IBM hopes to address CIOs’ persistent unease with the state of cloud security by adding a new layer of control for its infrastructure-as-a-service platform that enables organizations to enforce access policies down to the chip level.

Dedicated servers from SoftLayer, the managed hosting company Big Blue absorbed in June, 2014 for approximately $2 billion, will now come with the option of enabling the Trusted Execution Technology (TXT) that Intel Corp. includes in select processors. Originally designed for workstations, the software checks code for malicious elements prior to execution and halts loading in the event an anomaly is spotted, thereby intercepting malware and other threats before they have the chance to launch.

IBM has repurposed the technology to deny a workload from running on a server that doesn’t meet all the security and compliance bulletins on a customer’s checklist. That functionality is designed not so much to plug a hole in SoftLayer’s existing cyberdefenses but to provide an extra level of legal assurance for sensitive workloads with strict regulatory requirements.

Intel’s technology enables SoftLayer to verify that every box is ticked from the hypervisor through the operating system all the way down to the underlying silicon. The software also makes it possible to ensure that protected data is only decrypted on servers located within the specific jurisdiction where it must be kept, functionality that can go a long way toward reducing the manual work involved in enforcing governance policies across geographically distributed environments.

The fact that IBM is currently the only cloud provider to implement TXT gives it an edge in selling to risk-averse customers in regulated industries and government, as well as everyday enterprises seeking more guarantees for workloads kept outside the corporate firewall.  From a competitive standpoint, the company is essentially exploiting its rivals’ size against them, countering the software-defined approach of decoupling resources from the underlying infrastructure which enables the top cloud providers to deliver economies of scale by  embedding functionality directly into the hardware.

The competition is not standing still, though. Google also received a major security boost on Monday after a startup called CloudLock Inc. introduced a product that monitors files stored on its platform for unauthorized usage.

Like IBM’s implementation of TXT, the CloudLock subscription service is designed to simplify compliance, but it takes a higher-level approach based on analytics. CloudLock for Google Drive automatically detects sensitive data such as  intellectual property, enables organizations to define policies for how it’s accessed and blocks requests that break historical usage patterns. The offering made its debut in conjunction with a complementary encryption engine that scrambles files containing sensitive information without requiring users to manually mask each item. In deployments with thousands or more documents, that adds up to a lot of saved time.

photo credit: perspec_photo88 via photopin cc