Home Confidential Computing
Confidential computing with IBM

Protect your data at rest, in transit and in use with the broadest selection of data security and encryption technologies from IBM Z, IBM LinuxONE, and Intel® Xeon® on IBM Cloud.

Explore the solution guide

Confidential Computing with IBM includes a range of services from the Hyper Protect Services and Intel® Xeon®-based IBM Cloud portfolios spanning containers, key management services, and high-performance computing (HPC) to help ensure data confidentiality and code integrity. 

Protect data across the entire compute lifecycle

For years, cloud providers have offered encryption services to help protect data at rest and data in transit, but not data in use. Confidential computing protects data during processing by performing computation in a hardware-based, trusted execution environment (TEE), which eliminates the remaining data security vulnerability.

Hyper Protect Services leverage IBM Secure Execution for Linux technology, part of the hardware of IBM z15 and IBM LinuxONE III generation systems, to protect the entire compute lifecycle. With Hyper Protect confidential computing as-a-service solutions, you gain a higher level of privacy assurance with complete authority over your data at rest, in transit, and in use – all with an integrated developer experience. You can run your most valuable applications and data in IBM’s isolated enclaves or trusted execution environments with exclusive encryption key control - Even IBM cannot access your data.

Intel® Xeon®-based IBM Cloud Bare Metal and Virtual Servers with Intel® SGX® help protect data in use via application isolation technology. By protecting selected code and data from modification, developers can partition their application into hardened enclaves or trusted execution modules to help increase application security. All Intel® SGX® confidential computing on IBM Cloud runs on 4th Gen Intel® Xeon® processors, the newest generation of HPC microarchitecture with built-in Intel® Accelerator Engines, improved power efficiency, DDR5 memory and PCIe 5 support. 

IBM Cloud expands confidential computing portfolio with Intel® SGX®.

IBM Cloud with Intel® SGX® featuring 4th Gen Intel Xeon scalable processors

IBM Secure Execution for Linux support for Crypto Express adapters

Understanding DORA and the role of confidential computing

Red Hat OpenShift Container Platform with Confidential Containers leveraging IBM Secure Execution for Linux

Why IBM for confidential computing Secure every journey to hybrid cloud

Address your security concerns when you move mission-critical workloads to hybrid cloud through a variety of as-a-service solutions based on IBM Z and LinuxONE or x86 hardware technology. You have exclusive control over your encryption keys, data, and applications to meet data sovereignty requirements. 

Hyperscale and protect in all states

Quickly scale out and maintain maximum resiliency while protecting your workloads at-rest, in-transit, and now in use inside the logically isolated IBM Cloud VPC network. Choose from a variety of virtual server profile sizes and pay-as-you- use options needed to protect your applications. 

Provide smaller isolation granularity

Provide container runtime isolation with technical assurance and zero trust powered by IBM Secure Execution for Linux technology on select solutions. This ensures that unauthorized users, including IBM Cloud infrastructure admins, can’t access your data and applications, thus mitigating both external and internal threats.

Keep data and code confidential

Implement policy enforcement with encrypted contracts or secure enclaves at the moment of deployment to make sure that your data and code is not altered at any time. Provide remote attestation service without any need to trust other key management services or external third parties beyond certificate authorities.

Products and services
IBM Cloud Hyper Protect Virtual Servers for VPC

Gain complete authority over Linux- based virtual servers with auditable deployment of trustworthy container images in a tamper-proof environment.

Learn more
IBM Cloud Hyper Protect Crypto Services

Take exclusive control of encryption keys in a single-tenant multicloud key management service with a customer-controlled FIPS 140-2 level 4 certified hardware security module (HSM).

Learn more
IBM Hyper Protect Virtual Servers for IBM LinuxONE and IBM Z

Securely build, deploy, and manage mission-critical applications for hybrid cloud implementations on IBM LinuxONE and IBM Z, while data-in-use stays protected.

Learn more
IBM Hyper Protect Offline Signing Orchestrator

Help deploy cold storage solutions for Digital Assets, which turns the entire digital asset transaction signing process from a manual operation to a completely automated and policy-driven one.

