March 22, 2022 By Andy Bradfield 3 min read

A new and innovative way to manage encryption keys in a hybrid cloud.

Data security has been a focus area for CISOs and CPOs, and it is especially important as organizations look to move sensitive data and workloads to the cloud. As enterprises adopt hybrid cloud strategies and start using more than a single cloud service provider to best match their workload needs, operational complexity around data encryption and encryption keys become more significant.

Managing keys in silos on-premises and across multiple clouds brings up challenges around demonstrating compliance, ensuring the right security posture with key usage and maintaining data governance and sovereignty. A Gartner report suggests that security and risk management leaders must develop an enterprise-wide encryption key management strategy or lose the data.

What is the Unified Key Orchestrator?

As a part of IBM Cloud Hyper Protect Crypto Services, we are excited to announce the Unified Key Orchestrator — a new, innovative multicloud key management solution offered as a managed service. 

Built on the ‘Keep Your Own Key’ technology, Unified Key Orchestrator helps enterprises manage their data encryption keys across multiple key stores across multiple clouds environments, including keys managed on-premises, on IBM Cloud, AWS and Microsoft Azure:

IBM Cloud offers confidential computing with IBM Cloud Hyper Protect Services, including the ‘Keep Your Own Key’ capability. This allows customers to have exclusive control of their encryption keys — even IBM Cloud administrators have no access. As a single-tenant Key Management Service and a Cloud Hardware Security Module (HSM) service, key vaulting is provided by dedicated, customer-controlled cloud HSMs that are built on FIPS 140-2 Level 4-certified hardware. FIPS 140-2 Security Level 4 provides the highest commercially available level of security defined in this standard.

Designed to address customer needs

Our customers told us that their challenges with managing keys across their hybrid cloud setup was multi-fold. On-premises, it required deep security expertise and was not cost-effective. Additionally, moving workloads to different clouds meant that security teams had to learn multiple cloud key lifecycle management (KMS) systems. The Unified Key Orchestrator solution has been developed to address these pain points and provides the following:

  • A single control plane for all your keys: The Unified Key Orchestrator has a UX research-led UI design that helps enterprises meet their compliance control obligations. The user experience is engineered to be seamless for key administrators, hides the complexities and differences across different keystone implementations and helps reduce risk of incorrect key usage.
  • Key lifecycle management features based on NIST recommendations:
    • Keys will never be in the clear anywhere. They are protected by your own master key on the service’s HSM (hardware security module).
    • Provides secured transfer of keys to internal keystores in the service instance or external keystores including Microsoft Azure Key Vault (Office365®) and AWS KMS.
    • Distributes and installs keys with a single click. Manages keys and keystores through RESTful API.
    • Centrally backs up and manages all keys of your enterprise and redistributes keys to quickly recover from errors due to lost keys.
  • Help reduce total cost of ownership and operational costs: The Unified Key Orchestrator provides a single intuitive tool with a tiered pricing model designed to reduce the complexity and cost of managing multiple key management systems. Additionally, customers can use the API to plug the Unified Key Orchestrator into their DevOps process to integrate key management when they deploy workloads to the cloud.

Get started with the Unified Key Orchestrator

See for yourself how easy it is to manage your own keys across IBM Cloud, AWS and Microsoft Azure. Log in to IBM Cloud to get started now, and for more information, please see the getting started guide on IBM Cloud Docs.

Learn more about IBM Cloud Hyper Protect Crypto Services.

More from Cloud

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters