IBM now offers two choices for cloud key management.
Protecting data in the cloud can be a daunting exercise for customers. When moving sensitive and confidential data to the cloud, customers expect to have the ability to use their own data encryption keys. They also want to be sure that no one has access to these keys. This especially applies to highly regulated industries like FSS and Healthcare.
IBM now offers two choices for cloud key management. IBM Key Protect already supports Bring Your Own Key (BYOK) for protecting data at rest. For customers looking for greater control over their data encryption keys and hardware security modules (HSMs), IBM Cloud is proud to announce Beta for IBM Cloud Hyper Protect Crypto Services, a dedicated key management and cloud HSM service.
Hyper Protect Crypto Services supports KYOK (Keep Your Own Key), which allows for the protection of data encryption keys by a dedicated, customer controlled HSM. This HSM is FIPS 140-2 Level 4 certified, the industry’s only Level 4 certified HSM available in the cloud. Hyper Protect Crypto Services is built on LinuxONE technology and is part of the Hyper Protect portfolio of services. This guarantees that no one—including cloud admins—has access to customer keys. Key Protect and Hyper Protect Crypto Services use a common Key Provider API to offer a consistent approach for adopting services.
Additionally, customers can use Hyper Protect Crypto Services as a cloud HSM for hardware-based security for cryptographic operations, including digital signing and SSL offloading. To account for a secure and rapid HSM setup, IBM provides a cloud CLI for the HSM key ceremony. This, again, is the first such service in the industry!
Here’s what you need to know
If you already have an existing instance, we ask you to move to the BETA service (available in the IBM Cloud Catalog) since we are going to sunset the EXPERIMENTAL in the near future.
End of Experimental Date: February 5th, 2019
As of February 5th, 2019, provisioning new Hyper Protect Crypto Services Experimental instances will no longer be possible. Existing instances will have support until the End of Experimental Support Date.
End of Experimental Support Date: March 5th, 2019
For a period of 30 days after the End of Experimental Date (through March 5th, 2019), all existing instances will continue to be available on the Services dashboard in the IBM Cloud console. For this period, there will still be support for existing instances.
We will delete any still-provisioned instance as of the End of Experimental Support Date.
Please delete your Hyper Protect Crypto Services Experimental service instances before the End of Experimental Support Date.