IBM Key Protect Released in AP North Region on IBM Cloud

5 min read

By: Terry Mosbaugh

IBM Key Protect is now available in the AP North Region

Per the Ponemon Institute LLC, the average organizational cost of a data breach in 2017 was $3.86M. Having the ability to use encryption key management to protect applications and supporting data in a public cloud environment is a critical component of all enterprise security governance protocols. Adding to our global geographical coverage, IBM’s key management service, IBM Key Protect, is now available in the AP North Region based out of Tokyo.

IBM Key Protect is an encryption key management service (KMS) that offers a simple and economical key management solution for managing keys that are used to encrypt data-at-rest in the IBM Cloud. IBM Key Protect manages the entire lifecycle of keys, from key creation through application use, key archival, and key destruction, while also enforcing separation of duties between data management and key management.

Company policies, industry best practices, and government regulations increasingly require data-at-rest encryption with encryption key management to be included as fundamental components of overall data storage, data management, and data governance. By providing the mandatory control of user access requests to encryption keys, IBM Key Protect helps clients secure their sensitive data from unauthorized access or inadvertent employee release while meeting compliance auditing standards.

IBM Key Protect supports BYOK (Bring-Your-Own-Key – customer managed encryption), which allows users to import into the IBM Cloud master root-of-trust encryption keys created within an internal, on-premise key management service and then apply these keys to secure data stored in the cloud. Security professionals like BYOK because sensitive data is now protected by their own encryption keys. If there is a threat to the security of the data, all they do is delete the key and access to the data is eliminated. The data is what we call “cryptographically erased.” BYOK is like running your own private key infrastructure (PKI) environment as a cloud application, except you don’t have to manage the infrastructure. Users may also want to rotate or delete encryption keys due to personnel turnover, employee mistakes, process malfunction, key expiration policy, CISO compliance requirements, industry standards mandate, etc.

IBM Key Protect features

  • Allows any encryption enabled IBM Cloud Data-as-a-Service offering or internal application to use REST APIs for integrating encryption capabilities with IBM Key Protect, thus eliminating the need to spend the time or effort building proprietary (and often insecure) solutions to protect encryption keys.

  • Provides the ability to delete keys without any residual copies remaining, thereby rendering any data encrypted under those keys cryptographically-erased. Once the encryption keys are deleted, you can be assured your data is no longer retrievable, regardless of the application or cloud that stored it.

  • Maintains key vaulting security based upon FIPS 140-2 certified hardware security modules (HSM) located within secure IBM Softlayer data centers.

  • Gives cloud system administrators the ability to easily manage their encryption keys while creating roll-based employee access via a simple IBM Cloud IAM resource controlled graphical user interface.

  • Communicates directly with the IBM Activity Tracker service, which provides encryption key api call logs access for security administrators to monitor for abnormal activity and to support industry auditing compliance standards.

  • Supports HIPPA and SOC2.

  • Offers no-charge pricing for users requiring 20 or fewer keys.

Start using IBM Key Protect today

Look for our icon in the IBM Public Cloud AP North region catalog under the Platform – Security and Identity section.

Start using IBM Key Protect today

 

Be the first to hear about news, product updates, and innovation from IBM Cloud