These technologies have been made available in the IBM public cloud for several years, he said. Trusted execution showed up as part of IBM's blockchain platform as a service in 2016, and two years later the Hyper Protect family of cloud services applied confidential computing more broadly.
Hyper Protect includes a cryptographic service, integrity services, database as a service (Postgres and Mongo), and virtual machines as a service.
IBM's approach means that the company is unable to access clients' data in these environments as a matter of technology, whereas competing cloud providers rely on operational protections.
|
|
These protections aren't just available to applications running entirely in the IBM public cloud. For example, the IBM Hyper Protect Software Development Kit for iOS allows developers to create iPad and iPhone apps to access data that's protected by the IBM cloud, and the Temenos banking software has a hybrid model allowing it to run on traditional systems while using the IBM cloud as its data protection layer.
"We've got the whole family [of trusted services] now generally available," said Badlaney, and the company intends to make them available in all zones by 2021.
IBM is also launching a set of fully homomorphic encryption toolkits, initially for macOS and iOS, and more recently for Linux. An Android version is said to be coming soon.
Homomorphic encryption allows data to be analysed or manipulated without being decrypted. "we've been focused on this space for a while," he said.
"This is meant for the most regulated industries," but greater adoption is occurring.
It can be hard to encrypt all data using conventional methods, as that requires complicated configurations, explained IBM distinguished engineer Rebecca Gott. But fully homomorphic encryption keeps everything encrypted. This is "the highest level of security by default, which is unchangeable," she said, so security settings are "baked in."
