Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
    • HelpHelp
      • Docs
  • Log in
  • Sign up
  • Catalog
  • Cost Estimator
  • Help
    • Docs

  • Navigation settings

Error

Change theme

This feature is in early stage, some parts of the platform might not fully support different themes yet.

Themes
  1. Catalog

Hyper Protect Crypto Services

Keep Your Own Key for cloud data encryption with a dedicated key management service built on FIPS 140-2 Level 4 certified HSM.

  • Date of last update: 07/24/2024
  • Docs
  • API docs
  • Service
  • IBM
  • 07/24/2024
  • Security
  • Financial Services Validated
  • IAM-enabled
  • API docs
  • Docs
  • Terms

Pricing plans

PlanFeatures and capabilitiesPricing

  • Service
  • IBM
  • 07/24/2024
  • Security
  • Financial Services Validated
  • IAM-enabled
  • API docs
  • Docs
  • Terms

Summary

A dedicated key management service and Hardware Security Module (HSM) provides you with the Keep Your Own Key capability for cloud data encryption. Built on FIPS 140-2 Level 4 certified hardware, Hyper Protect Crypto Services provides you with exclusive control of your encryption keys. With Unified Key Orchestrator, you can connect your service instance to keystores in IBM Cloud and third-party cloud providers, back up and manage keys using a unified system, and orchestrate keys across multiple clouds.

Features and capabilities

1. Key Management
Key lifecycle management

Hyper Protect Crypto Services provides a single-tenant key management service that allows you to create, import, rotate, and manage keys with standardized APIs. Once the encryption keys are deleted, you can be assured that your data is no longer retrievable.

Encryption for IBM Cloud services

By integrating with other IBM Cloud services, Hyper Protect Crypto Services offers the capability of bringing your own encryption to the cloud. The service provides double-layer protection for your cloud data by wrapping the encryption keys associated with your cloud services.

Access management and auditing

Hyper Protect Crypto Services integrates with IBM Cloud Identity and Access Management (IAM) to enable your granular control over user access to service resources. You can also monitor activities of Hyper Protect Crypto Services using IBM Cloud Activity Tracker with LogDNA service.

2. Cloud HSM
Customer-controlled HSM

With Keep Your Own Key, Hyper Protect Crypto Services allows you to take the ownership of the HSM through assigning your own administrators and loading master keys. This ensures your full control of the entire key hierarchy where no IBM Cloud administrators have access to your keys.

Cryptographic operations

Hyper Protect Crypto Services supports Enterprise PKCS #11 for cryptographic operations. This includes generating keys, encrypting and decrypting data, signing data, and verifying signatures. The cryptographic functions are executed in HSMs and can be accessed through APIs to provide hardware-based protection for your applications.

Security certification

The service is built on FIPS 140-2 Level 4-certified hardware, the highest offered by any cloud provider in the industry. The HSM is also certified to meet the Common Criteria Part 3 conformant EAL 4.

3. Unified Key Orchestrator
Connection to external keystores

Unified Key Orchestrator provides key lifecycle management according to NIST recommendations and secure transfer of keys to internal keystores in the service instance or external keystores. You can push your keys to third-party cloud keystores, such as Azure Key Vault, AWS Key Management Service (KMS), Google Cloud KMS, or IBM Key Protect for IBM Cloud, distribute keys across keystores, and manage keys and keystores through both the UI and REST API.

Unified key backup and management system

Unified Key Orchestrator enables you to back up all keys in IBM Cloud. You can redistribute keys through your Hyper Protect Crypto Services instance to quickly recover from fatal cloud errors. And at the same time, you own the root trust of your key hierarchy.

Key orchestration across multiple clouds

You can orchestrate keys through a single and unified user experience across multiple clouds with an auditable key lifecycle orchestration mechanism.

Compliance: GDPR, HIPAA, ISO 27001/27017/27018, SOC 2 Type 1, IRAP, IBM Cloud for Financial Services

Getting support


If you're experiencing issues with this product, go to the IBM Cloud Support Center and navigate to creating a case. Use the All products option to search for this product to continue creating the case or to find more information about getting support. Third party and community supported products might direct you to a support process outside of IBM Cloud.

Summary

Hyper Protect Crypto Services

    Already have an account? Log in