Cyber-attacks on enterprises are increasing and data regulators can impose major fines on enterprises who don’t properly protect customer data. Data breaches are a serious threat and keeping confidential information secure is a fundamental priority for leading enterprises around the world. The exploitation of sensitive data by internal and external threats can result in large financial penalties, revenue loss, reputational damage, and loss of customer trust. A thoughtful approach to granular access control and workload isolation can help give enterprises the confidence they need to help make their data less vulnerable to exploitation by malicious insiders or external parties. IBM Secure Execution for Linux is designed to provide scalable isolation for individual workloads to help protect from insider attacks. IBM Secure Execution can help protect and isolate workloads on-premises, or IBM LinuxONE and IBM Z hybrid cloud environments.
IBM Secure Execution for Linux
As more companies move their on-premises workloads to the public cloud, the need for a highly secure and trustworthy multi-tenant hosting solution becomes necessary to help support the confidentiality and integrity of each application and its data. Secure Execution gives you the ability to leverage hardware-based security technology (TEE) to provide a mechanism by which a hosted workload can run without its memory or execution state is visible to the host or any other workload hosted in the same environment. Enterprises can now protect data and code in-use in their hosted workloads by exploiting protection mechanisms offered by Secure Execution and provide effective access controls so that only authorized users can access sensitive workloads. Secure Execution is designed to eliminate the window of opportunity for hosts and guests infected with malicious code to exploit security lapses and gain full privileges to your hosted core business systems. Workload owners can use Secure Execution to help protect sensitive data from corruption and help support data confidentiality and integrity.
Designed for enterprise-scale
Using Secure Execution, you can commit available system memory for hosting protected applications while delivering cryptographic isolation between environments. With Secure Execution, you can deploy secured and isolated services within a single IBM Z or LinuxONE server without needing to run on physically separated logical partitions (LPAR).1Secure Execution can help protect and isolate enterprise-ready multi-tenant workloads on-premises or in cloud and hybrid environments.
Limits access for host administrators
In traditional x86 ring architectures, the host can access the memory and data of guest applications freely, leading to the potential for malicious software to be proliferated throughout the entire system. Isolation between host and guest environments is necessary to help prevent system compromise. Secure Execution provides isolation between a KVM hypervisor host and guests in virtual environments to provide protection and safeguards against insider threats such as malicious administrators.1This level of vertical isolation is designed to remove the ability for these administrators to have total visibility into the sensitive workloads being hosted on VMs and individual containers. Secure Execution provides high levels of access control to protect intellectual property and proprietary secrets while allowing administrators to manage and deploy workloads as black boxes and continue normal job functions.
Enhance security by isolating your workloads
Secure Execution also helps enterprises provide isolation between individual multi-tenant workloads running on a shared LPAR. Protecting highly sensitive data from other hosted workloads can help provide enterprises the confidence that their assets will not be exposed to other malicious applications that gain access to the same virtual environment. Secure Execution is designed to help enterprises who want to be able to support confidentiality and data integrity for selected workloads and simplify their efforts to meet regulatory challenges
Summary – Why IBM Secure Execution for Linux?
Created to help maintain the confidentiality and integrity of hosted client data. Secure Execution is designed to deliver:
Scalable isolation for multi-tenant hosting – Achieve scalable isolation for multi-tenant hosting on a single system with protection from untrusted third parties and isolation between workloads. Protect against administrative access to your hosted workloads, as well.
Support for enterprise DevSecOps solutions – Achieve best practices in security engineering and development. Secure execution is designed to protect the pipeline of code development from start to finish. Protect intellectual property and proprietary secrets by protecting active memory and securing application images for distribution and deployment.
A simplified approach to industry and regulatory challenges – Designed to simplify efforts to meet regulatory challenges by verifying secure build for regulated data. Empower personnel responsible for security configuration with a more straightforward knowledge of security parameters. Limit access to administrators who do not need access to hosted data to perform job functions.