Security

Announcing IBM Cloud Hyper Protect Crypto Services – BETA

Share this post:

Introducing IBM Cloud Hyper Protect Crypto Services

Protecting data in the cloud can be a daunting exercise for customers. When moving sensitive and confidential data to the cloud, customers expect to have the ability to use their own data encryption keys. They also want to be sure that no one has access to these keys. This especially applies to highly regulated industries like FSS and Healthcare.

IBM now offers two choices for cloud key management. IBM Key Protect already supports Bring Your Own Key (BYOK) for protecting data at rest. For customers looking for greater control over their data encryption keys and hardware security modules (HSMs), IBM Cloud is proud to announce Beta for IBM Cloud Hyper Protect Crypto Services, a dedicated key management and cloud HSM service.

Hyper Protect Crypto Services supports KYOK (Keep Your Own Key), which allows for the protection of data encryption keys by a dedicated, customer controlled HSM. This HSM is FIPS 140-2 Level 4 certified, the industry’s only Level 4 certified HSM available in the cloud. Hyper Protect Crypto Services is built on LinuxONE technology and is part of the Hyper Protect portfolio of services. This guarantees that no one—including cloud admins—has access to customer keys. Key Protect and Hyper Protect Crypto Services use a common Key Provider API to offer a consistent approach for adopting services.

Additionally, customers can use Hyper Protect Crypto Services as a cloud HSM for hardware-based security for cryptographic operations, including digital signing and SSL offloading. To account for a secure and rapid HSM setup, IBM provides a cloud CLI for the HSM key ceremony. This, again, is the first such service in the industry!

Here’s what you need to know

If you already have an existing instance, we ask you to move to the BETA service (available in the IBM Cloud Catalog) since we are going to sunset the EXPERIMENTAL in the near future.

End of Experimental Date: February 5th, 2019

As of February 5th, 2019, provisioning new Hyper Protect Crypto Services Experimental instances will no longer be possible. Existing instances will have support until the End of Experimental Support Date.

End of Experimental Support Date: March 5th, 2019

  • For a period of 30 days after the End of Experimental Date (through March 5th, 2019), all existing instances will continue to be available on the Services dashboard in the IBM Cloud console. For this period, there will still be support for existing instances.
  • We will delete any still-provisioned instance as of the End of Experimental Support Date.
  • Please delete your Hyper Protect Crypto Services Experimental service instances before the End of Experimental Support Date.

 

Offering Manager – CloudCrypto, zHSM

Sowmya Nataraj

Offering Manager GTM – IBM Cloud Hyper Protect Services

More Security stories
February 12, 2019

The State of IBM Cloud Security: Think 2019

Traditional security products are not designed to address the challenges of dynamic, virtual, and distributed cloud environments. IBM’s view is that enterprises today require an end-to-end approach to security that helps them achieve three core objectives in managing their risk and compliance through structured security practices.

Continue reading

February 11, 2019

Announcing IBM Cloud Data Shield Beta at Think 2019

Since we announced IBM Cloud Data Shield experimental, we have been hard at work helping our early adopters (Irene Energy and iExec) develop their Zero Trust platforms and building the next version of Data Shield. Today, we are excited to announce Data Shield beta!

Continue reading

February 11, 2019

IBM Cloud Security Advisor Now Integrates with the Twistlock Security Platform

Today, we are excited to further strengthen the relationship between IBM Cloud and Twistlock by announcing the integration of Security Advisor and the Twistlock security platform. We have integrated your IBM Cloud security tools into one dashboard and console to facilitate centralized security management.

Continue reading