Dedicated security components in an IT infrastructure ensure the protection of data, infrastructure, and processes.

In many cases, providing security in a level beyond software requirements enables secure and reliable use cases. Being in control and being able to express possession of sensitive data often is a prerequisite when an enterprise considers moving data to the cloud. 

Keep Your Own Key (KYOK)

IBM Cloud Hyper Protect Crypto Services introduces the new and powerful concept of Keep Your Own Key (KYOK), which acts as an extension to Bring your Own Key (BYOK). With KYOK, you stay in control of your essential secure key infrastructure at any time, while benefiting from a seamless integration into IBM Cloud services. With IBM Cloud Hyper Protect Services, you fully leverage the proven technology that is co-developed and operated by large enterprises for managing their most sensitive data. 

The cryptographic capabilities of Hyper Protect Crypto Services are built on top of the FIPS 140-2 Level 4 Certified Hardware Security Module. As IBM is starting to provide a new set of capabilities to support your workloads moving to the cloud, you can benefit from the cryptographic capabilities of HPCS for both your new and existing workloads. With the introduction of Enterprise PKCS#11 over gRPC, you have access to a full range of cryptographic operations, such as signing, signature validation, message authentication codes, random number generation. 

The unique concept of the IBM Cloud Hyper Protect Crypto Services puts the Hardware Security Module (HSM) in the center of your single-tenant cryptographic infrastructure. It is possible for you to access Key Management and HSM-based cryptographic functions through a single service instance with a unified user interface. Built as a cloud-native service, Hyper Protect Crypto Services becomes your prime choice for reliable and scalable cryptographic operations. 

What’s new

Private service endpoint available

You can now connect to Hyper Protect Crypto Services over the IBM Cloud private network by targeting a private endpoint for the service. The private endpoint is currently only available for the key management service.

To get started, enable virtual routing and forwarding (VRF) and service endpoints for your infrastructure account. For more information, see “Using private endpoints.”

EP11 cryptographic operations over gRPC

The managed cloud Hardware Security Module (HSM) supports Enterprise Public-Key Cryptography Standards (PKCS) #11, so your applications can integrate cryptographic operations like digital signing and validation via Enterprise PKCS#11 (EP11) API. The EP11 library provides an interface very similar to the industry-standard PKCS #11 API.

Hyper Protect Crypto Services provides a set of Enterprise PKCS #11 (EP11) APIs over gRPC calls (also referred to as GREP11), with which all the Crypto functions are executed in HSM on cloud. GREP11 is designed to be a stateless interface for cloud programs. 

For more information on the GREP11 API, see “EP11 introduction” and “GREP11 API reference.”

New regions available: Sydney and Frankfurt

You can now create Hyper Protect Crypto Services resources in the Sydney and Frankfurt regions. For more information, see “Regions and locations.”

IBM Cloud service integration

Hyper Protect Crypto Services can now be integrated with a broader range of IBM Cloud services, such as IBM VSI Block Storage and KMIP for VMware. For more information, see “Integrating services.”

A step-by-step tutorial is also available on how to integrate Hyper Protect Crypto Services with KMIP for VMware in IBM Developer. See the accompanying demo video: “Hyper Protect Crypto Services and IBM Cloud for VMware Solutions

More video resources about Hyper Protect Crypto Services are available at IBM demo.

Free trial period available

Order the Hyper Protect Crypto Services now, and you can benefit from two free-of-charge service instances for the first 45 days.

Learn more about IBM Cloud Hyper Protect Crypto Services.


More from Announcements

IBM TechXchange underscores the importance of AI skilling and partner innovation

3 min read - Generative AI and large language models are poised to impact how we all access and use information. But as organizations race to adopt these new technologies for business, it requires a global ecosystem of partners with industry expertise to identify the right enterprise use-cases for AI and the technical skills to implement the technology. During TechXchange, IBM's premier technical learning event in Las Vegas last week, IBM Partner Plus members including our Strategic Partners, resellers, software vendors, distributors and service…

Introducing Inspiring Voices, a podcast exploring the impactful journeys of great leaders

< 1 min read - Learning about other people's careers, life challenges, and successes is a true source of inspiration that can impact our own ambitions as well as life and business choices in great ways. Brought to you by the Executive Search and Integration team at IBM, the Inspiring Voices podcast will showcase great leaders, taking you inside their personal stories about life, career choices and how to make an impact. In this first episode, host David Jones, Executive Search Lead at IBM, brings…

IBM watsonx Assistant and NICE CXone combine capabilities for a new chapter in CCaaS

5 min read - In an age of instant everything, ensuring a positive customer experience has become a top priority for enterprises. When one third of customers (32%) say they will walk away from a brand they love after just one bad experience (source: PWC), organizations are now applying massive investments to this experience, particularly with their live agents and contact centers.  For many enterprises, that investment includes modernizing their call centers by moving to cloud-based Contact Center as a Service (CCaaS) platforms. CCaaS solutions…

See what’s new in SingleStoreDB with IBM 8.0

3 min read - Despite decades of progress in database systems, builders have compromised on at least one of the following: speed, reliability, or ease. They have two options: one, they could get a document database that is fast and easy, but can’t be relied on for mission-critical transactional applications. Or two, they could rely on a cloud data warehouse that is easy to set up, but only allows lagging analytics. Even then, each solution lacks something, forcing builders to deploy other databases for…