Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
    • HelpHelp
      • Docs
  • Log in
  • Sign up
  • Catalog
  • Cost Estimator
  • Help
    • Docs

  • Navigation settings

Error

Change theme

This feature is in early stage, some parts of the platform might not fully support different themes yet.

  1. Catalog

Hyper Protect Crypto Services

Keep Your Own Key for cloud data encryption with a dedicated key management service built on FIPS 140-2 Level 4 certified HSM.

  • Date of last update: 05/26/2023
  • Docs
  • API docs
Type
  • Service
Provider
  • IBM
Last updated
  • 05/26/2023
Category
  • Security
Compliance
  • Financial Services Validated
  • IAM-enabled
Related links
  • API docs
  • Docs
  • Terms

Pricing plans

PlanFeatures and capabilitiesPricing

Type
  • Service
Provider
  • IBM
Last updated
  • 05/26/2023
Category
  • Security
Compliance
  • Financial Services Validated
  • IAM-enabled
Related links
  • API docs
  • Docs
  • Terms

Summary

Keep Your Own Key for cloud data encryption with IBM Cloud Hyper Protect Crypto Services, a dedicated Key Management Service (KMS) and Hardware Security Module (HSM) service. This single tenant KMS provides exclusive control of encryption keys with key-vaulting provided by dedicated, customer controlled, FIPS 140-2 Level 4 certified HSMs.

Features and capabilities

1. Key Management
Key lifecycle management

Hyper Protect Crypto Services provides a single-tenant key management service that allows you to create, import, rotate, and manage keys with standardized APIs. Once the encryption keys are deleted, you can be assured that your data is no longer retrievable.

Encryption for IBM Cloud services

By integrating with other IBM Cloud services, Hyper Protect Crypto Services offers the capability of bringing your own encryption to the cloud. The service provides double-layer protection for your cloud data by wrapping the encryption keys associated with your cloud services.

Access management and auditing

Hyper Protect Crypto Services integrates with IBM Cloud Identity and Access Management (IAM) to enable your granular control over user access to service resources. You can also monitor activities of Hyper Protect Crypto Services using IBM Cloud Activity Tracker with LogDNA service.

2. Cloud HSM
Customer-controlled HSM

With Keep Your Own Key, Hyper Protect Crypto Services allows you to take the ownership of the HSM through assigning your own administrators and loading master keys. This ensures your full control of the entire key hierarchy where no IBM Cloud administrators have access to your keys.

Cryptographic operations

Hyper Protect Crypto Services supports Enterprise PKCS #11 for cryptographic operations. This includes generating keys, encrypting and decrypting data, signing data, and verifying signatures. The cryptographic functions are executed in HSMs and can be accessed through APIs to provide hardware-based protection for your applications.

Security certification

The service is built on FIPS 140-2 Level 4-certified hardware, the highest offered by any cloud provider in the industry. The HSM is also certified to meet the Common Criteria Part 3 conformant EAL 4.

Compliance: GDPR, HIPAA, ISO 27001/27017/27018

Getting support

If you're experiencing issues with this product, go to the IBM Cloud Support Center and navigate to creating a case. Use the All products option to search for this product to continue creating the case or to find more information about getting support. Third party and community supported products might direct you to a support process outside of IBM Cloud.

Summary

Hyper Protect Crypto Services

    Already have an account? Log in