Role-based access controls & distinct separation of duties
Help support compliance requirements and keep your cloud-bound sensitive data secure. Role-based access controls allow an administrator to define a second layer of data access control policies that are based upon roles and job functions. Additionally, by default, Multi-Cloud Data Encryption creates two distinct roles – one for the Product Administrator and one for the Security Administrator to keep roles separate.
Advanced cryptographic splitting technology
Cryptographic splitting technology helps assure sensitive data confidentiality, privacy, and protection against brute force attacks. IBM Multi-Cloud Data Encryption, with its SPx™ core, combines FIPS-140-2 certified AES 256-bit encryption and cryptographic splitting.
Integrated and KMIP-compatible key management
Using integrated and transparent built-in key management, all phases of key lifecycle management stay in your control, streamlining the key management process -- from key creation, rotation, and revocation, to help support industry compliance requirements. External key management is also supported with KMIP-certified key managers such as IBM's Security Key Lifecycle Manager.
Streamlined management for encryption & policy enforcement
A centralized virtual management console provides a central console from which users can provision, deploy and manage all instances of IBM Multi-Cloud Data Encryption's encryption agents across the enterprise. Organizations can host the management server wherever they choose, including on-premises - which allows users to keep their keys out of the cloud while managing data encryption remotely.