IBM Cloud Hyper Protect Crypto Services – Key Management Service [Update]
By: Christopher Smith
IBM Cloud Hyper Protect Crypto Services
IBM Cloud Hyper Protect Crypto Services offers highly regulated organizations a managed cryptographic service in the cloud. It provides dedicated control down to the root secret of the Hardware Security Module. The Hardware Security Modules are FIPS 140-2 level 4 certified. This accounts for reliable protection of your keys, certificates, and cryptographic operations.
As part of the IBM Hyper Protect family of services, it introduces protection even from privileged users. It comprises built-in high availability and scaling capabilities, which addresses always-on requirements of the digital enterprise.
With Keep Your Own Key, Hyper Protect Crypto Services assures that all your secrets are always kept under control of keys that you own.
Key management service
A key management service like IBM Key Protect manages the entire lifecycle of keys. This ranges from key creation through application use, key archival, and key destruction. It enforces separation of duties between data management and key management.
Company policies, industry best practices, and government regulations increasingly require data-at-rest encryption. Encryption key management is a fundamental requirement for data storage, management, and governance. IBM Key Protect helps clients secure their sensitive data from unauthorized access or inadvertent employee release while meeting compliance auditing standards. Learn more about Key Protect here.
Hyper Protect Crypto Services is a drop-in replacement for IBM Key Protect and exposes the same key management services. As a single-tenant service, it offers dedicated control of the Hardware Security Module per customer. It extends the family of key management services in the IBM Cloud towards single-tenant instances with dedicated hardware secret control.
Check out IBM Cloud Hyper Protect Crypto Services now!
New with this experimental update
Hyper Protect Crypto Services transitions from a backend Hardware Security Module for IBM Key Protect to a stand-alone key management system functionality. There is no further need to set up both services (all-in-one solution).
HSM Master Keys can now be customer managed (setup/delete) with an IBM Cloud CLI add-on from on-premises.
Deprecation of Advanced Crypto Service Provider (ACSP) Remote Hardware Security Module Services.
Already deployed experimental instances will continue to work until further notice.
No further management of experimental instances (create, delete, manage).
Attention: Please keep in mind that no migration is supported for experimental services.
Temporary unavailability of Hardware Security Module services in the updated service until further notice.
We are working on bringing back the Hardware Security Module function with cloud-ready interfaces (Enterprise PKCS#11). We will keep you posted in this blog.