My IBM Log in

Confidential computing solutions

Protect your data with the broadest selection of data security and encryption technologies from IBM Z, IBM LinuxONE, and Intel® Xeon® on IBM Cloud.

Confidential Computing with IBM includes a range of services from the Hyper Protect Services and Intel® Xeon®-based IBM Cloud portfolios spanning containers, key management services, and high-performance computing (HPC) to help ensure data confidentiality and code integrity. 

Protect data across the entire compute lifecycle

For years, cloud providers have offered encryption services to help protect data at rest and data in transit, but not data in use. Confidential computing protects data during processing by performing computation in a hardware-based, trusted execution environment (TEE), which eliminates the remaining data security vulnerability.

The Hyper Protect product family utilize IBM Secure Execution for Linux technology to safeguard the entire data lifecycle. These confidential computing solutions offer enhanced privacy assurance, designed to keep full control over data at rest, in transit, and in use. They provide an integrated developer experience, allowing you to ensure that even system administrators, container platform administrators or service providers cannot access sensitive data and containerized applications or solution stacks.

Intel® Xeon®-based IBM Cloud Bare Metal and Virtual Servers with Intel® SGX®  help protect data in use via application isolation technology. By protecting selected code and data from modification, developers can partition their application into hardened enclaves or trusted execution modules to help increase application security. All Intel® SGX® confidential computing on IBM Cloud runs on 4th Gen Intel® Xeon® processors, the newest generation of HPC microarchitecture with built-in Intel® Accelerator Engines, improved power efficiency, DDR5 memory and PCIe 5 support. 

Intel® Xeon®-based IBM Cloud Virtual Servers with Intel® TDX aim to provide an additional layer of security through hardware-based isolation and encryption. By running virtual servers within an encrypted enclave, Intel TDX helps ensure that data is protected from unauthorized access, even from IBM Cloud. This creates a multi-tenant cloud environment designed for security by heightening trust for critical applications and strengthening data sovereignty for peace of mind and compliance.
Why IBM for confidential computing

Why IBM for confidential computing

Secure every journey to hybrid cloud

Address your security concerns when you move mission-critical workloads to hybrid cloud through a variety of as-a-service solutions based on IBM Z and LinuxONE or x86 hardware technology. You have exclusive control over your encryption keys, data, and applications to meet data sovereignty requirements. 
Hyperscale and protect in all states

Quickly scale out and maintain maximum resiliency while protecting your workloads at-rest, in-transit, and now in use inside the logically isolated IBM Cloud VPC network. Choose from a variety of virtual server profile sizes and pay-as-you- use options needed to protect your applications. 
Provide smaller isolation granularity and code confidentiality

Ensure maximum confidentiality for your applications and data through fine-grained runtime isolation, encrypted contracts, and secure enclaves. Prevent unauthorized access, even from IBM Cloud infrastructure admins, with zero trust enforcement and remote attestation. This ensures that your data and code is not altered at any time.
Products and services

Products and services

Hyper Protect Services based on IBM Secure Execution for Linux (SEL)

Implement policy enforcement with encrypted contracts and provide a higher level of container-based isolation.
Intel® SGX on IBM Cloud Virtual Servers

Help protect your selected code or data with application-based isolation.
Intel® TDX on IBM Cloud Virtual Servers

Help protect your data from unauthorized access with a secure enclave.
IBM Cloud Virtual Server for VPC

Highly scalable, single-tenant and multi-tenant virtual machines you can launch fast for maximum network isolation and control.
Resources

Resources

Redbook IBM Hyper Protect Platform: Applying Data Protection and Confidentiality in a Hybrid Cloud Environment

Shows more details about the Hyper Protect Platform: the underlying technology and how the services support your hybrid cloud strategy.

View Redbook Video

Introduces how you can leverage confidential computing to solve your business challenges and achieve unparalleled security.

 Whitepaper Data Sovereignty with IBM Hyper Protect Services

Learn more about how IBM Hyper Protect Services protect your data with a special focus on key management.

Download the whitepaper Learn hub What is confidential computing?

Introduces the basics of confidential computing, how it works, and why it is so important.

