Cloud
Security
October 11, 2021 By Hillery Hunter 4 min read

Preventing data breaches in the cloud.

The CIOs and chief security officers (CSOs) I speak with are very concerned about where their next data breach will come from. This is across industries — pharmaceuticals, healthcare, banking, etc. Business leaders understand there are cybersecurity threats they need to plan for, especially during this pandemic, when they’ve had to change their business models so quickly.

These leaders know what they want to avoid: costly data breaches. According to a recent study by IBM and the Ponemon Institute, today’s average cost of a data breach in the U.S. is $8.64 million USD, and it takes 280 days to identify and contain the average breach. Time is money when sensitive data is on the line.

These conversations often lead to confidential computing, what it is and if it can help them avoid a data breach.

What is confidential computing all about?

“Confidential computing” sounds like it’s shrouded in secrecy, but in essence, we’re talking about secure enclave technology to protect your data-in-use. Your data can be at-rest or in-transit and be protected using encryption. Even if the data is intercepted by a hacker, it is meaningless so long as it can’t be deciphered. But this isn’t the case when your data is in-use. Before it can be processed by an application, data must be decrypted. To put it simply: to use data, you must see data. This leaves the data unencrypted in the memory of whatever device it’s stored on and potentially exposed to malicious actors.

Confidential computing is like doing all your data processing in a locked room or bank vault. With IBM Cloud® confidential computing capabilities, sensitive data is isolated in a protected enclave during processing. The contents of this enclave — the data being processed and the techniques used to process it — are only accessible to authorized code, invisible to anything or anyone else, including the operating system and cloud provider. This means that your data is yours and yours alone. Even your cloud provider — IBM, in this case — cannot access it.

If there is a breach, recovery can be complicated by the added risk to your intellectual property and damage to your brand’s reputation. But the hardest thing to recover is your customers’ trust. As the operations and management of data get more and more spread out — with much of it floating at the edge thanks to mobile devices, smartphones, smartwatches, remote consultations with your physician and digital banking, to name a few — avoiding data breaches will only get more complicated.

Addressing the requirements of regulated industries

Back to 2018, we were the first cloud provider in the industry to offer services based on confidential computing. And we still believe that confidential computing is an answer to assuring data privacy in the cloud because with confidential computing, your company’s data remains your data. When confidential computing protocols are in place, a cloud provider simply cannot provide access to third parties, even if compelled to do so by external factors.

We’ve had conversations with leaders across regulated industries, all of whom want us to contextualize confidential computing to their specific industries, especially those who are particularly concerned about cybersecurity. For example:

  • We’ve co-designed IBM Cloud for Financial Services™ with banking partners so they can quickly move to cloud, address financial services’ concerns for security and compliance and adhere to all regulatory requirements.  
  • For the federal government, we just announced the IBM Center for Government Cybersecurity, a collaborative environment to help federal agencies plan not only for addressing current cybersecurity, but also to plan well out into the future.
  • The Decentralized Finance (DeFi) economy is using confidential computing to protect data with complete authority and achieve privacy assurance for their data and workloads. This enables the Decentralized Information Asset (DIA) platform to ensure that no third party can view or manipulate data and protects platform users from malicious internal or external attacks.
  • For healthcare, we offer Hyper Protect iOS SDK for Apple CareKit, powered by IBM Cloud Hyper Protect Services, which helps ensure data is always encrypted. CareKit is an open-source framework for developing apps that help users better understand and manage their health by creating dynamic care plans, tracking symptoms, connecting to care teams and more.

Key to your security effort is that it is planned. Plan how to stay ahead of the hackers. We’ve worked with companies like Daimler to protect their post-sale consumer information and with Apple to enable people to quickly create secure and data-protected applications for the healthcare space. We’ve been able to plan with industries in different sectors and different parts of the world on how to address moving to the cloud with confidence, which includes protecting data in-motion, at-rest and in-use.  

A job well done

With this planning, the CIO, CTO, CSO, IT — everyone — can look to their Board or customers and say, “We’ve implemented the most secure possible data protection technology, even as we’ve worked to digitally transform our organization.”

Currently, businesses may avoid sharing proprietary data with other organizations for fear of that data being exposed. Confidential computing gives organizations the confidence to share such data sets, algorithms and proprietary applications for the purposes of collaboration and research in the cloud — all while preserving confidentiality. Data protection, trust and security are at the heart of IBM’s hybrid cloud strategy. Clients in the financial services, telco, consumer healthcare and automotive industries are using advanced data protection capabilities from IBM to help safeguard their data. They know that the capabilities of confidential computing are critical now and for the future.

Next steps

For more background on data breaches and their prevention, download the report from IBM Cloud and IBM Security, Cost of a Data Breach: A view from the cloud 2021.

Protect your data at-rest, in-transit and in-use with a higher level of privacy assurance. Explore confidential computing on IBM Cloud.

Was this article helpful?
YesNo
Hillery Hunter
GM & CTO IBM Cloud, IBM Fellow

More from Cloud
October 4, 2024

New IBM study: How business leaders can harness the power of gen AI to drive sustainable IT transformation

3 min read - As organizations strive to balance productivity, innovation and environmental responsibility, the need for sustainable IT practices is even more pressing. A new global study from the IBM Institute for Business Value reveals that emerging technologies, particularly generative AI, can play a pivotal role in advancing sustainable IT initiatives. However, successful transformation of IT systems demands a strategic and enterprise-wide approach to sustainability. The power of generative AI in sustainable IT Generative AI is creating new opportunities to transform IT operations…

October 1, 2024

X-Force report reveals top cloud threats: AITM phishing, business email compromise, credential harvesting and theft

4 min read - As we step into October and mark the start of Cybersecurity Awareness Month, organizations’ focus on protecting digital assets has never been more important. As innovative new cloud and generative AI solutions help advance today’s businesses, it’s also important to understand how these solutions have added to the complexity of today’s cyber threats, and how organizations can address them. That’s why IBM—as a leading global security, cloud, AI and business service provider—advocates to our global clients to take a proactive…

September 20, 2024

Top 6 innovations from the IBM – AWS GenAI Hackathon

5 min read - Eight client teams collaborated with IBM® and AWS this spring to develop generative AI prototypes to address real-world business challenges in the public sector, financial services, energy, healthcare and other industries. Over the course of several weeks, cross-functional teams comprising client teams, IBM and AWS representatives worked to design, develop and iterate on prototypes that push the boundaries of what's possible with generative AI. IBM used design thinking and user-centric approach to guide the teams throughout the hackathon. AWS provided…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters