Announcements
Cloud
Security
April 20, 2020 By Sowmya Nataraj
Christopher Smith
3 min read

As enterprises look past migrating relatively simple applications to the public cloud and toward modernizing and moving sensitive applications, security controls remain a top concern.

Data security is paramount since it can have ripple effects in protecting brand image and intellectual property. Managing risk and meeting regulatory compliance requirements become imperative.

IBM recently announced industry-leading security capabilities to enable enterprise customers who are looking to store highly sensitive data in the public cloud. Enterprise customers want the ability to use their own keys to encrypt their data in the cloud and have exclusive control over these keys. To address this need, IBM Cloud Hyper Protect Crypto Services offers the industry’s highest level of encryption key protection by providing customers with the “Keep Your Own Key” (KYOK) capability.

What is IBM Cloud Hyper Protect Crypto Services?

IBM Cloud Hyper Protect Crypto Services is a single-tenant Key Management service and a Cloud Hardware Security Module (HSM) service. Key vaulting is provided by dedicated, customer-controlled cloud HSMs that are built on FIPS 140-2 Level 4-certified hardware—the highest level of security offered by any cloud provider in the industry. KYOK is designed to allow customers to have exclusive key control, where only they have access to encryption keys. Other privileged users, such as IBM Cloud administrators, have no access to the keys.

Introducing smart card support

IBM is the only cloud provider to provide a Cloud CLI plug-in to support the key ceremony process to initialize the HSM, thereby allowing customers full control of the entire key hierarchy, including the HSM master key. Visit the components and concepts page and the  documentation on master keys and master key parts for a quick refresher. Customers can use the Cloud CLI to allow multiple security personnel with crypto admin and key custodian responsibilities to participate in the process of taking control of the HSMs.

Enterprises look for more advanced security capabilities to further protect their administrative actions. When administering keys, they want to leverage hardware-based key ceremony and command signing. For these customers, we are now adding smart card support. This allows crypto officers to each securely store parts of the master key on individual smart cards. These smart cards are typically stored in safes. Multiple crypto officers can then use their smart cards to participate in the process of HSM initialization and master key rotation.

Please see the types of smart cards, recommendations on smart card set up, and the process to procure smart cards and readers to get started. Once you’ve procured the smart cards, the smart card management utilities documentation will help you set up and manage the smart cards, use the cards to manage master keys.

Use promo code HPCRYPTO30 to try the service free

Starting immediately, we are offering new clients a $3,120 USD credit to be applied toward IBM Cloud Hyper Protect Crypto Services (the equivalent of 30 days free for two crypto units). When you create an instance of Hyper Protect Crypto Services, you specify the number of crypto units to provision. The default option is two crypto units for high availability, and monthly pricing is per crypto unit.

Use promo code HPCRYPTO30 when you provision the service to get the first 30 days free for two crypto units. See this guide on how to apply promo codes to your IBM account. The offer can be redeemed in a few simple steps:

This offer is subject to availability, each promo code can be used once per customer, and it cannot be combined with other offers.

Sowmya Nataraj
Offering Manager, IBM Cloud Hyper Protect Services
Christopher Smith
Program Director, IBM Hyper Protect Solution, Hyper Protect Crypto Services

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters