Intel® Architecture Enables New IBM Cloud Service with Enhanced Container Security

IBM Think 2018 unfolded in March with a series of exciting announcements about IBM Cloud. Security was a hot topic and with the RSA Conference just around the corner, the security and cloud momentum around trusted cloud platforms for Intel and our longtime collaboration partner IBM continues. At IBM Think, IBM announced expansion of their offerings based on Intel® security technologies and Intel® Xeon® processor-based servers in IBM Cloud. Here are two key highlights.

Protecting Containers with Intel® Trusted Execution and Intel® Cloud Integrity Technologies

According to a 451 Research study, revenue from application containers will grow from $1.1B in 2017 to $2.7B in 20201, faster than other ‘cloud enabling technologies’ such as PaaS, virtualization, automation, and management software and Kubernetes is taking the lead as the most popular orchestration platform2. With that, it’s not surprising that IBM recently introduced their IBM Cloud Container Service with Trusted Compute, a fully managed container service based in Kubernetes, now running on bare metal servers in IBM Cloud. Containers offer a logical separation for abstracting applications from the environment in which they actually run, but there are security challenges which must be addressed.

The new IBM Cloud Container Service with Trusted Compute uses Intel Xeon processors with Intel® Trusted Execution Technology (Intel® TXT) and Intel® Cloud Integrity Technology (Intel® CIT).  These features provide a chain of trust rooted in hardware, securing containers from the hardware up. Because the server is trusted, each container and subsequent container image created is verified. This trust information is auditable with continuous monitoring to address regulatory compliance requirements, such as the General Data Protection Regulation (GDPR), helping to eliminate the loss of control many companies currently face when using containers.

Raghu Yeluri, Senior Principal Engineer in Intel’s Data Center Group, was on stage with Nataraj Nagaratnam, CTO of IBM Cloud Security, to share details of how Intel TXT and Intel CIT offer transparent visibility of integrity assurance to Kubernetes orchestration, container integrity with Docker* Trust, as well as audit logging and continuous monitoring that determine any drift from the expected security posture so necessary remediation actions can take place.

The new IBM Cloud Container Service with Trusted Compute uses Intel Xeon processors with Intel® Trusted Execution Technology (Intel® TXT) and Intel® Cloud Integrity Technology (Intel® CIT).

Protecting Data with Intel Software Guard Extensions

According to an IDC Data Age 2025 Study, 163 trillion gigabytes of data will be created in 20253. This data explosion presents a challenge for both IT and cloud service providers, in protecting data in all of its phases - in use, at rest, and in motion. To address this data security need, IBM recently announced bare metal servers, based on Intel Xeon processors, that are configurable with Intel® Software Guard Extensions (Intel® SGX). Intel® SGX allows application developers to partition their applications into CPU-hardened “enclaves”, or protected areas of execution in memory that increase security, even on compromised platforms. IBM Cloud’s Early Access Preview for protection of data-in-use, powered by the Fortanix Runtime Encryption Platform* and Intel® SGX, transparently secures containerized applications without modification and helps protect sensitive data. Developers can utilize the service and toolkits to convert their applications or containers and guard against malware, bad actors, and infrastructure compromise.

IBM Cloud’s Early Access Preview for protection of data-in-use, powered by the Fortanix Runtime Encryption Platform and Intel SGX, transparently secures containerized applications without modification and helps protect sensitive data.

If you want to know more about Intel’s technologies in IBM Cloud, please listen to this Conversations in the Cloud podcast with Jason McGee, IBM VP & fellow, and Jake Smith, Intel DirectorIf you are interested in a hardware rooted chain of trust, check out IBM’s recent blog https://www.ibm.com/blogs/bluemix/2018/02/scale-security-innovating-applications-fast/.

Driving Cloud Innovation

Intel and IBM Cloud drive innovation together with both security and performance in mind, enabling new and differentiated services. In addition to last month’s announcements, we’ve collaborated on secure virtualization based on Intel® TXT and HyTrust security software, and led the way in deployment of Intel® Optane™ SSDs in the cloud.  Our customers’ success is our success. I can’t wait to see what innovations our collaboration will bring at IBM Think 2019.

Check out the Intel and IBM demos at RSA booth #3435 North Hall, to learn more.