Learn more
IBM Cloud Virtual Servers for VPC with Intel® SGX®

Help increase application security and protect selected code and data from modification with Intel® SGX® on hyper-scalable virtual servers inside IBM Cloud VPC – a private network in the public cloud.

Learn more
IBM Cloud Bare Metal Servers with Intel® SGX®

Help protect data in use with unique application isolation technology from Intel® SGX® on single-tenant, dedicated cloud servers backed by powerful 4th Gen Intel® Xeon® processors.

Learn more

How to leverage confidential computing with Hyper Protect Services or Intel SGX?

Hyper Protect Services implement policy enforcement with encrypted contracts and provide a higher level of container-based isolation, while Intel® SGX® protects your selected code or data and provides application-based isolation.

These are examples of how to leverage the unique features of Hyper Protect Services for your use cases. Hyper Protect Services are based on IBM Secure Execution and not available with Intel SGX. 

Hyper Protect Services Secure containerized workloads on open platform Containerizing applications on the Hyper Protect platform with confidential computing ensures that your applications are always protected. Protected against any third parties – including the cloud provider – and other insider attacks on all level of the stack. Learn more
Hyper Protect Services Digital assets infrastructure The trusted infrastructure for digital custody solutions to safeguard, store, trade, issue and manage digital assets in highly secure wallets. Achieve reliability at scale when millions of tokens and NFTs are managed and traded at high-value and for short-timeframes (loaner). Learn more
Hyper Protect Services Protect trustworthy AI in all stages As AI gets closer to the heart of business mission-critical data, and with the increasing adoption of traditional and generative AI models, confidential computing ensures that data and insights outside of your direct control are protected at every stage (during creation and inference). Learn more

Hyper Protect Services Secure multi-party computation and collaboration Facilitate multi-party collaborations while keeping data from each party private, allowing all parties to benefit from data sharing without compromising security. Learn more

Hyper Protect Services Secure workload supply chain Leverage confidential computing to secure the development and build pipeline from produce to deliver. With the Hyper Protect Secure Build technology, you can build a trusted container image within a highly- isolated secure enclave where developers can access the container only by using a specific API. Learn more

Client stories 
Opollo Technologies

Leverages AI and Hyper Protect Services to help healthcare facilities solve complex problems while keeping patients’ data safe.

DIA

Leverages Hyper Protect Services to secure a decentralized financial information platform and enable protection and privacy of data infrastructure.

UKISS Technology

Uses Hyper Protect Virtual Servers to build secure applications for self-custody wallets.

Phoenix Systems

Partners with IBM confidential computing to deliver solutions with unprecedented security and drive digital transformation for future generations.

Metaco

Uses Hyper Protect Services for its digital asset orchestration system to support its financial clients hybrid cloud adoption with increased security and scalability.

Jamworks

Partners with the IBM Hyper Protect Platform to protect the integrity of Jamworks' AI as well as the confidentiality of an individual's data.

Industries
Healthcare

Protect sensitive data such as patient health information and payment records. Aid disease diagnostic and drug development with AI solutions while ensuring data privacy.

Financial services

Secure payment processing, protect sensitive financial information, prevent fraud, and ensure regulatory compliance. Create a trusted platform for digital assets, non-fungible tokens (NFTs), and policy enforcement.

Retail

Ensure regulatory compliance on customer data aggregation and analysis. Make it possible to share data for multi-party collaboration to prevent retail crime while keeping data from each party private.

Public sector

Facilitate digital transformation involving critical personal data such as identification numbers and biometrics. Improve service reliability and resilience to defend advanced cyber attacks on public infrastructures.

Manufacturing

Protect Intellectual Properties (IPs) during the manufacturing process. Ensure the data and technologies are protected along the supply chain at every stage to avoid data leaks and unauthorized access.

Software and platform applications

Enable providers to offer cloud-native solutions for customers with mission-critical data or regulatory requirements. Ensure clients' data remain inaccessible not only by the service provider but also by the underlying cloud infrastructure.

