Security

IBM Cloud Hyper Protect Crypto Services – Key Management Service [Update]

Share this post:

IBM Cloud Hyper Protect Crypto Services

IBM Cloud Hyper Protect Crypto Services offers highly regulated organizations a managed cryptographic service in the cloud. It provides dedicated control down to the root secret of the Hardware Security Module. The Hardware Security Modules are FIPS 140-2 level 4 certified. This accounts for reliable protection of your keys, certificates, and cryptographic operations.

As part of the IBM Hyper Protect family of services, it introduces protection even from privileged users. It comprises built-in high availability and scaling capabilities, which addresses always-on requirements of the digital enterprise.

With Keep Your Own Key, Hyper Protect Crypto Services assures that all your secrets are always kept under control of keys that you own.

Key management service

A key management service like IBM Key Protect manages the entire lifecycle of keys. This ranges from key creation through application use, key archival, and key destruction. It enforces separation of duties between data management and key management.

Company policies, industry best practices, and government regulations increasingly require data-at-rest encryption. Encryption key management is a fundamental requirement for data storage, management, and governance. IBM Key Protect helps clients secure their sensitive data from unauthorized access or inadvertent employee release while meeting compliance auditing standards. Learn more about Key Protect here.

Hyper Protect Crypto Services is a drop-in replacement for IBM Key Protect and exposes the same key management services. As a single-tenant service, it offers dedicated control of the Hardware Security Module per customer. It extends the family of key management services in the IBM Cloud towards single-tenant instances with dedicated hardware secret control.

Check out IBM Cloud Hyper Protect Crypto Services now!

New with this experimental update

  • Hyper Protect Crypto Services transitions from a backend Hardware Security Module for IBM Key Protect to a stand-alone key management system functionality. There is no further need to set up both services (all-in-one solution).
  • HSM Master Keys can now be customer managed (setup/delete) with an IBM Cloud CLI add-on from on-premises.
  • Deprecation of Advanced Crypto Service Provider (ACSP) Remote Hardware Security Module Services.
    • Already deployed experimental instances will continue to work until further notice.
    • No further management of experimental instances (create, delete, manage).
    • Attention: Please keep in mind that no migration is supported for experimental services.
  • Temporary unavailability of Hardware Security Module services in the updated service until further notice.

We are working on bringing back the Hardware Security Module function with cloud-ready interfaces (Enterprise PKCS#11). We will keep you posted in this blog.

Offering Manager – CloudCrypto, zHSM

More Security stories
April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 23, 2019

Announcing the Deprecation of the Watson Machine Learning JSON Token Authentication Service

We’d like to inform you about the deprecation of the Watson Machine Learning JSON Token Authentication service. This method of authentication will be retired on May 30, 2019.

Continue reading

April 19, 2019

Introducing IBM Cloud Object Storage Firewall: Further Secure Your Data

IBM Cloud Object Storage (COS) is giving you more control over who can access your data. We have introduced a new capability allowing you to configure your buckets with trusted IP address(es) that will dictate access to the data in COS.

Continue reading