Security

IBM Key Protect Now Available in U.S. East Region on IBM Public Cloud

Share this post:

IBM Key Protect is now available in the U.S. East region

Having the ability to use encryption key management to protect applications and support data in a public cloud environment is a critical component of all enterprise security governance protocols. We’re excited to announce that we are adding to our U.S. geographical coverage. IBM’s key management service, IBM Key Protect, is now available in the U.S. East region based out of Washington D.C.

What is Key Protect?

IBM Key Protect is an encryption key management service (KMS) that offers a simple and economical key management solution for managing keys that are used to encrypt applications and data-at-rest in the IBM Cloud. Key Protect manages the entire life-cycle of keys from key creation through application use, key archival, and key destruction while also enforcing separation of duties between data management and key management.

Company policies, industry best practices, and government regulations increasingly require data-at-rest encryption with encryption key management to be included as fundamental components of overall data storage, data management, and data governance. By providing the mandatory control of user access requests to encryption keys, IBM Key Protect helps clients secure their sensitive data from unauthorized access or inadvertent employee release while meeting compliance auditing standards.

Bring-you-own-key

IBM Key Protect supports bring-your-own-key (BYOK) customer-managed encryption, which allows users to import into the IBM Cloud master root-of-trust encryption keys created within an internal, on-premise key management service to secure data stored in the cloud. Security professionals like BYOK because sensitive data is now protected by their own encryption keys. If there is a threat to the security of the data, all they do is delete the key and access to the data is eliminated. The data is what we call “cryptographically erased.” Other reasons customers may want to remove their keys is personnel turnover, employee mistakes, process malfunction, key expiration policy, CISO compliance requirements, or industry standards mandate. BYOK is like running your own private key infrastructure environment as a cloud application, except you don’t have to manage the infrastructure.

IBM Key Protect features

  • Allows any encryption-enabled IBM Cloud data-as-a-service offering or internal application to use REST APIs for integrating encryption capabilities with IBM Key Protect, thus eliminating the need to spend the time or effort building proprietary (and often insecure) solutions to protect encryption keys.
  • Provides the ability to delete keys without any residual copies remaining, thereby rendering any data encrypted under those keys cryptographically erased. Once the encryption keys are deleted, you can be assured your data is no longer retrievable, regardless of the application or cloud that stored it.
  • Maintains key vaulting security based upon FIPS 140-2 certified hardware security modules (HSM) located within secure IBM Cloud data centers.
  • Gives cloud system administrators the ability to easily manage their encryption keys while creating roll-based employee access via a simple IBM Cloud IAM resource controlled graphical user interface.
  • Communicates directly with the IBM Activity Tracker service, which provides encryption key api call logs access for security administrators to monitor for abnormal activity and to support industry auditing compliance standards.
  • Offers no-charge pricing for users requiring 20 or fewer keys.

Start using IBM Key Protect today!

Available in the IBM Public Cloud U.S. East Region catalog under the Platform – Security and Identity section.
Look for IBM Key Protect icon.

Offering Manager - IBM Key Protect

More Security stories
September 7, 2018

Use App ID to Authenticate Your Users in Your Lite IBM Cloud App

Were excited to announce that IBM Cloud App ID just launched a new Lite plan as part of the IBM Cloud Lite account. As part of the Lite plan, you will be able to try out all of App ID's capabilities.

Continue reading

September 3, 2018

IBM Cloud Certificate Manager is Now GA

If you were using Certificate Manager in Beta, we have good news—you can continue to use your existing instances as is. There is no required migration, and you can continue to use Certificate Manager for free. For new users, you can go ahead and create a new instance and use for free also.

Continue reading

August 16, 2018

IBM Cloud Takes Action to Address Latest Security Vulnerabilities

IBM Cloud is taking precautionary measures on behalf of our clients to address potential security vulnerabilities made public on August 14, 2018. We recommend that all clients should back up all data from their virtual server instances.

Continue reading