IBM Confidential Computing Platform

Protect your data with IBM Z, LinuxONE SEL and advanced confidential computing technology

SEL technology overview IBM Confidential Computing Redbook
Isometric illustration for IBM Cloud Confidential Computing
Updated technical reference documentation
Learn more about Confidential Computing with SUSE Linux Enterprise Base Container Images.
Read the blog

End-to-end data protection with IBM

The IBM Confidential Computing Platform uses IBM Secure Execution for Linux technology that includes hardware and firmware features such as memory encryption, encrypted contracts and an ultravisor to create isolated, secure environments for workloads.

IBM Confidential Computing safeguard your applications and data across their entire lifecycle. With confidential computing and encrypted key control, you maintain complete authority—ensuring data stays secured at rest, in transit and in use.

 Understand DORA and the role of confidential computing
Features
Container runtime isolation

Achieve granular protection for workloads with IBM Secure Execution for Linux®. Gain technical assurance with container-level isolation and zero-knowledge proofs for higher trust.

 Confidential computing with LinuxONE
Encrypted multiparty contract

Enforce policies with encrypted contracts. Assign roles and privileges securely by using zero-trust principles to maintain strict separation of duties across users.

 Read about contracts
Embedded data-at-rest protection

Protect stored data with a hardware-based root of trust. IBM’s FIPS 140-2 Level 4 certified HSM delivers the industry’s strongest cloud cryptography security.

 Read about on prem HSM
Secure Build

Ensure only verified workloads deploy. Each build generates a signed attestation record, allowing independent validation without reliance on external services.

 Build applications with secure build
Independent attestation

Verify container images and workloads with signed proof of integrity. Attestation records confirm authenticity without requiring third-party trust services.

 Read about attestation

Products and services

IBM Confidential Computing Services include a series of security products spanning key management service, virtual servers and containers.
IBM Confidential Computing Container Runtime for Red Hat Virtualization Solutions
Run secure, user-managed container solutions on Red Hat® Virtualization with full confidential computing support.
IBM Confidential Computing Containers for Red Hat Openshift OCP
Protect sensitive data on Red Hat OpenShift®, ensuring even administrators cannot access or tamper with workloads.
Explore IBM's cold storage solution
Automate secure digital asset signing with policy-driven cold storage for transaction protection.
IBM Confidential Computing Container Runtime
Build and manage hybrid cloud apps on IBM Z® and LinuxONE while keeping sensitive data protected in use.
Red Hat OpenShift with IBM Secure Execution
Enhance Red Hat OpenShift with IBM SEL, enabling confidential computing for secure application development.
Explore product resources Confidential Containers with IBM SEL Confidential Containers with Red Hat OCP and IBM SEL IBM SEL supporting Crypto Express adapters Confidential Computing Virtual Server Second generation of IBM Confidential Computing Platform IBM Confidential Computing with SUSE Linux Enterprise Base Container Images

Case studies

3d render of cubes
Schwarzthal Tech
Woman taking a note while using a notebook
Jamworks
Two industrial Engineer using a laptop
SEAL Systems AG
People in a meeting room
DIA
Rear view of software developers analyzing data on the computer screen
UKISS Technology
Hybrid Cloud 3d render
Metaco/Ripple

Frequently asked questions

Explore FAQs about confidential computing on IBM.

IBM Confidential Computing Platform is a suite of services designed to provide a secure-rich environment for mission-critical data and applications in hybrid cloud deployments, using confidential computing capabilities on IBM Z or LinuxONE. 

Read the Redbook: IBM Confidential Computing Platform

Confidential Computing refers to the protection of data in use by performing computation in an attested, hardware-based Trusted Execution Environment (TEE), helping ensure that data is encrypted and isolated during processing. IBM Confidential Computing Platform use this concept to protect mission-critical workloads and sensitive data. 

Operational assurance helps ensure that the operations conducted by service providers and others are compliant and do not intentionally or unintentionally compromise security. This is based on operational measures, which are breakable resulting in the need to trust.

Technical assurance helps ensure that the security features are ingrained in the technology, and it is technically impossible for unauthorized access or changes to occur. This helps ensure that data is secured always, without the need to trust any person or organization to not use privileged access in the case of internal or external attacks. 

The Hyper Protect Platform uses IBM Secure Execution for Linux technology that includes hardware and firmware features such as memory encryption, encrypted contracts and an ultravisor to create isolated, secure environments for workloads. 

Take the next step

Contact us to understand how to protect your mission-critical workloads with IBM confidential computing.