Resources
Redbook IBM Hyper Protect Platform: Applying Data Protection and Confidentiality in a Hybrid Cloud Environment

Shows more details about the Hyper Protect Platform: the underlying technology and how the services support your hybrid cloud strategy.

View Redbook
Whitepaper The Second Generation of IBM Hyper Protect Platform

Unveils the secrets of the latest IBM Hyper Protect Platform: how the new generation of services use the industry-leading technology to achieve confidential computing.

Download the whitepaper
Video

Introduces how you can leverage confidential computing to solve your business challenges and achieve unparalleled security.

Whitepaper Data Sovereignty with IBM Hyper Protect Services

Learn more about how IBM Hyper Protect Services protect your data with a special focus on key management.

Download the whitepaper
Learn hub What is confidential computing?

Introduces the basics of confidential computing, how it works, and why it is so important.

Learn more
IBM Cloud Docs IBM Cloud Virtual Servers for VPC: Creating a virtual server with Intel® SGX®

Learn more about Intel® SGX® capabilities inside IBM Cloud Virtual Servers for VPC, including step-by-step instructions for enabling a confidential computing profile, secure boot, and attestation.

View docs
IBM Cloud Docs IBM Cloud Bare Metal Servers (classic)

Provisioning a bare metal server with Intel® SGX®.

View docs
Video

Introduces the latest high-performance compute microarchitecture behind confidential computing with Intel® SGX® on IBM Cloud servers.

Frequently asked questions

Confidential computing on IBM explained

What is the Hyper Protect Platform?

IBM Hyper Protect Platform is a suite of services designed to provide a highly secure environment for mission-critical data and applications in hybrid cloud deployments, leveraging confidential computing capabilities on IBM Z or LinuxONE. For more details, see the Redbook: IBM Hyper Protect Platform: Applying Data Protection and Confidentiality in a Hybrid Cloud Environment

What is Confidential Computing, and how does it relate to the Hyper Protect Platform?

Confidential Computing refers to the protection of data in use by performing computation in an attested, hardware-based Trusted Execution Environment (TEE), ensuring data is encrypted and isolated during processing. IBM Hyper Protect Platform utilize this concept to protect mission-critical workloads and sensitive data. 

What is the difference between Operational Assurance and Technical Assurance?

Operational assurance ensures that the operations conducted by service providers and others are compliant and do not intentionally or unintentionally compromise security. This is based on operational measures - which are breakable resulting in the need to trust.

Technical assurance ensures that the security features are ingrained in the technology, and it is technically impossible for unauthorized access or changes to occur. This ensures that data is secured at all times, without the need to trust any person or organization to not exploit privileged access in the case of internal or external attacks. 

What kind of technology underlies the Hyper Protect Platform to enhance security?

The Hyper Protect Platform leverages IBM Secure Execution for Linux technology that includes hardware and firmware features such as memory encryption, encrypted contracts, and an Ultravisor to create isolated, secure environments for workloads. 

What are the benefits of IBM Cloud Virtual Servers for VPC?

IBM Cloud Virtual Servers for VPC deliver hyperscale compute capacity with the highest network speeds and most secure, software-defined networking resources available on the IBM Cloud. Built on IBM Cloud Virtual Private Cloud (VPC) and featuring powerful, 4th Gen Intel® Xeon® processors, this developer-friendly infrastructure helps drive modern workloads faster and easier with pre-set instance profiles, rapid deployment and private network control in an agile public cloud environment. Choose multi-tenant or dedicated, add GPUs, and pay-as-you-use with monthly billing, or reserve your capacity in advance for reduced costs.

What is Intel® SGX® ?

Intel® Software Guard Extensions (SGX) protects your data through hardware-based server security by using isolated memory regions that are known as encrypted enclaves. This hardware-based computation helps protect your data from disclosure or modification. Which means that your sensitive data is encrypted while it is in virtual server instance memory by allowing applications to run in private memory space. To use Intel® SGX®, you must install the Intel® SGX® drivers and platform software on Intel® SGX®-capable worker nodes. Then, design your app to run in an Intel® SGX® environment.

Take the next step

Contact us on how to protect your mission-critical workloads with IBM confidential computing.