Enabling High Assurance/Sensitive Container Workloads with Encrypted Images


Many enterprises are driven by trade secrets in their code – whether it is a proprietary AI model, or a secret high-frequency trading strategy. It is of utmost importance that critical algorithms, proprietary code, or other content that is highly sensitive have minimum exposure unencrypted. In addition, an administrator should be able to provide some assurance that the sensitive code can only be executed on certain machines that have proved their authenticity. During this talk, we will present the details of Encrypted Container Images and demonstrate Docker images which can protect sensitive data and code or algorithms embedded in your pipeline from build to runtime. We go further to show how the technology can provide additional enterprise security capabilities such as enforcing policies on sensitive content protection and geofencing execution.

Speaker: Brandon Lum, IBM