IBM Key Protect Now Available in U.S. East Region on IBM Public Cloud

Share this post:

IBM Key Protect is now available in the U.S. East region

Having the ability to use encryption key management to protect applications and support data in a public cloud environment is a critical component of all enterprise security governance protocols. We’re excited to announce that we are adding to our U.S. geographical coverage. IBM’s key management service, IBM Key Protect, is now available in the U.S. East region based out of Washington D.C.

What is Key Protect?

IBM Key Protect is an encryption key management service (KMS) that offers a simple and economical key management solution for managing keys that are used to encrypt applications and data-at-rest in the IBM Cloud. Key Protect manages the entire life-cycle of keys from key creation through application use, key archival, and key destruction while also enforcing separation of duties between data management and key management.

Company policies, industry best practices, and government regulations increasingly require data-at-rest encryption with encryption key management to be included as fundamental components of overall data storage, data management, and data governance. By providing the mandatory control of user access requests to encryption keys, IBM Key Protect helps clients secure their sensitive data from unauthorized access or inadvertent employee release while meeting compliance auditing standards.


IBM Key Protect supports bring-your-own-key (BYOK) customer-managed encryption, which allows users to import into the IBM Cloud master root-of-trust encryption keys created within an internal, on-premise key management service to secure data stored in the cloud. Security professionals like BYOK because sensitive data is now protected by their own encryption keys. If there is a threat to the security of the data, all they do is delete the key and access to the data is eliminated. The data is what we call “cryptographically erased.” Other reasons customers may want to remove their keys is personnel turnover, employee mistakes, process malfunction, key expiration policy, CISO compliance requirements, or industry standards mandate. BYOK is like running your own private key infrastructure environment as a cloud application, except you don’t have to manage the infrastructure.

IBM Key Protect features

  • Allows any encryption-enabled IBM Cloud data-as-a-service offering or internal application to use REST APIs for integrating encryption capabilities with IBM Key Protect, thus eliminating the need to spend the time or effort building proprietary (and often insecure) solutions to protect encryption keys.
  • Provides the ability to delete keys without any residual copies remaining, thereby rendering any data encrypted under those keys cryptographically erased. Once the encryption keys are deleted, you can be assured your data is no longer retrievable, regardless of the application or cloud that stored it.
  • Maintains key vaulting security based upon FIPS 140-2 certified hardware security modules (HSM) located within secure IBM Cloud data centers.
  • Gives cloud system administrators the ability to easily manage their encryption keys while creating roll-based employee access via a simple IBM Cloud IAM resource controlled graphical user interface.
  • Communicates directly with the IBM Activity Tracker service, which provides encryption key api call logs access for security administrators to monitor for abnormal activity and to support industry auditing compliance standards.
  • Offers no-charge pricing for users requiring 20 or fewer keys.

Start using IBM Key Protect today!

Available in the IBM Public Cloud U.S. East Region catalog under the Platform – Security and Identity section.
Look for IBM Key Protect icon.

Offering Manager - IBM Key Protect

More Security stories
April 9, 2019

Track Your Cloud Activities Using IBM Cloud Activity Tracker with LogDNA

With IBM Cloud Activity Tracker with LogDNA, you can improve the security monitoring of your application by setting alerts for user access patterns and gain greater trackability for how your Cloud Service and Cloud Account is being used, configured, and accessed.

Continue reading

March 29, 2019

Adding Sign In to Multicloud Applications Without Code Changes

In this post, we will explore a proof of concept illustrating how we can leverage identity federation using a single IBM Cloud App ID instance along with common operational patterns, such as Kubernetes and Istio, to create a centralized identity and access management model that can transparently secure applications/services across cloud environments.

Continue reading

March 28, 2019

Sign In Your App Users With Any Identity Provider Using App ID

We're going to explain App ID’s custom identity flow and walk you through an example of how you can use it to integrate a third-party identity provider with App ID—specifically, LinkedIn.

Continue reading