Security

IBM Cloud Hyper Protect Crypto Services – Key Management Service [Update]

Share this post:

IBM Cloud Hyper Protect Crypto Services

IBM Cloud Hyper Protect Crypto Services offers highly regulated organizations a managed cryptographic service in the cloud. It provides dedicated control down to the root secret of the Hardware Security Module. The Hardware Security Modules are FIPS 140-2 level 4 certified. This accounts for reliable protection of your keys, certificates, and cryptographic operations.

As part of the IBM Hyper Protect family of services, it introduces protection even from privileged users. It comprises built-in high availability and scaling capabilities, which addresses always-on requirements of the digital enterprise.

With Keep Your Own Key, Hyper Protect Crypto Services assures that all your secrets are always kept under control of keys that you own.

Key management service

A key management service like IBM Key Protect manages the entire lifecycle of keys. This ranges from key creation through application use, key archival, and key destruction. It enforces separation of duties between data management and key management.

Company policies, industry best practices, and government regulations increasingly require data-at-rest encryption. Encryption key management is a fundamental requirement for data storage, management, and governance. IBM Key Protect helps clients secure their sensitive data from unauthorized access or inadvertent employee release while meeting compliance auditing standards. Learn more about Key Protect here.

Hyper Protect Crypto Services is a drop-in replacement for IBM Key Protect and exposes the same key management services. As a single-tenant service, it offers dedicated control of the Hardware Security Module per customer. It extends the family of key management services in the IBM Cloud towards single-tenant instances with dedicated hardware secret control.

Check out IBM Cloud Hyper Protect Crypto Services now!

New with this experimental update

  • Hyper Protect Crypto Services transitions from a backend Hardware Security Module for IBM Key Protect to a stand-alone key management system functionality. There is no further need to set up both services (all-in-one solution).
  • HSM Master Keys can now be customer managed (setup/delete) with an IBM Cloud CLI add-on from on-premises.
  • Deprecation of Advanced Crypto Service Provider (ACSP) Remote Hardware Security Module Services.
    • Already deployed experimental instances will continue to work until further notice.
    • No further management of experimental instances (create, delete, manage).
    • Attention: Please keep in mind that no migration is supported for experimental services.
  • Temporary unavailability of Hardware Security Module services in the updated service until further notice.

We are working on bringing back the Hardware Security Module function with cloud-ready interfaces (Enterprise PKCS#11). We will keep you posted in this blog.

Offering Manager – CloudCrypto, zHSM

More Security stories
February 12, 2019

The State of IBM Cloud Security: Think 2019

Traditional security products are not designed to address the challenges of dynamic, virtual, and distributed cloud environments. IBM’s view is that enterprises today require an end-to-end approach to security that helps them achieve three core objectives in managing their risk and compliance through structured security practices.

Continue reading

February 11, 2019

Announcing IBM Cloud Data Shield Beta at Think 2019

Since we announced IBM Cloud Data Shield experimental, we have been hard at work helping our early adopters (Irene Energy and iExec) develop their Zero Trust platforms and building the next version of Data Shield. Today, we are excited to announce Data Shield beta!

Continue reading

February 11, 2019

IBM Cloud Security Advisor Now Integrates with the Twistlock Security Platform

Today, we are excited to further strengthen the relationship between IBM Cloud and Twistlock by announcing the integration of Security Advisor and the Twistlock security platform. We have integrated your IBM Cloud security tools into one dashboard and console to facilitate centralized security management.

Continue reading