1. Confidential Computing
Comprehensive portfolio
to protect sensitive data
—
May 2021
Mark Argent
IBM

2. Confidential Computing
from CIO’s POV
Confidential Computing, Analyst Briefing/ © 2021 IBM Corporation 2
Business needs:
– Meet regulatory compliance
requirements and reduce costs
of doing so
– Complete authority over sensitive data
and associated workloads, especially
hybrid apps
– Move to cloud, but manage
sensitive and confidential data
– Ensure data privacy including
for AI/ML and sensitive data
Complex regulations
and data privacy
Increasing cybersecurity
and data breaches

3. Technical
assurance
Operational
assurance
“Cloud provider will not
access your data”
Regulated clients require technical assurance.
Operational assurance is not sufficient.
Confidential Computing, Analyst Briefing / © 2021 IBM Corporation 3
“Cloud provider cannot
access your data”
Data Service
Objects
Objects
Cloud operator
Customer
Control
Visibility
Data Service
Objects
Objects
Cloud operator
Customer

4. Confidential
Computing
https://www.ibm.com/cloud/learn/confidential-computing
Data in Use
User interface
(e.g. website)
Application user
Data service
(e.g. database)
Application
(e.g. cloud service)
Data at Rest
(e.g. on a filesystem)
Key
Management
(KMS)
Data at Rest
Data in Transit
Confidential Computing, Analyst Briefing/ © 2021 IBM Corporation 4
Confidential Computing is about ‘Data in Use’
Industry view

5. Confidential Computing Consortium
Definition https://confidentialcomputing.io/
Confidential Computing, Analyst Briefing/ November, 2020 / © 2020 IBM Corporation 5
Confidential Computing add data in use protection to data at rest and in transit
protections, by performing computation in a hardware-basedTrusted Execution
Environment. These secure and isolated environments prevent unauthorized access
or modification of applications and data while in use, increasing the security
assurances for organizations that manage sensitive and regulated data.
Why is Hardware Necessary for Confidential Computing
Security is only as strong as the layers below it, since security in any layer of the
compute stack could potentially be circumvented by a breach at an underlying layer.
This drives the need for security solutions at the lowest layers possible, down to
the silicon components of the hardware.

6. The Scope of Confidential Computing
(from the consortium)
Confidential Computing, Analyst Briefing / November, 2020 / © 2020 IBM Corporation 6
• Software attacks. Software attacks include attacks on the operating system, hypervisor, BIOS,
other software and stacks.
• Protocol attacks. Protocol attacks include side attacks on protocols associated with
attestation as well as workload and data transport.
• Cryptographic attacks. Cryptography is an evolving discipline, with vulnerabilities being
found over time in ciphers and algorithms, including mathematical breakthroughs, availability of
computing power, and new computing approaches such as quantum computing. In some cases,
defense-in-depth may be appropriate, for instance employing quantum- resistant cryptography
within TEE instances whose implementation is not itself quantum-resistant.
• Basic physical attacks. considered in-scope: cold DRAM extraction, bus and cache
monitoring and plugging of attack devices into an existing port, e.g., PCIe, Firewire, USB-C.

7. Leveraging secure
enclaves in IBM z15
Leveraging secure
enclaves in Intel SGX
Purpose built offerings from IBM spanning
compute, containers, databases and crypto
Confidential Computing, Analyst Briefing / © 2021 IBM Corporation 7
IBM Cloud Hyper
Protect Crypto Services
Data encryption & TLS
offloading with
“Keep Your Own Key”
IBM Cloud Hyper
Protect Virtual Servers
Confidential servers
for workloads
IBM Cloud Hyper
Protect DBaaS
Confidential
databases
IBM Cloud
Data Shield
Confidential containers
for microservices

8. Data in Use
User interface
(e.g. website)
Application user
Data service
(e.g. database)
Application
(e.g. cloud service)
Data at Rest
(e.g. on a filesystem)
Hyper
Protect
Crypto
Service
Keep
Your
Own
Key
(KYOK)
Data at Rest
Data in Transit
Confidential Computing, Analyst Briefing/ © 2021 IBM Corporation 8
IBM Cloud Hyper Protect
Crypto Services
IBM Cloud Hyper Protect Virtual
Servers
IBM Cloud Hyper Protect
DBaaS
IBM Cloud Data Shield
Confidential compute enables total privacy assurance
IBM view

