Data is the currency of the 21st century. Bringing data and processes from legacy systems to the cloud requires that data at rest, data in transit and data in use are handled consistently with prevailing data security guidelines. It’s no surprise that organizations often mention security and data protection as the most significant barriers to moving sensitive applications and data to the public cloud. The adoption of cloud-based encryption software solutions is expected to grow, considering cloud technology’s ease of data maintenance, cost-effectiveness, scalability and streamlined data management.
Though cloud-ready architectures have several benefits in terms of simplicity and support for microservices, customers may still have concerns about data being mishandled by the cloud service provider. Organizations often want to not only encrypt their data in the cloud with their own keys, but also administer and control the encryption keys.
Organizations can use IBM Power Systems Virtual Server to expand their on-premises servers to modern-day hybrid cloud infrastructures, helping them to smoothly move and manage their workloads across cloud and on-premises environments. For cloud data encryption and multicloud key management, an organization can leverage IBM Hyper Protect Crypto Services to manage access to its data.
We are pleased to announce the availability of IBM Hyper Protect Crypto Services for AIX and Linux on IBM Power Systems Virtual Server.
IBM Cloud Hyper Protect Crypto Services is a 3-in-1 solution, designed to give enterprises the following:
IBM Hyper Protect Crypto Services allows customers to control their cloud data encryption keys (DEKs) and Cloud Hardware Security Module (HSM). Built on LinuxONE technology, the service runs on a secured enclave, which helps ensure that no one (including cloud administrators) can access another user’s keys.
Hyper Protect Crypto Services can provide both key management and encryption application programming interfaces (APIs) to help manage access to data and the lifecycle of encryption keys. By providing both of these important features, Hyper Protect Crypto Services is designed to offer extra layers of protection compared to solutions that offer only one of them.
You can integrate Hyper Protect Crypto Services with Power Virtual Server to securely store and protect encryption key information for AIX and Linux. This integration can be leveraged for encryption of AIX file systems and to help protect Linux Unified Key Setup (LUKS) encryption keys from being compromised. Hyper Protect Crypto Services acts as the single point of control to enable or disable access to data across the enterprise. Hyper Protect Crypto Services does this by successively wrapping encryption keys, with the ultimate control being a master key that resides in a hardware security module (HSM).
The distinguishing features and potential benefits of Hyper Protect Crypto Services on IBM Power Systems Virtual Server include the following:
Many firms have now embraced a multicloud strategy, hosting workloads in a more cost-effective location, whether that be a public cloud or the organization’s own data center. However, in this case, safeguarding your data using encryption requires managing keys in silos on-premises and across various clouds, which may make it difficult to demonstrate compliance efforts, establish the correct security posture and preserve data governance and sovereignty. Managing keys across a hybrid cloud environment can be expensive and involves extensive security knowledge, and shifting workloads necessitates security teams learning different cloud key lifecycle management platforms.
Unified Key Orchestrator provides enterprises with a single control plane for all their encryption keys. The keys themselves are protected by the customer’s own master key on the service’s HSM. Hyper Protect Crypto Services with Unified Key Orchestrator enables transfer of keys to internal and external keystores used by customer-accessible services like Microsoft’s Azure Key Vault, Google Cloud Platform and AWS KMS. The service functions as a central hub for backing up an organization’s keys and can quickly redistribute keys to recover from errors resulting from lost keys.
IBM Power Systems Virtual Server with Hyper Protect Crypto Services is now available in 15 data centers across the globe. You can integrate Hyper Protect Crypto Services with Power Systems Virtual Server instances to securely store and protect encryption key information for AIX and Linux. Please refer to the product guide for additional information.
To help meet clients’ needs for encryption on CLAI Payments Technologies’ financial application (which runs on IBM i in PowerVS), IBM collaborated with First National Technology Solutions (FNTS) to build an encryption service tile for the IBM Cloud Catalog. FNTS provides encryption services for IBM i on PowerVS via this tile, and the tile allows clients running CLAI applications on PowerVS to add encryption services to these applications and operate CLAI applications on PowerVS with the same security level as on-premises.
IBM has also collaborated with FalconStor Software to bring enterprise-class data protection, disaster recovery, ransomware protection and cloud migration to IBM Power workloads. The Virtual Tape Library solution is designed to enable hybrid backup to the cloud and on-premises clients to easily migrate IBM i, AIX and Linux workloads to PowerVS. With its integrated deduplication, the solution removes redundant copies of data, thereby reducing capacity requirements and minimizing replication time. Please see Virtual Tape Library for Power and Virtual Tape Library for PowerVS to get started with this solution.
Our collaboration with FNTS, CLAI Payment Technologies and FalconStor Software exemplifies our commitment to meet our clients’ needs and create a more robust offering. Let’s work together to see how IBM Power Systems Virtual Server can help drive success for your business.