IBM Cloud Data Shield

Enable runtime memory encryption for Kubernetes containers without modifying applications

Get started What's new

What is IBM Cloud Data Shield?

IBM Cloud™ Data Shield enables users to run containerized applications in a secure enclave on an IBM Cloud Kubernetes host, providing data-in-use protection. Data Shield allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels. It extends SGX language support from C and C++ to Python and also provides pre-converted SGX applications for MySQL, NGINX and Vault, with little to no code change. Powered by the Fortanix Runtime Encryption platform and Intel® SGX technology, these tools enable organizations with sensitive data to leverage cloud computing with more confidence.

Data Shield benefits

Facilitates a cloud model

Enables organizations with sensitive data to leverage cloud computing.

Secures containerized apps

Runs containerized applications in secure enclaves on the IBM Cloud Kubernetes Service.

Increases visibility

Provides visibility into node security attributes.

Supports DevOps

Integrates with DevOps pipelines.

Delivers scalability and high availability

Uses the IBM Cloud Kubernetes Service to bring scalability and high availability to SGX workloads.

How to use Data Shield

Deploy an app pre-enabled with Data Shield

Choose from a set of public Data Shield images to create containers in the IBM Cloud Kubernetes Service.

Learn more

Implement Data Shield on custom applications

Access the helm chart to install Data Shield on your SGX-enabled IBM Cloud Kubernetes Service cluster.

Learn more

Additional Intel SGX offerings on IBM Cloud

Intel SGX bare metal servers on IBM Cloud

Learn about data-in-use protection on IBM Cloud using Intel SGX.

Read the blog

IBM Cloud Kubernetes Service on Intel SGX

Learn about Intel SGX bare metal worker nodes for IBM Cloud Kubernetes Service.

Read the blog

Protect your containers today.