Infrastructure as a Service

Infrastructure as a Service

Join us to learn more from a community of collaborative experts and IBM Cloud product users to share advice and best practices with peers and stay up to date regarding product enhancements, regional user group meetings, webinars, how-to blogs, and other helpful materials.

 View Only

Confidential Compute - Securing your data using the power of IBM Cloud's Intel TDX

By Jacob OLeary posted Thu May 08, 2025 03:48 PM

  

Confidential Computing:
Securing your data using the power of IBM Cloud's Intel TDX

In today's digital landscape, the need for robust security and data protection is only increasing. As businesses increasingly migrate to cloud environments, ensuring the confidentiality and integrity of sensitive data becomes paramount.
IBM Cloud's Intel Trust Domain Extensions (TDX) offering is designed to address these challenges by providing a secure and isolated environment.

What industries and workloads can benefit the most from Intel TDX?

Regulated Industries

  • Financial Services: Banks and insurance companies require stringent security measures to protect sensitive financial data and comply with regulatory standards.
  • Healthcare: Medical institutions need to safeguard patient information and ensure compliance with health data regulations.
  • Public Sector: Government agencies must protect classified information and maintain data sovereignty.
  • Digital Asset Management: Organizations managing digital assets need robust security to protect intellectual property and comply with digital rights management regulations.


 Enterprises Handling Sensitive Data

  • Technology Firms: Companies developing proprietary software and algorithms need to protect intellectual property and sensitive code.
  • Retail and E-commerce: Businesses handling customer data and payment information require robust security to prevent data breaches. 


High-Performance Computing (HPC):

  • Research Institutions: Universities and research centers conducting complex simulations and data analysis need secure environments to protect their findings.
  • AI and Machine Learning: Companies leveraging AI and machine learning models require secure environments to protect training data and model integrity.


What benefits does Intel TDX Bring to VPC technology?

Enhanced Security

  • Hardware-Assisted Isolation: Intel TDX provides hardware-assisted isolation for VMs, creating Trust Domains (TDs) that are protected from the host's Virtual Machine Monitor (VMM) and other software. This ensures that sensitive data and applications are shielded from unauthorized access.
  • Memory Encryption: TDX encrypts the memory of TDs using a per-TD AES-XTS 128-bit key, ensuring confidentiality and integrity. This prevents data leakage and tampering. Integrity is maintained through SHA-3 based cryptographic hash algorithms.
  • Secure Boot: Secure boot is a security standard that makes sure that client server starts with trusted software by verifying the digital signatures for all code in the boot process.

Improved Data Protection

  • Secure Arbitration Mode (SEAM): TDX introduces SEAM, a new CPU operation mode that hosts the TDX module and manages TD’s. This enhances the security of VPC environments by minimizing the attack surface exposed to host platforms.
  • Remote Attestation: TDX supports remote attestation, allowing users to verify that a remote system has TDX protections enabled before sending sensitive data. This ensures that data is only processed in trusted environments.

Why is Intel TDX Needed?

Cyber threats are becoming more sophisticated by the day and our traditional security measures aren’t holistic enough to protect you from all avenues bad actors have available to them. Intel TDX does provides extra layer's of additional security at the Hardware & Software layers ensuring that data remains protected even in the face of advanced attacks. 

To achieve the objectives of Confidential Computing, it is crucial for platform owners to isolate tenant virtual machines (VMs) from the virtual machine manager (VMM) and other system software.

1. System Software Threats: These include administrative insiders such as data center administrators, developers, or technicians, as well as the VMM, system management mode (SMM), and BIOS. These entities can potentially launch software-only attacks to extract sensitive workload data or manipulate workload memory in an operational environment.

2. Hardware Threats: Cloud service provider (CSP) insiders, like technicians, may attempt hardware-based attacks to access cloud tenant secrets or alter tenant data.

Adapted from Intel® Trust Domain Extensions White-paper, February 2022

We have an unavoidable obligation to remain vigilant even at the edge of innovation because tomorrow's best practices will inevitably become today's vulnerability. Intel TDX helps stem the tide against threats by providing hardware-assisted isolation and encryption, thereby enhancing data sovereignty. Taking the next step and utilizing Intel TDX's unique security capabilities will help us keep a fortified wall between ourselves and those that would breach our businesses to cause irreparable harm.

Get started today:

1.   Sign Up: Create a new IBM Cloud account or log in to your existing account.
2.   Get Started: Begin leveraging scalability and security features natively built into VPC.

Additional References & Resources:

IBM - Confidential Computing Solutions
IBM Cloud Docs - Confidential Computing 
IBM Newsroom - Intel TDX & Gaudi 3
Intel – Trust Domain Extension

0 comments
27 views

Permalink

https://community.ibm.com/community/user/blogs/jacob-oleary/2025/05/01/securing-your-data-using-the-power-of-ibm-cloud