A new and innovative way to manage encryption keys in a hybrid cloud.

Data security has been a focus area for CISOs and CPOs, and it is especially important as organizations look to move sensitive data and workloads to the cloud. As enterprises adopt hybrid cloud strategies and start using more than a single cloud service provider to best match their workload needs, operational complexity around data encryption and encryption keys become more significant.

Managing keys in silos on-premises and across multiple clouds brings up challenges around demonstrating compliance, ensuring the right security posture with key usage and maintaining data governance and sovereignty. A Gartner report suggests that security and risk management leaders must develop an enterprise-wide encryption key management strategy or lose the data.

What is the Unified Key Orchestrator?

As a part of IBM Cloud Hyper Protect Crypto Services, we are excited to announce the Unified Key Orchestrator — a new, innovative multicloud key management solution offered as a managed service. 

Built on the ‘Keep Your Own Key’ technology, Unified Key Orchestrator helps enterprises manage their data encryption keys across multiple key stores across multiple clouds environments, including keys managed on-premises, on IBM Cloud, AWS and Microsoft Azure:

IBM Cloud offers confidential computing with IBM Cloud Hyper Protect Services, including the ‘Keep Your Own Key’ capability. This allows customers to have exclusive control of their encryption keys — even IBM Cloud administrators have no access. As a single-tenant Key Management Service and a Cloud Hardware Security Module (HSM) service, key vaulting is provided by dedicated, customer-controlled cloud HSMs that are built on FIPS 140-2 Level 4-certified hardware. FIPS 140-2 Security Level 4 provides the highest commercially available level of security defined in this standard.

Designed to address customer needs

Our customers told us that their challenges with managing keys across their hybrid cloud setup was multi-fold. On-premises, it required deep security expertise and was not cost-effective. Additionally, moving workloads to different clouds meant that security teams had to learn multiple cloud key lifecycle management (KMS) systems. The Unified Key Orchestrator solution has been developed to address these pain points and provides the following:

  • A single control plane for all your keys: The Unified Key Orchestrator has a UX research-led UI design that helps enterprises meet their compliance control obligations. The user experience is engineered to be seamless for key administrators, hides the complexities and differences across different keystone implementations and helps reduce risk of incorrect key usage.
  • Key lifecycle management features based on NIST recommendations:
    • Keys will never be in the clear anywhere. They are protected by your own master key on the service’s HSM (hardware security module).
    • Provides secured transfer of keys to internal keystores in the service instance or external keystores including Microsoft Azure Key Vault (Office365®) and AWS KMS.
    • Distributes and installs keys with a single click. Manages keys and keystores through RESTful API.
    • Centrally backs up and manages all keys of your enterprise and redistributes keys to quickly recover from errors due to lost keys.
  • Help reduce total cost of ownership and operational costs: The Unified Key Orchestrator provides a single intuitive tool with a tiered pricing model designed to reduce the complexity and cost of managing multiple key management systems. Additionally, customers can use the API to plug the Unified Key Orchestrator into their DevOps process to integrate key management when they deploy workloads to the cloud.

Get started with the Unified Key Orchestrator

See for yourself how easy it is to manage your own keys across IBM Cloud, AWS and Microsoft Azure. Log in to IBM Cloud to get started now, and for more information, please see the getting started guide on IBM Cloud Docs.

Learn more about IBM Cloud Hyper Protect Crypto Services.


More from Cloud

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…

IBM NS1 Connect: How IBM is delivering network connectivity with premium DNS offerings

4 min read - For most enterprises, how their users access applications and data is an essential part of doing business, and how they service those application and data responses has a direct correlation to revenue generation.    According to We Are Social’s Digital 2023 Global Overview Report, there are 5.19 billion people around the world using the internet in 2023. There’s an imperative need for businesses to trust their networks to deliver meaningful content to address customer needs.  So how responsive is the…

Kubernetes version 1.28 now available in IBM Cloud Kubernetes Service

2 min read - We are excited to announce the availability of Kubernetes version 1.28 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 23rd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.27 (soon to be 1.28); you can also choose to immediately deploy version 1.28. Learn more about deploying clusters here. Kubernetes version 1.28 In…