Hyper Protect Services Increase Cloud Security
With cloud adoption continuously accelerating, clients are becoming increasingly concerned about keeping sensitive data and workloads secure in the public cloud. This is especially relevant for clients in regulated industries such as financial services and healthcare.
Data protection in the cloud involves encrypting both data at rest and in flight. Providers with sensitive or confidential customer data want to ensure that even cloud admins cannot access customer data. And performance and reliability remain key for mission-critical applications.
Addressing Security Concerns
IBM Cloud Hyper Protect Services work to address these security concerns, providing industry-leading security through built-in workload isolation and tamper protection from privileged user access.
“The focus of the services is elevated security and isolation in public cloud,” says John Currie, program director, IBM Hyper Protect Services Offering Management and Strategy. “That’s appealing to any industry looking to adopt cloud, but regulated industries like banking, healthcare or insurance are particularly drawn to our services because they’re also looking for compliance or certification.”
Hyper Protect Services are built on LinuxONE* Secure Service Container technology, bringing the power of LinuxONE to IBM Cloud*. As a result, Hyper Protect Services can help application developers build secure cloud applications, even if they aren’t security and performance experts. Additionally, the Docker base stack inherits security without any code changes and the services are backed by the performance and reliability clients expect from LinuxONE.
“The LinuxONE platform doesn’t change in the cloud, so there’s still a secure enclave—the backbone for Secure Service Containers,” says Currie. “From that standpoint, we can provide a secure enclave for clients to operate within, limiting access by a third party. We also have 100 percent encryption of all data within the secure enclave.”
DBaaS and Crypto Services
Hyper Protect Services are continuously evolving. For example, two components recently emerged as beta services in January: Hyper Protect Database as a Service (DBaaS) and Hyper Protect Crypto Services.
Hyper Protect DBaaS provides data confidentiality that enables data owners to fully control their data. It prevents cloud operator access and is also backed by vertical scale and performance. With Hyper Protect DBaaS, clients can provision and manage secure, high volume databases on IBM Cloud through standard APIs to provision, manage, maintain and monitor multiple database types—removing the need for specialized database skills.
Hyper Protect Crypto Services are designed for clients looking for complete control over data encryption keys and Hardware Security Modules. These services have the industry’s highest FIPS 140-2 Level 4 crypto certification, and use the Key Protect API that IBM Cloud clients are already familiar with for Bring Your Own Key support for cloud data encryption. Crypto Services also support application-level encryption and digital signing for data confidentiality and integrity.
Journeying to the Cloud
Hyper Protect Services may yet be developing, but the goals remain the same: increase cloud security and make the journey to the cloud an easier one. “I want to evolve Hyper Protect Services into solutions that are solving key client problems and lowering the barriers to adopting cloud,” says Currie. “It’s about going on a journey with clients as they transition from on-prem to the cloud—which could possibly take years—and making that journey better.”