IBM Cloud Hyper Protect Crypto Services

IBM Cloud® Hyper Protect Crypto Services is an as-a-service (aaS) key management and encryption solution, which gives you full control over your encryption keys for data protection.

The integrated Unified Key Orchestrator acts as a secure key repository for distributing and orchestrating keys across multiple clouds, enabling quick recovery from key loss or disasters. With Hyper Protect Crypto Services, you can:

build on the highest level of security with FIPS 140-2 level 4 certified hardware;
experience a worry-free approach to multicloud key management through the all-in-one as-a-service solution and benefit from automatic key backups and built-in high availability secure business continuity and disaster recovery;
manage your keys seamlessly across multiple cloud environments and create keys securely and bring your own key seamlessly to hyperscalers such as Microsoft Azure AWS and Google Cloud Platform to enhance the data security posture and gain key control; and
protect data by pervasively encrypting data at rest and in transit with Keep Your Own Key (KYOK), having full control and authority over encryption keys and sole access to your master key.

Unified Key Orchestrator got awarded the Red Dot Award: Brands & Communication Design 2023.

Get started

Get two production grade crypto units at no charge for 30 days with code HPCRYPTO30

Getting started with IBM Cloud Hyper Protect Crypto Services

Benefits

Enhance your data security posture and handle keys with ease.

Control keys exclusively with technical assurance

Encrypt integrated IBM Cloud Services and applications with KYOK. Retain complete control of your data encryption keys with technical assurance and provide runtime isolation with confidential computing.

Integrate IBM Cloud services with Hyper Protect Crypto Services

Manage keys effortlessly across clouds

Enhance security and manage keys with Unified Key Orchestrator across IBM Cloud, Microsoft Azure, AWS and Google Cloud Platform, maximizing efficiency with its award-winning user experience.

Protect sensitive data while keeping control over your keys

Support quantum-safe cryptography

Protect your sensitive data with quantum-safe measures by using Hyper Protect Crypto Services' Dillithium for quantum-safe signing. Use a key management system to ensure crypto agility and future-proof your security against quantum threats.

Quantum-Safe Cryptography to protect data in the hybrid era

High security encryption and asset protection

Use the FIPS 140-2 Level 4 hardware security module to leverage the highest security level in the industry to store and transfer high-value digital assets in highly secure wallets reliable at scale.

Cloud HSM introduction

Meet compliance requirements

Adhere to various global guidelines and regulations, including those from NIST, GDPR, C5, ACSC/ASC, ECUC, ENISA, DPDPA, DORA and more. By maintaining control over your keys, you can achieve complete data privacy and sovereignty, enhancing data protection and control.

Security and compliance

Features

Worry-free multicloud key management

Create keys securely and seamlessly in a multicloud environment, including Microsoft Azure, AWS and Google Cloud Platform. Manage your keys under your exclusive control with a generic key lifecycle model based on NIST recommendations.

Monitor the lifecycle of encryption keys in Unified Key Orchestrator

HSM APIs and adapters

Use the API to interact with the key management service (KMS) to manage root keys and standard keys. The service is built on FIPS 140-2 Level 4 certified hardware and PKCS #11 is supported. Single-tenant dedicated HSM domains are fully controlled by you, and IBM Cloud administrators have no access—the highest security offered by any cloud provider in the industry.

Encrypt your data with cloud HSM

Additional features

IBM Cloud service encryption and key lifecycle management

Encrypt IBM Cloud services with keys under your control through KYOK integration for consistent adoption. Use a user-friendly GUI and Cloud APIs to track key lifecycles, ensuring unrecoverable deletion of data regardless of the source application.

Monitor the lifecycle of encryption keys

Service initialization through key ceremony

Take ownership of HSM. IBM is the first to provide cloud command-line interface (smart cards) for the HSM key ceremony to operate your HSM fully remotely. Key ceremony and smart cards management software is made available in the offering (with no extra charge).

Initialize your service instance

Built-in high availability and disaster recovery

Use a built-in central backup to redistribute and rotate keys to quickly recover from loss and minimize security threats. High availability and disaster recovery are available in the offering.

High availability and disaster recovery

Use cases

Discover business scenarios of Hyper Protect Crypto Services.

Encrypt storage devices with KYOK

The data in IBM Cloud services is encrypted with randomly generated keys. To enhance protection, you can control the encryption keys and use your own keys to encrypt your data. Also, you can use root keys in Hyper Protect Crypto Services to your cloud service of choice and leverage envelope encryption to add another layer of protection, KYOK, to your data, no one else including IBM Cloud administrators can access your data.

Start to encrypt Integrated IBM Cloud Services with KYOK

Enhance data security and reduce operational efforts in the multi cloud

Enhance data privacy for sensitive data, reduce risk in the cloud and establish a high-security ecosystem across AWS, Azure and GCP with customer-managed keys, also known as Bring Your Own Key (BYOK). With Unified Key Orchestrator, you can create, manage, and delete your cryptographic keys from one point of control, without dealing with different user interfaces. Ensure an efficient and fully audited key lifecycle management.

Protect data in multi cloud environment

Encrypt Kubernetes Secrets with HPCS

Safeguard highly sensitive data by using your own keys for encryption and manage your encryption keys with complete control. Hyper Protect Crypto Services creates highly secure keys and provides you with the exclusive control over the entire key hierarchy, including the master key of the HSM that protects the secrets as a service.

Explore the tutorial

Use Secure HSM generated Key for HashicorpVault

Learn how to integrate the FIPS 140-2 Level 4 certified HSM of IBM Cloud Hyper Protect Crypto Services with the auto-unseal and seal-wrap features of HashiCorp Vault Enterprise for privileged access management.

Explore the tutorial

Enhance your data security posture in VMware

Encrypt this storage through highly secure, industry-standard algorithms. To ensure that your sensitive and valuable data is protected, you can now leverage the KMIP adapter to use keys under your control from IBM Cloud Hyper Protect Crypto Services.

Protect data by pervasively encryption Data at rest and in transit with KYOK

The data in IBM Cloud services is encrypted with randomly generated keys. To enhance protection, you can control the encryption keys and use your own keys to encrypt your data. Additionally, you can use root keys in Hyper Protect Crypto Services to your cloud service of choice and leverage envelope encryption to add another layer of protection - keep your own key (KYOK)- to your data, no one else including IBM Cloud administrators can access your data.

Start to encrypt Integrated IBM Cloud Services with KYOK

Case studies

Revolutionizing data assurance in a cyber-contested world

Explore how Veritx's Fortis Quantum Solutions and IBM collaborate to advance data assurance in a challenging cyber landscape, employing cutting-edge technologies to enhance security and resilience.

Modernizing security: A risk-based approach

Discover how IBM emphasizes a risk-based approach to security in their pursuit of modernization, ensuring robust protection while adapting to evolving threats and technologies.

Confection's adoption of IBM Hyper Protect Crypto Services

Explore why Confection opts for IBM Hyper Protect Crypto, securing sensitive data with advanced encryption solutions for enhanced protection and compliance in their operations.

Supporting mission-critical workloads

Learn more about Aegean Airlines, BNP Paribas, Elaw Tecnologia SA and Home Trust and their partnership with IBM Cloud for its reliability and scalability, ensuring seamless operations for their mission-critical workloads.

IBM Cloud Advances with Bank of America and BNP Paribas

Discover how IBM and Bank of America collaborate to advance IBM Cloud for Financial Services, with BNP Paribas joining as a key client in Europe, leveraging enhanced capabilities to drive innovation and operational excellence in banking services.

DIA secures decentralized financial information with IBM Cloud

Learn how DIA uses IBM Cloud and confidential computing to enhance security for its decentralized financial information platform, ensuring robust protection and compliance with industry standards.

LevelField Financial chooses Metaco for Digital Asset Management on IBM Cloud

Discover how LevelField Financial partners with Metaco to launch digital asset management capabilities on IBM Cloud, leveraging secure and scalable solutions to enhance their financial services offerings.

Resources

IBM Cloud Hyper Protect Crypto Services docs

Discover procedures, API and CLI references as well as video resources that assist you to securely manage your keys using Hyper Protect Crypto Services.

Integration with IBM Cloud for VMware

Explore an overview of IBM Cloud Hyper Protect Crypto Services for VMware.

Integration with AWS KMS

Learn how to securely manage AWS S3 encryption keys by using Hyper Protect Crypto Services with Unified Key Orchestrator.