Learn more IBM Cloud Docs IBM Cloud Virtual Servers for VPC: Creating a virtual server with Intel® SGX or Intel® TDX

Learn more about Intel® SGX and Intel® TDX inside IBM Cloud Virtual Servers for VPC, including step-by-step instructions for enabling a confidential computing profile, secure boot, and attestation.

View docs IBM Cloud Docs IBM Cloud Bare Metal Servers (classic)

Provisioning a bare metal server with Intel® SGX®.

View docs Video

Introduces the latest high-performance compute microarchitecture behind confidential computing with Intel® SGX® on IBM Cloud servers.

Frequently asked questions

Confidential computing on IBM explained

What is the Hyper Protect Platform?

IBM Hyper Protect Platform is a suite of services designed to provide a highly secure environment for mission-critical data and applications in hybrid cloud deployments, leveraging confidential computing capabilities on IBM Z or LinuxONE. For more details, see the Redbook: IBM Hyper Protect Platform: Applying Data Protection and Confidentiality in a Hybrid Cloud Environment

 What is Confidential Computing, and how does it relate to the Hyper Protect Platform?

Confidential Computing refers to the protection of data in use by performing computation in an attested, hardware-based Trusted Execution Environment (TEE), ensuring data is encrypted and isolated during processing. IBM Hyper Protect Platform utilize this concept to protect mission-critical workloads and sensitive data. 

 What is the difference between Operational Assurance and Technical Assurance?

Operational assurance ensures that the operations conducted by service providers and others are compliant and do not intentionally or unintentionally compromise security. This is based on operational measures - which are breakable resulting in the need to trust.

Technical assurance ensures that the security features are ingrained in the technology, and it is technically impossible for unauthorized access or changes to occur. This ensures that data is secured at all times, without the need to trust any person or organization to not exploit privileged access in the case of internal or external attacks. 

 What kind of technology underlies the Hyper Protect Platform to enhance security?

The Hyper Protect Platform leverages IBM Secure Execution for Linux technology that includes hardware and firmware features such as memory encryption, encrypted contracts, and an Ultravisor to create isolated, secure environments for workloads. 

 What are the benefits of IBM Cloud Virtual Servers for VPC?

IBM Cloud Virtual Servers for VPC deliver hyperscale compute capacity with the highest network speeds and most secure, software-defined networking resources available on the IBM Cloud. Built on IBM Cloud Virtual Private Cloud (VPC) and featuring powerful, 4th Gen Intel® Xeon® processors, this developer-friendly infrastructure helps drive modern workloads faster and easier with pre-set instance profiles, rapid deployment and private network control in an agile public cloud environment. Choose multi-tenant or dedicated, add GPUs, and pay-as-you-use with monthly billing, or reserve your capacity in advance for reduced costs.

 What is Intel® SGX and Intel® TDX?

Intel® Software Guard Extensions (SGX) protects your data through hardware-based server security by using isolated memory regions that are known as encrypted enclaves. This hardware-based computation helps protect your data from disclosure or modification. Which means that your sensitive data is encrypted while it is in virtual server instance memory by allowing applications to run in private memory space. To use Intel® SGX®, you must install the Intel® SGX® drivers and platform software on Intel® SGX®-capable worker nodes. Then, design your app to run in an Intel® SGX® environment.

Intel Trust Domain Extensions (Intel TDX) is Intel's newest confidential computing technology. This hardware-based trusted execution environment (TEE) facilitates the deployment of trust domains (TD), which are hardware-isolated virtual machines (VM) designed to protect sensitive data and applications from unauthorized access. A CPU-measured Intel TDX module enables Intel TDX.
Take the next step

Contact us on how to protect your mission-critical workloads with IBM confidential computing. 
Overview Annual report Corporate social responsibility Inclusion@IBM Financing Investor Newsroom Security, privacy & trust Senior leadership Careers with IBM Website Blog Publications Automotive Banking Consumer Goods Energy Government Healthcare Insurance Life Sciences Manufacturing Retail Telecommunications Travel Our strategic partners Find a partner Become a partner - Partner Plus Partner Plus log in IBM TechXChange Community LinkedIn X Instagram YouTube Subscription Center Participate in user experience research Podcasts United States — English Contact IBM Privacy Terms of use Accessibility