A new and innovative way to manage encryption keys in a hybrid cloud.
Data security has been a focus area for CISOs and CPOs, and it is especially important as organizations look to move sensitive data and workloads to the cloud. As enterprises adopt hybrid cloud strategies and start using more than a single cloud service provider to best match their workload needs, operational complexity around data encryption and encryption keys become more significant.
Managing keys in silos on-premises and across multiple clouds brings up challenges around demonstrating compliance, ensuring the right security posture with key usage and maintaining data governance and sovereignty. A Gartner report suggests that security and risk management leaders must develop an enterprise-wide encryption key management strategy or lose the data.
What is the Unified Key Orchestrator?
As a part of IBM Cloud Hyper Protect Crypto Services, we are excited to announce the Unified Key Orchestrator — a new, innovative multicloud key management solution offered as a managed service.
Built on the ‘Keep Your Own Key’ technology, Unified Key Orchestrator helps enterprises manage their data encryption keys across multiple key stores across multiple clouds environments, including keys managed on-premises, on IBM Cloud, AWS and Microsoft Azure:
IBM Cloud offers confidential computing with IBM Cloud Hyper Protect Services, including the ‘Keep Your Own Key’ capability. This allows customers to have exclusive control of their encryption keys — even IBM Cloud administrators have no access. As a single-tenant Key Management Service and a Cloud Hardware Security Module (HSM) service, key vaulting is provided by dedicated, customer-controlled cloud HSMs that are built on FIPS 140-2 Level 4-certified hardware. FIPS 140-2 Security Level 4 provides the highest commercially available level of security defined in this standard.
Designed to address customer needs
Our customers told us that their challenges with managing keys across their hybrid cloud setup was multi-fold. On-premises, it required deep security expertise and was not cost-effective. Additionally, moving workloads to different clouds meant that security teams had to learn multiple cloud key lifecycle management (KMS) systems. The Unified Key Orchestrator solution has been developed to address these pain points and provides the following:
- A single control plane for all your keys: The Unified Key Orchestrator has a UX research-led UI design that helps enterprises meet their compliance control obligations. The user experience is engineered to be seamless for key administrators, hides the complexities and differences across different keystone implementations and helps reduce risk of incorrect key usage.
- Key lifecycle management features based on NIST recommendations:
- Keys will never be in the clear anywhere. They are protected by your own master key on the service’s HSM (hardware security module).
- Provides secured transfer of keys to internal keystores in the service instance or external keystores including Microsoft Azure Key Vault (Office365®) and AWS KMS.
- Distributes and installs keys with a single click. Manages keys and keystores through RESTful API.
- Centrally backs up and manages all keys of your enterprise and redistributes keys to quickly recover from errors due to lost keys.
- Help reduce total cost of ownership and operational costs: The Unified Key Orchestrator provides a single intuitive tool with a tiered pricing model designed to reduce the complexity and cost of managing multiple key management systems. Additionally, customers can use the API to plug the Unified Key Orchestrator into their DevOps process to integrate key management when they deploy workloads to the cloud.
Get started with the Unified Key Orchestrator
See for yourself how easy it is to manage your own keys across IBM Cloud, AWS and Microsoft Azure. Log in to IBM Cloud to get started now, and for more information, please see the getting started guide on IBM Cloud Docs.
Learn more about IBM Cloud Hyper Protect Crypto Services.