What is it?

IBM Cloud™ Hyper Protect Crypto Services is a key management and cloud hardware security module (HSM). It is designed to enable you to take control of your cloud data encryption keys and cloud hardware security models, and is the only service in the industry built on FIPS 140-2 Level 4-certified hardware.

Built on IBM LinuxONE technology, the service helps ensure that only you have access to your keys. A single-tenant key-management service with key vaulting provided by dedicated customer-controlled HSMs helps you create encryption keys with ease. Alternatively, you can bring your own encryption keys to manage. The managed cloud HSM supports industry standards, such as PKCS #11, so your applications can integrate cryptographic operations like digital signing and validation.

→ Read more

Crypto-icon-image

Hyper Protect Crypto Services benefits

Key control

You have complete control of your data encryption keys, including the HSM master key.

Data and digital-asset security

Keys protected by FIPS 140-2 Level 4 hardware security models help give you access to the highest level of security for your cloud data and digital assets.

Compliance support

Hyper Protect Crypto Services can help you meet regulatory compliance by providing controls on external and privileged user access to data and keys.

Key management features

Key lifecycle management

Create, import, rotate and manage keys with ease. Once the encryption keys are deleted, you can be assured that your data is no longer retrievable, regardless of the application that stored it.

Encryption for IBM Cloud services

IBM Cloud services can integrate with Hyper Protect Crypto Services for data encryption. IBM Key Protect — a multitenant key-management service — and Hyper Protect Crypto Services use a common-key-provider API to provide a consistent approach for adopting IBM Cloud services.

Access management and auditing

Hyper Protect Crypto Services can integrate with IBM Cloud services for access management, logging and monitoring, auditing to control key access and support-compliance requirements.

Cloud HSM features

Security certification

The service is built on FIPS 140-2 Level 4-certified hardware, the highest offered by any cloud provider in the industry.

HSM control

Single-tenant, dedicated HSMs are controlled by you. IBM Cloud administrators have no access.

Key ceremony

IBM is the first to provide cloud command-line interface (CLI) for the HSM Key Ceremony to help enable you to take ownership of the cloud HSM.

Find IBM Cloud Hyper Protect Crypto Services in the IBM Cloud catalog.