November 5, 2019 By jason-mcalpin 3 min read

Enterprise clients on a digital transformation journey are looking to move workloads to the public cloud.

However, we have seen that customers are still wary of moving sensitive data and associated workloads. Per the 2019 report by the Ponemon Institute, sponsored by IBM Security*, the average cost of a data breach is $3.92M. Customers, especially in regulated industries like the Financial Services Sector and Healthcare, seem to prefer to use their own cloud encryption keys to be assured no one has access to these keys. In many cases, clients are finding this is also necessary to meet their regulatory compliance requirements.

To cater to this growing need, IBM and HyTrust are announcing the industry’s highest certified level of protection** for data encryption keys through the integration of HyTrust DataControl Virtual Workload Protection Solution with IBM Cloud Hyper Protect Crypto Services (HPCS), a single-tenant, dedicated, customer-controlled cloud Hardware Security Module (HSM) service.

IBM Cloud Hyper Protect Crypto Services

IBM Cloud Hyper Protect Crypto Services is built on the industry’s first and only FIPS 140-2 Level 4 certified Hardware Security Module (HSM)*** available in the public cloud. The Level 4 certification provides industry-leading protection against tampering with the HSM. Level 4, in part, requires physical security mechanisms and tamper response when it detects various forms of environmental attack (e.g., voltage or temperature fluctuations).

If any threat is detected, keys stored in the device are automatically erased, thereby protecting critical virtual resources protected by these keys. Additionally, the service runs in IBM LinuxONE secured enclaves in the IBM Cloud, which provides functionality so that no one, including cloud admins, has access to encryption keys at any point. The fully managed HSM can save customers the time and effort of provisioning and maintaining the hardware and allows customers to easily add additional instances when they need to scale, whether on-premises, in the cloud, or in a hybrid cloud model.

HyTrust DataControl

HyTrust DataControl is a universal virtual workload protection solution that empowers VMware virtual admins to quickly and safely encrypt sensitive workloads on-premises and in the hybrid cloud.

The integration between HyTrust DataControl and IBM Cloud Hyper Protect Crypto Services enables a level of encryption key protection never before possible. Encryption key lifecycle management operations (create, delete, store, and expiry) move from the key management server (KMS) to the HSM, such that upon tampering with the HSM, the affected encryption keys are automatically destroyed, including downstream encryption keys. Critical virtual resources remain protected by DataControl and IBM Cloud Hyper Protect Crypto Services. HyTrust-enabled VMware customers can comfortably extend their environment into IBM Cloud while maintaining the security and control they need.

Customer benefits from the HyTrust-Hyper Protect Crypto Services integration

  • Workload lifecycle encryption management—from boot to decommissioning—with complete control of encryption keys.
  • Support for Keep Your Own Key (i.e., maintain exclusive control of the encryption keys and full key hierarchy, including the HSM Master Key).
  • Zero downtime VMware workload encryption and rekeying; encryption travels with VM.
  • Data encryption and controls on privileged access, which mitigates risk of data compromise and supports regulatory compliance.
  • Flexibility for extending encryption operations to the cloud in a hybrid model.

IBM Cloud’s commitment to security

As part of a long-standing relationship between IBM Cloud and HyTrust, this current collaboration only strengthens the security capabilities of the existing IBM Cloud Secure Virtualization (ICSV) solution offered by IBM Cloud, VMware, HyTrust, and Intel. By both building on ICSV infrastructure and utilizing the HyTrust-Hyper Protect Crypto Services element, clients can take advantage of these powerful solutions in an integrated model for the most effective data security controls in the Cloud.

Our commitment to security was on full display at VMworld US in August 2019, when IBM Cloud announced integration of the Caveonix and Fortinet platforms with the IBM Cloud Secure Virtualization solution. This new service package for workload security and compliance readiness, incorporated with the Hyper Protect Crypto Services solution, allows IBM Cloud to drive a more comprehensive security approach aimed to protect workloads from different threat vectors in the stack. As a secure by design platform, IBM Cloud for VMware Solutions has been purpose-built for the most highly regulated and business-critical workloads.  

* The Cost of a Data Breach Report – 2019

** IBM PCIe Crypto Card

*** The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard used to approve cryptographic modules. It is issued by the National Institute of Standards and Technology (NIST). Level 4 is the highest level of security.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters