Having the right blend of encryption, key storage, and authentication services is critical for protecting your cloud-hosted data.

Fortunately, with the breadth of data security services IBM Cloud offers, you have the tools at your disposal you’ll need to cover your bases. Now the question becomes — which service blend is right for my solution?

To make answering this question easier, we’ve put together this blog to give you a consolidated view of the portfolio to reference when making this critical decision. The following sections outline the services and software that IBM Cloud offers for data protection, a mapping to key use cases, and an overview of the services and their key attributes.

Key use cases 

Figure 1: Secrets management use cases.

Service overviews

As you plan your data protection strategy, some differences between services to consider include the level of data isolation that your workload requires. For a higher level of security and control, your business might benefit from the data isolation that a single-tenant offering provides, such as Secrets Manager or Hyper Protect Crypto Services. You might also decide that the lower costs and scalability benefits of a multi-tenant service, such as Key Protect and Certificate Manager, are better suited to your needs. 

Need help getting started? Check out the following service overviews to help you learn more about each service.

IBM Cloud Secrets Manager 

Overview: Service where users can manage various types of IBM Cloud secrets in a dedicated, managed vault. 

Key attributes:

  • Handles multiple secret types: 
    • IBM Cloud API keys
    • User credentials 
    • Arbitrary text 
  • Single-tenant data plane 
  • Ability to store, generate, rotate, retrieve, revoke, and lease secrets 
  • Auditing and logging of secret access for compliance 

Get started with Secrets Manager and view the docs.

IBM Key Protect 

Overview: A key management service built on top of a shared (multi-tenant) cloud hardware security module (HSM).

Key attributes:

  • FIPS 140-2 Level 3-certified hardware
  • Encryption key management with bring-your-own-key (BYOK) capability
  • Auditing and logging of key access for compliance 

Get started with Key Protect and view the docs.

IBM Cloud Hyper Protect Crypto Services 

Overview: A fully managed, dedicated key management and cloud hardware security module (HSM) service (i.e., single-tenant key management service with key-vaulting provided by dedicated, customer-controlled, FIPS 140-2 Level 4 certified HSMs).

Key attributes:

  • FIPS 140-2 Level 4-certified hardware
  • Encryption key management with keep-your-own-key (KYOK) capability 
  • Sign certificates with a private key that never leaves your HSM’s boundary
  • Provide highly secure encryption services for application, databases, and TLS offloading 
  • Auditing and logging of key access for compliance 

Get started with Hyper Protect Crypto Services and view the docs.

IBM Cloud Certificate Manager

Overview: Service where users can manage the lifecycle of SSL/TLS certificates. Automates provisioning with Let’s Encrypt. 

Key attributes:

  • SSL/TLS certificates 
  • Multi-tenant data plane
  • Ability to store, order, and renew certificates 
    • Only Let’s Encrypt provisioning 
    • Can store any type of certificate 

Get started with Certificate Manager and view the docs.


More from Cloud

Kubernetes version 1.28 now available in IBM Cloud Kubernetes Service

2 min read - We are excited to announce the availability of Kubernetes version 1.28 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 23rd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.27 (soon to be 1.28); you can also choose to immediately deploy version 1.28. Learn more about deploying clusters here. Kubernetes version 1.28 In…

Temenos brings innovative payments capabilities to IBM Cloud to help banks transform

3 min read - The payments ecosystem is at an inflection point for transformation, and we believe now is the time for change. As banks look to modernize their payments journeys, Temenos Payments Hub has become the first dedicated payments solution to deliver innovative payments capabilities on the IBM Cloud for Financial Services®—an industry-specific platform designed to accelerate financial institutions' digital transformations with security at the forefront. This is the latest initiative in our long history together helping clients transform. With the Temenos Payments…

Foundational models at the edge

7 min read - Foundational models (FMs) are marking the beginning of a new era in machine learning (ML) and artificial intelligence (AI), which is leading to faster development of AI that can be adapted to a wide range of downstream tasks and fine-tuned for an array of applications.  With the increasing importance of processing data where work is being performed, serving AI models at the enterprise edge enables near-real-time predictions, while abiding by data sovereignty and privacy requirements. By combining the IBM watsonx data…

The next wave of payments modernization: Minimizing complexity to elevate customer experience

3 min read - The payments ecosystem is at an inflection point for transformation, especially as we see the rise of disruptive digital entrants who are introducing new payment methods, such as cryptocurrency and central bank digital currencies (CDBC). With more choices for customers, capturing share of wallet is becoming more competitive for traditional banks. This is just one of many examples that show how the payments space has evolved. At the same time, we are increasingly seeing regulators more closely monitor the industry’s…