IBM Hyper Protect is a feature of IBM Z and LinuxONE which provides hardware-level security for virtual servers. Hyper Protect is available in on-premises servers and in managed offerings on IBM Cloud: IBM Cloud Hyper Protect Crypto Services, IBM Cloud Hyper Protect Database as a Service and IBM Cloud Hyper Protect Virtual Servers. Many technologies aim to protect applications in production, but the build phase may expose applications to vulnerabilities. How can mission-critical applications remain protected throughout their lifecycle?
IBM Hyper Protect Virtual Servers protect Linux® workloads on IBM Z® and LinuxONE throughout the application lifecycle – from build through to deploy and manage. Now you can be confident that applications and data are always private and protected from internal and external threats.
Equip your developers with the capability to securely build their applications in a trusted environment with integrity.
Enable SysAdmins to validate that applications originate from a trusted source via their own auditing processes.
Give operations the ability to manage without accessing applications or their sensitive data.
Support client-provided container registry in addition to others such as IBM Cloud® Container Registry, Docker Hub (link resides outside ibm.com) or Linux Distribution-provided Base Container registry.
Use Linux Unified Key Setup (LUKS) encryption passphrase only present within the Trusted Execution Environment and based on a key derivation during deployment, taken from seeds provided by the workload and environment persona.
Apply Zero Trust principles from workload development through deployment. Based on a newly introduced encrypted contract concept enabling each persona to contribute without risk of exposing this data or intellectual property to others.
Benefit from Hardware Security Module (HSM) to protect keys as a common industry use case. To enable such solutions, directly attach a Crypto Express Network API for Secure Execution Enclaves provided as component of Hyper Protect Virtual Servers.
Adopt Secure Execution for Linux to deploy isolated workloads protected by Confidential Computing at scale and enable client-defined middleware and hypervisor. With this, Hyper Protect Virtual Servers can be integrated into virtualized Linux environment without any isolated logical partition (LPAR).
Empower developers with familiar tools and an automated, continuous software delivery pipeline to develop in a private, public or hybrid cloud. Hyper Protect Services provide secure cloud services for on-prem and off-prem deployments.
Enable developers to securely build source files, starting with the containerized application. Solution developers can keep image integrity, knowing it only contains what’s intended, and maintain confidence in the deployed application’s origin.
Encryp images and securely build with a trusted CI/CD flow to validate the origin, preventing backdoor introduction. Signed container images inherit security with no code changes, preventing access to data while it is being processed in the database.
IBM Safeguarded Copy provides immutable copies of sensitive data recovery that are hidden and protected from being modified or deleted due to user errors, malicious destruction or ransomware attacks.
Grant flexibility across the hybrid cloud ecosystem, with the IBM z15™ and IBM z16™ systems to deploy workloads both on and off-premises while maintaining security, availability and reliability.
By integrating the new IBM LinuxONE III™ and IBM LinuxONE 4 system in your hybrid cloud strategy, you add next-level security and stability to your cloud infrastructure, giving you both agile deployment and ultimate uptime.