect Crypto Services. Building cloud native solutions requires a database that protects data in use when it is unencrypted and most vulnerable.

Today, we are pleased that we are strengthening the confidential computing options in the IBM Cloud for Financial Services with the addition of two database services — IBM Cloud Hyper Protect DBaaS for MongoDB and IBM Cloud Hyper Protect DBaaS for PostgreSQL. These highly available Hyper Protect Services deliver improved confidentiality of data through built-in workload isolation, restricted administrator access and tamper protection.  

Growing ecosystems need confidential computing to protect their most sensitive data on IBM Cloud

A growing ecosystem of more than 90 technology partners are building and deploying solutions that take advantage of higher levels of confidential computing, offered by Hyper Protect Services. Today, we are excited to share that both Temenos and Zafin offer cloud solutions that run on the IBM Cloud and are committed to onboarding to the IBM Cloud for Financial Services.

Temenos Transact is a comprehensive and widely used global digital core-banking solution.

“Temenos Transact running on the IBM public cloud further exploits the unique strengths of Red Hat OpenShift and Hyper Protect Services, specifically designed to enable higher levels of confidential computing for banking workloads running in production.” — Paul Carr, Head of Global Strategic Technology Alliances at Temenos

Zafin is a SaaS product and relationship pricing platform for the next generation of banking.

“IBM and Zafin partnered closely to deliver a security envelope, built on IBM’s confidential computing solutions, that enables financial institutions to safely deploy, scale, transform and benefit from Zafin’s platform and Hyper Protect Services on the IBM Cloud” — John Smith, Senior Vice President of Ecosystem at Zafin  

In addition, financial markets are rapidly adopting blockchain and digital asset technologies to introduce new products into the marketplace. Given the nature of digital assets, wherein a physical asset is represented as a digital token on a digital ledger or blockchain, the highest level of protection is needed when authenticating access to digital assets to ensure rightful ownership. R3’s enterprise blockchain platform, Corda Enterprise, is built to meet the needs of highly regulated industries. With the availability of an open beta program by R3 and IBM, our joint customers can use enterprise-grade digital assets with data privacy — an end-to-end solution they can deploy on IBM Cloud with Hyper Protect Services. Learn more about this open beta program.

The exponential growth in the market for digital assets in large financial institutions has created demand for secured solutions that can run in the public cloud. Metaco, a provider of security-critical infrastructure that helps large banks manage digital assets, plans to leverage the confidential computing capabilities of IBM Cloud Hyper Protect Services for their digital asset orchestration system for maximum security and scalability. Read more about the collaboration.

Protection of digital assets and other workloads containing sensitive data starts with the build process. Today, we are excited to announce Secure Build for IBM Cloud Hyper Protect Virtual Servers — delivering technical assurance that your environment has not been tampered with during the build process. With Secure Build, images are run through a series of security checks to verify that no abnormal or malicious changes have occurred; images published and deployed are verified as to their authenticity. Click here to learn more.

Promoting collaboration and innovation across platforms and businesses

Data in use is vulnerable when unencrypted. What if you could process data while it is encrypted? Until now, these data vulnerabilities have been the cost of doing business in the cloud and with third parties. An innovative technology — Fully Homomorphic Encryption (FHE) — can help achieve zero trust by unlocking the value of data on untrusted domains without needing to decrypt it. For example, banks can scale out credit card fraud inferencing algorithms into the public cloud during peak transaction periods without potential loss of IP; both the model and the values sent to the public cloud remain fully encrypted at all times. An example of this use case is bundled and can be found here.

While FHE enables new areas for collaborating securely within and across organizations, it is not a panacea. FHE provides data confidentiality by design, but to deliver integrity of data and enable a secured runtime, additional security layers are required. Today, we are making this technology readily available with the open source FHE Toolkit running inside IBM Cloud Hyper Protect Virtual Servers for those who want to experiment with fully encrypted workloads in a trusted public cloud context. Together, Hyper Protect Virtual Servers and FHE can offer an unrivaled security experience. To get started with the FHE toolkit with IBM Cloud Hyper Protect Virtual Servers, visit our GitHub page. For more reading material and next steps for FHE technology, please visit the content solutions page.

Building your confidential computing solutions for digital assets or hybrid cloud use has never been easier. Today, we are introducing the next generation of IBM Cloud Hyper Protect Virtual Servers — offering choice in the degree of protection and dramatically simplifying provisioning and management. By integrating IBM Cloud Hyper Protect Virtual Servers into Virtual Private Cloud (VPC), customers can provision faster and experience high-speed network performance.

In addition, the full portfolio of Hyper Protect Services will be rolling out also to new geographies, specifically London and Tokyo planned for 2Q, with additional cloud Multi-Zone Regions intended to follow later this year.*

Get started with IBM Cloud Hyper Protect Crypto Services

IBM Cloud Hyper Protect Crypto Services go beyond confidential computing and are designed to offer technical assurance that all data across the entire compute lifecycle is protected. With IBM Cloud Hyper Protect Services as part of your solution, you can run your mission-critical workloads and secure your sensitive data with peace of mind.

Learn more at the IBM Think 2021 Digital Event Experience

Register today for free and join us at the IBM Think 2021 Digital Event Experience to learn more. Please access our sessions during THINK on May 11th and May 12th.

  • Session 2305: Confidential Computing Trends and Directions
    • Speakers: Hillery Hunter (IBM), Alessio Quaglini (Hex Trust), Francois de Chezelle (Talium)
  • Session 1955: Go Beyond Confidential Computing- Protect Your Sensitive data in the Cloud
    • Speakers: Nataraj Nagaratnam (IBM), Rohit Badlaney (IBM), Paul Carr (Temenos), Isaac Fain (Ledgermatic)
  • Session 1952: Cloud Security for Digital Enterprise
    • Speakers: Nataraj Nagaratnam (IBM), Sridhar Muppidi (IBM), Seamus Donoghue (Metaco)
  • Session 1706: Is Your CFO Afraid of Bitcoin? Crypto and Corporate Treasury Management
    • Speakers: Peter DeMeo (IBM), Alessio Quaglini (Hex Trust), Alisa DiCaprio (R3)

*IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.  Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

Be the first to hear about news, product updates, and innovation from IBM Cloud