IBM Cloud Hyper Protect Services are now HIPAA ready

By and Bob Blessing-Hartley | 2 minute read | September 17, 2020

In the era of hybrid cloud, much of the discussion has focused on the challenges of maintaining data security and privacy driven by the movement of data between partners and third parties. There is, however, a piece to the security puzzle that requires attention: compliance.

To help clients accelerate their compliance journey, we’re announcing IBM Hyper Protect Services are now HIPAA-ready[1]. Building on our announcement to bring Hyper Protect Services to Apple CareKit with the IBM Hyper Protect Software Development Kit (SDK) for iOS, this is an exciting step for developers as they meet the security characteristics required to be HIPAA-ready while building healthcare applications running on Apple devices.

For IT leaders, the shift to hybrid cloud introduces new complexity associated with managing multiple clouds and on-premises environments. This complexity can quickly increase the time and effort required to meet compliance requirements. By choosing the right platform for your highly secure workloads, IT leaders can establish a strong foundation to address compliance requirements.

Enter IBM LinuxONE, the platform working behind the scenes to power IBM Cloud Hyper Protect Services. For clients big and small, we’re seeing increased interest from the world’s largest banks, ISVs, and even startups in emerging spaces like digital asset custody. They are choosing IBM Cloud Hyper Protect Services and IBM LinuxONE as they seek to simplify their compliance audits by taking advantage of encryption everywhere to address the risk of internal and external threats.

At the heart of the strength of LinuxONE is pervasive encryption — a consumable approach to allow extensive encryption of data in-flight and at-rest designed to substantially simplify encryption and reduce costs associated with protecting data and achieving compliance mandates. With pervasive encryption, IT leaders can:

  • Encrypt everything and eliminate data scope from consideration
  • Provide cost-effective compliance while balancing performance workloads in the IBM Cloud by leveraging LinuxONE hardware-accelerated cryptography capabilities
  • Focus on business value by protected critical data without costly application changes. With the industry’s first and only FIPS 140-2 Level 4 certified[2] cloud hardware security module (HSM), production, developers and test can all work together and share resources, while being separated by cryptographic isolation capabilities to address audit requirements.

With time and resources at a premium, investing in the right platform for compliance support can help significantly reduce the time and effort required to meet your compliance requirements, freeing up your employees to get back to work impacting the bottom line.

[1] A “HIPAA-ready” IBM offering is an offering capable of meeting HIPAA standards and ready for IBM and the client to enter into a business associate agreement (BAA), including terms for protecting and handling patient information in a manner meeting HIPAA standards as a shared responsibility. [2] The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard used to approve cryptographic modules. It is issued by the National Institute of Standards and Technology (NIST). Level 4 is the highest level of security.