A push to provide public cloud services with production-ready confidential computing capabilities able to protect data, applications, and processes.
As the number of cloud security-related breaches continue to skyrocket and more high-profile organizations higher each year, more and more companies have turned to confidential computing services to keep their data safe while it’s being used.
For two years, IBM has been deploying confidential computing capabilities in the IBM Cloud and Rohit Badlaney, vice president of IBM Z Hybrid Cloud, said it is the only public cloud with “production-ready confidential computing capabilities able to protect data, applications and processes.”
Badlaney explained that data security generally revolves around protecting data at rest, in transit, and in use. There are now well-established ways to provide protection for data at rest and data in transit, but protecting data in use has long been a problem companies have sought to solve, only turning to confidential computing in the last few years as a viable option.
IBM’s platform is now used in heavily regulated industries like healthcare and banking, with high profile customers like Bank of America and Daimler taking advantage of confidential cloud computing capabilities.
“We’ve had tremendous success over the last four to five years in generalizing and commercializing the confidential computing technology into an entire family of cloud services,” Badlaney said. “Our point of view on confidential computing is that the trusted execution environment is interesting but you want to surround it with a set of services that also leverage the same kind of underlying hardware and software innovation in confidential computing.”
“So we’ve built out this whole family especially for markets like financial services that have been nervous about moving anything into the public cloud. In order to deliver confidential computing, we believe a technology provider must provide protection across the entirety of the compute lifecycle–which includes everything from the build process and key management to the security of data services. Failure to fully protect any of these layers can leave a client’s business process exposed.”
He added that the whole suite of tools has been available for two years and was launched around May 2018.
IBM has not expanded confidential computing into the entire IBM Cloud but plans to by the middle of next year. Badlaney said it will “become pretty core to our enterprise grade value proposition that underpins our industry cloud push.”
Daimler, the corporation behind luxury vehicle brands like Mercedes-Benz and Maybach, needed confidential computing for a critical workload that was being moved to the public cloud, Badlaney explained.
“They wanted to make sure that we, IBM, couldn’t access their data or their applications we were protecting. Most cloud providers provide operational assurance for insider threats, so they’ll monitor logins, they’ll add a bunch of automation. The way our technology is set, we technically, even if I wanted to, couldn’t go in and look at the client data,” Badlaney said.
“In Daimler’s case, they needed the data tier to be locked down and then we surrounded it with executing modules and our key protection technology that made the Daimler team the only ones with access to the data.”
For Apple, Badlaney said IBM partnered to provide a tool kit called CareKit. The project was focusing on healthcare so the data needed to be protected in different ways, and the work IBM did with Apple involved ensuring that providers could synchronize confidential data to the public cloud.
“We wrote an SDK that is actually now part of the AppleCare GitHub, where clients can synchronize their health data into IBM Cloud backed through confidential computing and these secure databases,” Badlaney said.
“It’s a fantastic use case of healthcare providers and the beauty of this is that you can access this on the web. The concept applies to any regulated industry. Pretty much everyone is doing something with mobile and they want to store some data that is stored in a cloud. Now you’re locking that data down using confidential computing.”
In November, IBM announced that it had designed the world’s first financial services-ready public cloud and was collaborating with Bank of America for it. Bank of America now hosts important applications and workloads related to its 66 million banking customers.
Cathy Bessant, chief operations and technology officer for Bank of America, said it “is one of the most important collaborations in the financial services industry cloud space.”
“This industry-first platform will allow Bank of America to use the public cloud, putting data security, resiliency, privacy and customer information safety needs at the forefront of decision making. By setting a standard that addresses the concern of hosting highly-confidential information, we aim to drive the public cloud to a safety level that is unmatched,” Bessant said.
Over the past few years, other companies have turned to confidential computing, including Microsoft and Google. Last month Google Cloud announced that it was kickstarting a beta version of confidential virtual machines as the initial product in Google Cloud’s confidential computing portfolio.
According to the Institute of Electrical and Electronics Engineers, confidential computing typically leverages hardware-based techniques in order to isolate data, specific functions, or an entire application from the operating system, hypervisor or virtual machine manager, and other privileged processes.
It gives organizations wary of the security flaws inherent in cloud systems a bit more certainty and allows different enterprises to share data without the fear of anything being lost or stolen.
Last year, industry leaders Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent came together to found the Confidential Computing Consortium, a new industry group dedicated to accelerating the adoption of confidential computing.
“As we look ahead to the next era of computing, there are lots of predictions and assumptions on what the next great innovation will be–but one thing is indisputable: Data and securing that data is and will remain an incredibly important asset to companies and consumers. As our reliance on data grows in the era of hybrid cloud, the need for data privacy becomes even more critical for everyone–and for businesses, an imperative,” Badlaney said.
“As part of this, we need to actively invest and innovate in areas that we believe will better prepare us for the future, and better help our clients to protect their highly sensitive data.”