Auditable deployment of trustworthy container images in a tamper-proof environment

Hyper Protect Virtual Servers for Virtual Private Cloud (VPC) is a fully managed confidential compute container runtime that enables the deployment of sensitive containerized workloads in a highly isolated environment with technical assurance.

With cloud migration and virtualization, cloud native applications benefit from scalability, flexibility and resiliency. However, security still remains a top concern. Cyber attacks and data breaches are becoming increasingly more sophisticated, all while regulations and policies are constantly changing, enforcing data protection within the full lifecycle.

IBM Cloud Hyper Protect Virtual Servers for VPC protects instances in all states within the data lifecycle: at-rest, in-transit, and now in use, with confidential computing. Unique to the market, it utilizes IBM Secure Execution for Linux to enhance data protection to achieve data privacy and protection over containerized workloads with sensitive data or business intellectual property (IP).

Features

• **Technical assurance: **Workloads are locked down by individual, instance level secure boundaries. Technical assurance that unauthorized users - including IBM Cloud admin - will not be able to access the environment and the data.
• **Bring your own key for data encryption: **By integrating with IBM Hyper Protect Crypto Services’ key management service (KMS), encryption protection and data control are enhanced with the option to bring your own key.
• **Malware protection: **Hyper Protect Secure Build is designed to allow developers to securely build and sign containerized workload images in a trusted environment and deploy into an HPVS secure enclave, preventing malicious code from entering production environments.
• **Flexible deployment: **Choose from a variety of profile sizes and scale as needed to protect containerized applications and pay- as-you-go on an hourly basis.
• **Compliance and audit support: **Enhance data security posture to comply to regulations such as GDPR, DORA and HIPPA; IRAP, SOC2 Type 1 and ISO certifications.
• **Base container images for confidential computing: **Access the SLE BCI registry (SUSE Linux Enterprise Base Container Images) which provides a large set of security-hardened and certified base container images.
• **Deploy multiple Open Container Initiatives (OCI) containers in one enclave: **Deploy multiple microservices within a single secure enclave.
• **Deploy in IBM Cloud Data Centers worldwide: **Leverage the IBM Cloud Data Centers in London, Sao Paulo, Tokyo, Toronto and Washington, D.C.