As enterprises enjoy the benefits of expansion in hybrid environments, they also face new hurdles in security and scale. New additions to the IBM Cloud Hyper Protect Services were built with these multicloud challenges in mind, according to Michael Jordan (pictured, right), distinguished engineer at IBM, and Rohit Badlaney (pictured, left), director of IBM Z as a service and blockchain at IBM.

Jordan and Badlaney spoke with Dave Vellante (@dvellante) and Stu Miniman (@stu), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the IBM Think event in San Francisco. They discussed the new announcements around IBM’s cloud services and how the company is leveraging legacy technology for a more robust hybrid offering. (* Disclosure below.)

[Editor’s note: The following answers have been condensed for clarity.]

Miniman: Explain what the news is.

Badlaney: Hyper Protect is a family of services built in our IBM Cloud on our cloud-ready systems, which are the ZR1 systems in a multi-zone form factor that provides the high-availability disaster recovery. Services we’re announcing at this conference [are] around crypto and key management, [which] provides the highest levels of security for our cloud; data as a service, which does well in the platform as a data serving platform; [and] virtual servers tied into our Kubernetes service. We’re bringing the breadth of our Z to our cloud.

Vellante: Before distributed systems, you knew you had full visibility. Have you been able to carry that level of transparency into the cloud?

Jordan: One of the key areas that is a big focus for security in the cloud is encryption, [it] is going to be an essential part of being able to move data to the cloud. Being able to bring your own key is absolutely essential. Some of the capabilities that we’ve had on the Z platform for a long time actually lend themselves well to a cloud environment. Our cryptographic hardware can be virtualized. Each server I can have 16 cryptographic cards with 85 virtual domains per card. Multiply that out; it serves a cloud scale very well. In addition, the cryptographic hardware is designed to meet the highest level of security certification standards.

Vellante: What’s the business case for Hyper Protect and Z as a service?

Badlaney: It’s around data protection. It’s around scale. It’s not a well-known fact, but actually our blockchain platform and all the success IBM’s had on blockchain has been running in our cloud on our Z systems over the last two years with 500-plus lines. Those are the kind of workloads that benefit.

Miniman: Compare and contrast how security fits in Z versus public clouds.

Jordan: With Z we control a large portion of the stack, so we’re able to integrate security into multiple layers of the stack. Secure service containers are encrypted. You deploy an application, and these containers get encrypted in flight and at rest. And there’s no configuration, no set up for that; it happens automatically. We digitally sign and validate all of the firmware the operating system, the application, the entire package that gets loaded into one of these environments.

Now we’re into that environment, and we [have] restricted administrative access to prevent administrators from having uncontrolled access to the file system. Since we own that stack, we can really integrate those security capabilities vertically through that stack to give the true value and the capabilities that you need in the cloud to protect both the application and the data.

Vellant: Talk a little bit about the roadmap.

Badlaney: The legacy of Z has always being scaled performance, hyper security for the most regulated industries, for the most compliant industries and our biggest enterprises. That’s going to continue in the next generation. We talked about hyper protecting the public cloud, but we’re also expanding Kubernetes orchestration on-premise with our IBM Cloud Private product being supported fully on LinuxONE and expanding it to Linux workloads and Z series workloads. Cloudification of the platform is the next big step for us.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the IBM Think event. (* Disclosure:  IBM sponsored this segment of theCUBE. Neither IBM nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE