December 17, 2020 By Alex Greer
Luis Casco-Arias
2 min read

Having the right blend of encryption, key storage, and authentication services is critical for protecting your cloud-hosted data.

Fortunately, with the breadth of data security services IBM Cloud offers, you have the tools at your disposal you’ll need to cover your bases. Now the question becomes — which service blend is right for my solution?

To make answering this question easier, we’ve put together this blog to give you a consolidated view of the portfolio to reference when making this critical decision. The following sections outline the services and software that IBM Cloud offers for data protection, a mapping to key use cases, and an overview of the services and their key attributes.

Key use cases 

Figure 1: Secrets management use cases.

Service overviews

As you plan your data protection strategy, some differences between services to consider include the level of data isolation that your workload requires. For a higher level of security and control, your business might benefit from the data isolation that a single-tenant offering provides, such as Secrets Manager or Hyper Protect Crypto Services. You might also decide that the lower costs and scalability benefits of a multi-tenant service, such as Key Protect and Certificate Manager, are better suited to your needs. 

Need help getting started? Check out the following service overviews to help you learn more about each service.

IBM Cloud Secrets Manager 

Overview: Service where users can manage various types of IBM Cloud secrets in a dedicated, managed vault. 

Key attributes:

  • Handles multiple secret types: 
    • IBM Cloud API keys
    • User credentials 
    • Arbitrary text 
  • Single-tenant data plane 
  • Ability to store, generate, rotate, retrieve, revoke, and lease secrets 
  • Auditing and logging of secret access for compliance 

Get started with Secrets Manager and view the docs.

IBM Key Protect 

Overview: A key management service built on top of a shared (multi-tenant) cloud hardware security module (HSM).

Key attributes:

  • FIPS 140-2 Level 3-certified hardware
  • Encryption key management with bring-your-own-key (BYOK) capability
  • Auditing and logging of key access for compliance 

Get started with Key Protect and view the docs.

IBM Cloud Hyper Protect Crypto Services 

Overview: A fully managed, dedicated key management and cloud hardware security module (HSM) service (i.e., single-tenant key management service with key-vaulting provided by dedicated, customer-controlled, FIPS 140-2 Level 4 certified HSMs).

Key attributes:

  • FIPS 140-2 Level 4-certified hardware
  • Encryption key management with keep-your-own-key (KYOK) capability 
  • Sign certificates with a private key that never leaves your HSM’s boundary
  • Provide highly secure encryption services for application, databases, and TLS offloading 
  • Auditing and logging of key access for compliance 

Get started with Hyper Protect Crypto Services and view the docs.

IBM Cloud Certificate Manager

Overview: Service where users can manage the lifecycle of SSL/TLS certificates. Automates provisioning with Let’s Encrypt. 

Key attributes:

  • SSL/TLS certificates 
  • Multi-tenant data plane
  • Ability to store, order, and renew certificates 
    • Only Let’s Encrypt provisioning 
    • Can store any type of certificate 

Get started with Certificate Manager and view the docs.

Was this article helpful?
YesNo

More from Cloud

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters