Confidential computing using Secure Execution
Stefan Schmitt
Love to discuss topics around Technology | LinuxONE | Mainframe | Security | Leadership
Procrastination is a bad habit and it got me again. As I did not put myself some dates into the calendar I thought, yes I have time to write the next thing what I learned on LinuxONE. Looking back, ups some time spend and I thought I have time and just need to finish the next thing prior to writing in here.
I try to do better, and I will let you know :-)
Ok something triggered my to get back to the writing desk. I saw a message from Holger Wolf Yesterday talking about Secure Execution been now available in OpenShift as a Tech preview.
I know Secure Execution already from z15 and I'm glad to see the next steps to make it available from the OpenShift platform and it made me curious. I knew Nataraj Nagaratnam just recently talked about Confidential Computing and how he thinks this capability will change the way applications are build.
Application architectures are not alway small and simple. Beside all the benefits of a microservice architecture, it brings as well additional risk and responsibility. Where is the data flowing?, Which code or service has access? All important question to ask.
领英推荐
An IT Architect could, using Confidential Computing technology, design a system where the critical data is only available in clear in one microservice and protect this service (and all if its instances) using a Confidential Computing runtime.
I have to read through what can be done with OpenShift and Secure Execution, but I'm thrilled to see the next steps and details on this path. So definitely more on this in the future.
Back to Secure Execution itself. This technology provides the ability to isolate a guest from the host on the data "in use". In addition to the data in flight and data at rest which we all know and care about already (or should). The image started in Secure Execution is validated through attestation providing trust on what is running inside of it, so it has not been modified or willingly or by accident. The good think here is the size of an image. The way it had been added to the LinuxONE environment you can protect even guest with the need of large memory allocation and still have the full memory protected. This gives an advantage over other current available technologies. And I'm not talking about the benefits someone would get alone by the IO optimised architecture you find on the LinuxONE system.
From my perspective an interesting topic to keep an eye on. And hopefully it will trigger me again if I'm stuck in procrastination again.
Love to discuss topics around Technology | LinuxONE | Mainframe | Security | Leadership
2 年In case you want to know more about it. There will be a WebCast at Wednesday, March 29th, 11:00 AM - 12:00 PM ET ·???????Register here:?https://ibm.webex.com/ibm/onstage/g.php?MTID=ebc5f8251de8e8366f5ff71f577a1089a by Holger Wolf Good way to learn and ask more about this topic
Lead Solutions Architect & Thought Leader
2 年Great article Stefan Schmitt . Will catch you to discuss more
STSM / Chief Product Owner - OpenShift on IBM Z and LinuxONE
2 年Glad I reminded you Stefan Schmitt for this nice article to get one step further in addition to my post.
Executive Architect, Multi-Verse Cloud, Payments, IBM Services..
2 年The real question is; did you miss us ? ??
Executive Architect, Multi-Verse Cloud, Payments, IBM Services..
2 年You are always missed ??