Fortanix and IBM Cloud extend cloud security collaboration with new Data Shield powered by Runtime Encryption®

Key Takeaways from Initial Customer Engagements

As anticipated, the security and integrity properties of Intel® SGX have resonated well with our early access customers. The consistent feedback has been that enclave computing is powerful but not always easy. We have also learned that Fortanix® Runtime Encryption® makes it easier.

  • Zero trust (assume compromised infrastructure)
  • Transparent protection (no application modification)
  • Seamless DevOps automation
  • Secure complete application lifecycle
  • Secure complex distributed applications

Enhanced Offering and Partnership with IBM Cloud

We are strengthening our partnership with IBM today with the launch of IBM Cloud Data Shieldexperimental. IBM Cloud Data Shield, powered by Fortanix Runtime Encryption, offers applications the protection of data in use. Runtime Encryption® enables a fundamentally new level of security and privacy, allowing organizations with highly sensitive workloads to operate in the cloud. Organizations can securely run data-centric workloads such as Blockchain and Artificial Intelligence, benefiting from the economies of scale of cloud computing.

  1. EnclaveOS™: Hardware abstraction layer that enables unmodified applications to be run securely with Runtime Encryption
  2. Enclave Manager™: An orchestration service that allows applications running in enclaves to establish secure communication channels with each other
  3. Toolkit/APIs: Enable 1-step protection of containers with CI/CD automation
  1. Bring your own App: Bring your Linux Docker containers, and through a 1-step conversion process that does not require any code modification, our solution delivers a protected container. The entire process can be automated with CI/CD integration. Once protected, you can deploy your applications using standard frameworks such as Kubernetes.
  2. Use protected building blocks: Common services used to create scalable distributed applications are available protected with Runtime Encryption. These include MySQL Database (view demo), NGINX web server, keys and secrets management, and directory servers.

Application Design Patterns that benefit from Runtime Encryption

Over the past several months, we have analyzed multiple application patterns. Some of the common application patterns and use cases that can benefit from Runtime Encryption® in the cloud include:

  • Running high value applications on untrusted infrastructure (e.g.: running sensitive workloads in Cloud IaaS, Edge clouds, Private Cloud)
  • Secure processing of sensitive information (example use cases: AI, machine learning, secure data analysis apps, secure database processing)
  • Balancing trust and transparency with the need for confidentiality and privacy (example use cases: securing Blockchain based apps)
  1. Three tier distributed applications. Each of the three tiers in the commonplace three tier architecture can benefit from the protection of Runtime Encryption. The frontend tier is sensitive because it sees all the data transferred to or from a client. Runtime Encryption® protects this data as it moves through the frontend server. Runtime Encryption® also protects the private keys associated with high-value client-facing TLS certificates, thus protecting a critical property of the application’s identity. The application tier benefits from Runtime Encryption® because it provides protection for both application data in use and for proprietary algorithms operating on the data. Finally, Runtime Encryption® provides the backend tier with protection for data at or near rest. Unlike some traditional encryption solutions for databases like Transparent Data Encryption (TDE), which only protects data that is fully at rest on persistent storage, Runtime Encryption® also protects data that is cached in memory by the database server. Three tier applications also benefit from secure communication between enclaves, discussed next.

Getting Started

To protect your application’s data in use with the Fortanix Runtime Encryption® platform in the cloud, get started with IBM Cloud Data Shield. To discuss your requirements with our experts, contact us or join our Runtime Encryption® slack community.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Fortanix™ has created the world’s first runtime encryption solution. Enterprises get provable, portable, and preventive security for their applications!