- IBM has partnered with Blockchain startup iExec to provide a high level of privacy and security to enterprises running code on their cloud.
- iExec has leveraged the most recent cryptography, blockchain, and CPU enclaves to emerge as one of the primary fixtures designing the cloud of the future.
- The security of the iExec platform is guaranteed by the IBM zero-trust architecture.
Banking on IBM Cloud’s unique approach to cloud security, iExec is boosting decentralised computing by allowing even the most sensitive of workloads to run on shared hardware at very minimal risk.
Resolving the Trust Issue
One of iExec’s primary goals is to empower individuals and organisations to monetise and share their computer resources and provide customers with a cost-effective and convenient cloud infrastructure where they can run task-based workloads.
However, to achieve this, they need to get past one major hurdle: resolving the trust issue. Since users sometimes send sensitive data, they want a guarantee the provider can’t tamper with, inspect, or steal the data.
In a typical cloud environment, guarantees are provided through rigorous contractual agreements between the parties involved and the high security of the provider’s data center. In essence however, everything boils down to trust.
Fortunately, thanks to IBM’s zero-trust architecture, iExec can now provide enterprises who are running codes on their cloud an exceptional level of privacy and security.
According to iExec’s Director of Security Research & Development, Lei Zhang, IBM ’s approach to cloud rests on the idea of zero-trust architecture, whereby the user gets complete assurance that no one else can access their data. Zhang added:
“This philosophy was a perfect fit with our own, and so we certified IBM Cloud as one of the first cloud resource providers globally in the iExec marketplace.”
Creating a Secure Decentralised Cloud
The iExec platform makes use of the Ethereum blockchain in the creation of a market for decentralised cloud computing. Data, application, and resource providers all have the option to contribute to the marketplace.
Customers on the other hand can choose the application they want to run, the data they want processed, and the amount of compute resources they need prior to initiating the job.
From there, the workload is distributed and processed by diverse providers, with iExec’s proof-of-contribution algorithms verifying the result. Once everything checks out, the transaction is then confirmed and written to the blockchain.
As mentioned, the platform’s security is warranted by IBM’s zero-trust architecture. At present, IBM is the sole cloud provider offering access to bare metal servers with Intel Software Guard Extension (SGX) at their data centers.
SGX is a technology that works by creating an “enclave” within a system. The enclave will enable applications to run while completely isolated from the host machine.
Essentially, SGX is designed to guarantee even root-level administrators can’t tamper and access the data and code running in the enclave. This means it would be safe to execute codes on SGX-enabled servers, regardless if they trust the owner of the server or not.