Announcements
Cloud
Security
September 6, 2019 By Zeeshan Khan 3 min read

IBM Cloud Object Storage, a public cloud multi-tenant storage service, is pleased to announce Keep Your Own Key (KYOK) support by integration with IBM Cloud Hyper Protect Crypto Services.

 

IBM Cloud Hyper Protect Crypto Services is a key management service with key vaulting provided by dedicated, customer-controlled cloud hardware security modules (HSMs) that are built on FIPS 140-2 Level 4-certified hardware, the highest offered by any cloud provider in the industry. With this integration, you now have the ability to get more granular control and authority over the root keys used to add envelop encryption to Data Encryption Keys (DEK’s).

IBM Cloud users can now select from and leverage IBM Public Cloud Object Storage integrations with the following IBM Cloud Key Management Services:

  1. Bring Your Own Key (BYOK) with IBM Key Protect for IBM Cloud, a multi-tenant key management service secured by FIPS 140-2 Level 3-certified cloud-based HSMs
  2. Keep Your Own Key (KYOK) with IBM Cloud Hyper Protect Crypto Services, a dedicated key management and HSM service that is controlled by you and built on FIPS 140-2 Level 4-certified hardware.

It is also pertinent to add that IBM Key Protect and Hyper Protect Crypto Services use a common Key Provider API, providing a consistent approach for managing keys. Depending on the use case and security requirements, you can decide which key management service will be best suited for your organization’s needs.

Regions supported

Integration with Hyper Protect Crypto Services is available today in the following regional IBM Public Cloud Object Storage locations:

  • US South
  • AP Australia
  • EU Germany

In the upcoming section, we will focus on leveraging IBM Cloud Object Storage’s integration with Hyper Protect Crypto Services.

Setting up Cloud Object Storage buckets to use Hyper Protect Crypto Services

Before you can begin to leverage the integration benefits, you will need to Provision and Initialize Hyper Protect Crypto Services instance(s). It is also recommended that you review the getting started tutorial on Hyper Protect Crypto Services to learn more and explore the service.

Integration with Hyper Protect Crypto Services is at the object storage bucket level, and you can select from a list of supported global regions when making the selections from the bucket configuration screen.

The option to add Hyper Protect Crypto Services is available at the bucket configuration screen (Figure 1):

Figure 1: Hyper Protect Crypto Services option at bucket creation.

During Cloud Object Storage bucket creation, you can add a Hyper Protect Crypto Services key to your buckets (Figure 2):

Figure 2: Add Hyper Protect Crypto Service key.

After the initial selections are made, you can check for the Key Management Service associated with your bucket by looking at the bucket configuration screen (Figure 3):

Figure 3: View bucket configuration for associated key management services.

Learn more

For a more detailed step-by-step guide on setting up your Cloud Object Storage buckets to use Hyper Protect Crypto Services, you can review our managing encryption documentation page.

For information on the IBM Public Cloud Object Storage offering and details around the features please visit our product page.

For more information on object storage technology, see “What is Object Storage?

Zeeshan Khan
Principal Offering Manager, Cloud Object Storage

More from Announcements
April 19, 2024

IBM Consulting augments expertise with AWS Competencies: A win-win for clients 

3 min read - In today's dynamic economic landscape, businesses demand continuous innovation and speed of execution. At IBM Consulting®, our unwavering focus on partnerships and shared commitment to delivering enterprise-level solutions to mutual clients have been core to our success.   We are thrilled to announce that IBM® has recently gained five competencies from Amazon Web Services (AWS) in vital domains including Cloud Operations, Internet of Things (IoT), Life Sciences, Mainframe Modernization, and Telecommunications. With these credentials, IBM further establishes its position as a…

April 18, 2024

Probable Root Cause: Accelerating incident remediation with causal AI 

5 min read - It has been proven time and time again that a business application’s outages are very costly. The estimated cost of an average downtime can run USD 50,000 to 500,000 per hour, and more as businesses are actively moving to digitization. The complexity of applications is growing as well, so Site Reliability Engineers (SREs) require hours—and sometimes days—to identify and resolve problems.   To alleviate this problem, we have introduced the new feature Probable Root Cause as part of Intelligent Incident…

April 11, 2024

Reflecting on IBM’s legacy of environmental innovation and leadership

4 min read - Upholding a legacy of more than 50 years of environmental responsibility through our company’s actions and commitments, IBM continues to be a leader in driving sustainability for our business, our communities and our clients—including a 34-year history of annual, public environmental reporting, which we continue today. As a hybrid cloud and artificial intelligence (AI) company, we believe that leveraging technology is key to unlocking impact, and it will play a substantial role in how society addresses, adapts to, and overcomes…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters