Announcements
Cloud
Security
September 6, 2019 By Zeeshan Khan 3 min read

IBM Cloud Object Storage, a public cloud multi-tenant storage service, is pleased to announce Keep Your Own Key (KYOK) support by integration with IBM Cloud Hyper Protect Crypto Services.

 

IBM Cloud Hyper Protect Crypto Services is a key management service with key vaulting provided by dedicated, customer-controlled cloud hardware security modules (HSMs) that are built on FIPS 140-2 Level 4-certified hardware, the highest offered by any cloud provider in the industry. With this integration, you now have the ability to get more granular control and authority over the root keys used to add envelop encryption to Data Encryption Keys (DEK’s).

IBM Cloud users can now select from and leverage IBM Public Cloud Object Storage integrations with the following IBM Cloud Key Management Services:

  1. Bring Your Own Key (BYOK) with IBM Key Protect for IBM Cloud, a multi-tenant key management service secured by FIPS 140-2 Level 3-certified cloud-based HSMs
  2. Keep Your Own Key (KYOK) with IBM Cloud Hyper Protect Crypto Services, a dedicated key management and HSM service that is controlled by you and built on FIPS 140-2 Level 4-certified hardware.

It is also pertinent to add that IBM Key Protect and Hyper Protect Crypto Services use a common Key Provider API, providing a consistent approach for managing keys. Depending on the use case and security requirements, you can decide which key management service will be best suited for your organization’s needs.

Regions supported

Integration with Hyper Protect Crypto Services is available today in the following regional IBM Public Cloud Object Storage locations:

  • US South
  • AP Australia
  • EU Germany

In the upcoming section, we will focus on leveraging IBM Cloud Object Storage’s integration with Hyper Protect Crypto Services.

Setting up Cloud Object Storage buckets to use Hyper Protect Crypto Services

Before you can begin to leverage the integration benefits, you will need to Provision and Initialize Hyper Protect Crypto Services instance(s). It is also recommended that you review the getting started tutorial on Hyper Protect Crypto Services to learn more and explore the service.

Integration with Hyper Protect Crypto Services is at the object storage bucket level, and you can select from a list of supported global regions when making the selections from the bucket configuration screen.

The option to add Hyper Protect Crypto Services is available at the bucket configuration screen (Figure 1):

Figure 1: Hyper Protect Crypto Services option at bucket creation.

During Cloud Object Storage bucket creation, you can add a Hyper Protect Crypto Services key to your buckets (Figure 2):

Figure 2: Add Hyper Protect Crypto Service key.

After the initial selections are made, you can check for the Key Management Service associated with your bucket by looking at the bucket configuration screen (Figure 3):

Figure 3: View bucket configuration for associated key management services.

Learn more

For a more detailed step-by-step guide on setting up your Cloud Object Storage buckets to use Hyper Protect Crypto Services, you can review our managing encryption documentation page.

For information on the IBM Public Cloud Object Storage offering and details around the features please visit our product page.

For more information on object storage technology, see “What is Object Storage?

Zeeshan Khan
Principal Offering Manager, Cloud Object Storage

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters