Trust Your Cloud: Data Protection and Geo-Fencing with IBM Cloud Secure Virtualization

5 min read

Control your data and your cloud

Data protection is top-of-mind for organizations in highly regulated industries—particularly financial services, healthcare, and public sector—where factors including compliance, regulations, protection of sensitive information, and control of intellectual property may inform secure hybrid and multicloud strategies.

Automate compliance controls and data security

IBM Cloud Secure Virtualization leverages technology from IBM, Intel, and HyTrust to simplify compliance demands and provide workload security down to the microchip level. The solution enables a trusted cloud infrastructure that helps address in-house security needs as well as compliance requirements for mission-critical business operations.

The trust attested by the combined solution from IBM, Intel, and HyTrust enables powerful leading concepts and use cases: trusted compute pools, hardware-based policy tags, data location, boundary control, geo-fencing, and policy-based decryption.

This robust solution stack allows administrators to set, apply, and enforce consistent, trust-based policies even at the virtual workload level. Trust attestation gives IT visibility of physical servers across any virtualized infrastructure so that IT can make sure that only authorized servers in authorized locations handle sensitive workloads.

IT and business leaders can now take full advantage of the benefits of cloud computing while maintaining the strongest levels of data protection, visibility, and auditing necessary to protect the business.

Adopt the standard: IBM Cloud Secure Virtualization in the NIST “Trusted Cloud” architecture

IBM joined a team of collaborating vendors in signing a Cooperative Research and Development Agreement (CRADA) with NIST to participate in the “Trusted Cloud: VMware Hybrid Cloud IaaS Environments” project:

“The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to address security and privacy challenges for the use of shared cloud services in hybrid cloud architectures, and has launched this project. This project is using commercially available technologies to develop a cybersecurity reference design that can be implemented to increase security and privacy for cloud workloads on hybrid cloud platforms.

This project will demonstrate how the implementation and use of trusted compute pools not only will provide assurance that workloads in the cloud are running on trusted hardware and are in a trusted geolocation, but also will improve the protections for the data within workloads and flowing between workloads. This project will result in a NIST Cybersecurity Practice Guide—a publicly available description of the solution and practical steps needed to implement a cybersecurity reference design that addresses this challenge.”

The preliminary draft of NIST Special Publication 1800-19 Part B “Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud IaaS Environments” Section 4 Architecture includes the public IBM Cloud and our IBM Cloud Secure Virtualization (ICSV) solution:

“At a high level, the trusted cloud architecture has three main pieces: a private cloud hosted at the NCCoE, an instance of the public IBM Cloud Secure Virtualization (ICSV), and an Internet Protocol Security (IPsec) virtual private network (VPN) that connects the two clouds to form a hybrid cloud.”

Be the first to hear about news, product updates, and innovation from IBM Cloud