9. Cloud services:
IBM perspective
IBM Cloud Azure AWS GCP
Confidential Compute Services  Data Shield servers
Hyper Protect Virtual Server
  
Confidential Database Services  Hyper Protect PostgreSQL
Hyper Protect Mongo DB EE
— X X
Confidential Crypto/
Key Management Services (KYOK)
 Hyper Protect Crypto Services X X X
Confidential Containers  Data Shield IKS/ROKS X X X
Secure Build / DevSecOps for
Confidential Computing
 Hyper Protect Virtual Server
With Bring Your Own Image
 X X
Client References   X X
Supported
— Alternative approach
X Not supported
Confidential Computing, Analyst Briefing/ © 2021 IBM Corporation 9
*Always encrypt

10. Confidential Computing - TEE
On Premise
Confidential Computing, Analyst Briefing/ © 2021 IBM Corporation 10
Intel SGX &TPM
AMD EPYC
IBM
VMWare
https://confidentialcomputing.io/white-papers/
Power 10 EPC
Hyperledger
Thales+
Microsoft 365
Z / LinuxOne Z / LinuxOne Z / LinuxOne Z / LinuxOne
Z
/
LinuxOne
Z
/
LinuxOne
Z / LinuxOne Z / LinuxOne
Z / LinuxOne Z / LinuxOne Z / LinuxOne Z / LinuxOne Z / LinuxOne Z / LinuxOne
Z / LinuxOne

11. On Premise
Confidential Computing: Options
for protecting application data in
memory
Can the application be containerized ?
vSphere 7 Pods
IBM Secure Execution
for Linux
IBM LinuxONE
IBM z15
Can the protected enclave be limited to 128MB
?
Intel Software Guard
Extensions (SGX)
Application isolation
Yes
VM isolation
VM isolation
Container isolation
Supports secrets built
into enclave;
Support for memory
overcommit
No
Yes
No Yes
IBM Hyper Protect Virtual
Servers (HPVS)
IBM LinuxONE
IBM z15
Container isolation
Established toolchain
(inc. IBM HSM - KYOK);
Support for memory
overcommit
Yes No
* Majority of modern languages/hosting deployable without change
• Java ‘out of the box’ provided using right JDK
• NodeJS / Javascript
• ISV Software is usually recompiled already.
• Many open-source software already available.
• CLR for .Net applications ( targeted Q4 ‘21 )
Willing to change the application design/code to use protected enclave ?
Can the application be deployed on s390x architecture ? *
Can the application be containerized ?
No
vSphere 7
Linux KVM
Limited to 92MB
memory (vSphere
vSGX);
Vendor specific
implementation;
Only specified memory
is protected
AMD Secure Encrypted
Virtualization -
Encrypted State
(SEV-ES)
AMD Secure Encrypted
Virtualization -
Encrypted State
(SEV-ES)
s390x
x86
Can’t overcommit memory
allocated to VMs;
Vulnerabilities in all but
latest processors
Can’t overcommit memory
allocated to Containers;
Vulnerabilities in all but
latest processors
Yes No

12. Hybrid Cloud : On Premise and
Public Cloud Services Confidential
Computing: Options for
protecting application data in
memory
IBM Secure Execution
for Linux
IBM LinuxONE
IBM z15
VM isolation
Supports secrets
built into enclave;
Support for memory
overcommit
IBM Hyper Protect
Virtual Servers (HPVS)
IBM LinuxONE
IBM z15
Container
isolation
Established toolchain
(inc. IBM HSM -
KYOK);
Support for memory
overcommit
Able to leverage services from the public cloud to combine with On Premise
implementation ?
IBM Cloud Data Shield
IBM Cloud Hyper
Protect DBaaS
IBM Cloud Hyper
Protect Crypto Services
Public cloud DBaaS
Public cloud Crypto
service
Virtual Servers Containers
IBM Cloud Hyper
Protect Virtual Servers
Able to Develop and Test on the public cloud ?
s390x - On Premise IBM Cloud services
LinuxONE virtual
servers
Only service in the
industry that’s built
on FIPS 140-2 Level
4-certified hardware;
Keep Your Own Key
(KYOK)
MongoDB
PostgreSQL
FIPS 140.2 HSM
Run containerized
applications in a
secure enclave on
Kubernetes;
Secure enclaves
using Intel SGX and
Fortanix
Fully managed
database on
LinuxONE;
Control encryption
keys with Crypto
Services
On Premise Confidential Computing

13. Confidential Computing © 2021 IBM Corporation 13