Cloud
Security
March 22, 2022 By Andy Bradfield 3 min read

A new and innovative way to manage encryption keys in a hybrid cloud.

Data security has been a focus area for CISOs and CPOs, and it is especially important as organizations look to move sensitive data and workloads to the cloud. As enterprises adopt hybrid cloud strategies and start using more than a single cloud service provider to best match their workload needs, operational complexity around data encryption and encryption keys become more significant.

Managing keys in silos on-premises and across multiple clouds brings up challenges around demonstrating compliance, ensuring the right security posture with key usage and maintaining data governance and sovereignty. A Gartner report suggests that security and risk management leaders must develop an enterprise-wide encryption key management strategy or lose the data.

What is the Unified Key Orchestrator?

As a part of IBM Cloud Hyper Protect Crypto Services, we are excited to announce the Unified Key Orchestrator — a new, innovative multicloud key management solution offered as a managed service. 

Built on the ‘Keep Your Own Key’ technology, Unified Key Orchestrator helps enterprises manage their data encryption keys across multiple key stores across multiple clouds environments, including keys managed on-premises, on IBM Cloud, AWS and Microsoft Azure:

IBM Cloud offers confidential computing with IBM Cloud Hyper Protect Services, including the ‘Keep Your Own Key’ capability. This allows customers to have exclusive control of their encryption keys — even IBM Cloud administrators have no access. As a single-tenant Key Management Service and a Cloud Hardware Security Module (HSM) service, key vaulting is provided by dedicated, customer-controlled cloud HSMs that are built on FIPS 140-2 Level 4-certified hardware. FIPS 140-2 Security Level 4 provides the highest commercially available level of security defined in this standard.

Designed to address customer needs

Our customers told us that their challenges with managing keys across their hybrid cloud setup was multi-fold. On-premises, it required deep security expertise and was not cost-effective. Additionally, moving workloads to different clouds meant that security teams had to learn multiple cloud key lifecycle management (KMS) systems. The Unified Key Orchestrator solution has been developed to address these pain points and provides the following:

  • A single control plane for all your keys: The Unified Key Orchestrator has a UX research-led UI design that helps enterprises meet their compliance control obligations. The user experience is engineered to be seamless for key administrators, hides the complexities and differences across different keystone implementations and helps reduce risk of incorrect key usage.
  • Key lifecycle management features based on NIST recommendations:
    • Keys will never be in the clear anywhere. They are protected by your own master key on the service’s HSM (hardware security module).
    • Provides secured transfer of keys to internal keystores in the service instance or external keystores including Microsoft Azure Key Vault (Office365®) and AWS KMS.
    • Distributes and installs keys with a single click. Manages keys and keystores through RESTful API.
    • Centrally backs up and manages all keys of your enterprise and redistributes keys to quickly recover from errors due to lost keys.
  • Help reduce total cost of ownership and operational costs: The Unified Key Orchestrator provides a single intuitive tool with a tiered pricing model designed to reduce the complexity and cost of managing multiple key management systems. Additionally, customers can use the API to plug the Unified Key Orchestrator into their DevOps process to integrate key management when they deploy workloads to the cloud.

Get started with the Unified Key Orchestrator

See for yourself how easy it is to manage your own keys across IBM Cloud, AWS and Microsoft Azure. Log in to IBM Cloud to get started now, and for more information, please see the getting started guide on IBM Cloud Docs.

Learn more about IBM Cloud Hyper Protect Crypto Services.

Andy Bradfield
Director, IBM ZaaS and Confidential Computing

More from Cloud
April 26, 2024

Bigger isn’t always better: How hybrid AI pattern enables smaller language models

5 min read - As large language models (LLMs) have entered the common vernacular, people have discovered how to use apps that access them. Modern AI tools can generate, create, summarize, translate, classify and even converse. Tools in the generative AI domain allow us to generate responses to prompts after learning from existing artifacts. One area that has not seen much innovation is at the far edge and on constrained devices. We see some versions of AI apps running locally on mobile devices with…

April 8, 2024

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

April 4, 2024

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters