August 26, 2019 By Traci Parker 3 min read

Dedicated security components in an IT infrastructure ensure the protection of data, infrastructure, and processes.

In many cases, providing security in a level beyond software requirements enables secure and reliable use cases. Being in control and being able to express possession of sensitive data often is a prerequisite when an enterprise considers moving data to the cloud. 

Keep Your Own Key (KYOK)

IBM Cloud Hyper Protect Crypto Services introduces the new and powerful concept of Keep Your Own Key (KYOK), which acts as an extension to Bring your Own Key (BYOK). With KYOK, you stay in control of your essential secure key infrastructure at any time, while benefiting from a seamless integration into IBM Cloud services. With IBM Cloud Hyper Protect Services, you fully leverage the proven technology that is co-developed and operated by large enterprises for managing their most sensitive data. 

The cryptographic capabilities of Hyper Protect Crypto Services are built on top of the FIPS 140-2 Level 4 Certified Hardware Security Module. As IBM is starting to provide a new set of capabilities to support your workloads moving to the cloud, you can benefit from the cryptographic capabilities of HPCS for both your new and existing workloads. With the introduction of Enterprise PKCS#11 over gRPC, you have access to a full range of cryptographic operations, such as signing, signature validation, message authentication codes, random number generation. 

The unique concept of the IBM Cloud Hyper Protect Crypto Services puts the Hardware Security Module (HSM) in the center of your single-tenant cryptographic infrastructure. It is possible for you to access Key Management and HSM-based cryptographic functions through a single service instance with a unified user interface. Built as a cloud-native service, Hyper Protect Crypto Services becomes your prime choice for reliable and scalable cryptographic operations. 

What’s new

Private service endpoint available

You can now connect to Hyper Protect Crypto Services over the IBM Cloud private network by targeting a private endpoint for the service. The private endpoint is currently only available for the key management service.

To get started, enable virtual routing and forwarding (VRF) and service endpoints for your infrastructure account. For more information, see “Using private endpoints.”

EP11 cryptographic operations over gRPC

The managed cloud Hardware Security Module (HSM) supports Enterprise Public-Key Cryptography Standards (PKCS) #11, so your applications can integrate cryptographic operations like digital signing and validation via Enterprise PKCS#11 (EP11) API. The EP11 library provides an interface very similar to the industry-standard PKCS #11 API.

Hyper Protect Crypto Services provides a set of Enterprise PKCS #11 (EP11) APIs over gRPC calls (also referred to as GREP11), with which all the Crypto functions are executed in HSM on cloud. GREP11 is designed to be a stateless interface for cloud programs. 

For more information on the GREP11 API, see “EP11 introduction” and “GREP11 API reference.”

New regions available: Sydney and Frankfurt

You can now create Hyper Protect Crypto Services resources in the Sydney and Frankfurt regions. For more information, see “Regions and locations.”

IBM Cloud service integration

Hyper Protect Crypto Services can now be integrated with a broader range of IBM Cloud services, such as IBM VSI Block Storage and KMIP for VMware. For more information, see “Integrating services.”

A step-by-step tutorial is also available on how to integrate Hyper Protect Crypto Services with KMIP for VMware in IBM Developer. See the accompanying demo video: “Hyper Protect Crypto Services and IBM Cloud for VMware Solutions

More video resources about Hyper Protect Crypto Services are available at IBM demo.

Free trial period available

Order the Hyper Protect Crypto Services now, and you can benefit from two free-of-charge service instances for the first 45 days.

Learn more about IBM Cloud Hyper Protect Crypto Services.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters