For years, cloud providers have offered encryption services to help protect data at rest and data in transit, but not data in use. Confidential computing protects data during processing by performing computation in a hardware-based, trusted execution environment (TEE), which eliminates the remaining data security vulnerability.
Hyper Protect Services leverage IBM Secure Execution for Linux technology, part of the hardware of IBM z15 and IBM LinuxONE III generation systems, to protect the entire compute lifecycle. With Hyper Protect confidential computing as-a-service solutions, you gain a higher level of privacy assurance with complete authority over your data at rest, in transit, and in use – all with an integrated developer experience. You can run your most valuable applications and data in IBM’s isolated enclaves or trusted execution environments with exclusive encryption key control - Even IBM cannot access your data.
Intel® Xeon®-based IBM Cloud Bare Metal and Virtual Servers with Intel® SGX® help protect data in use via application isolation technology. By protecting selected code and data from modification, developers can partition their application into hardened enclaves or trusted execution modules to help increase application security. All Intel® SGX® confidential computing on IBM Cloud runs on 4th Gen Intel® Xeon® processors, the newest generation of HPC microarchitecture with built-in Intel® Accelerator Engines, improved power efficiency, DDR5 memory and PCIe 5 support.