Hyper Protect Crypto Services is a dedicated key management services and hardware security module (HSM) - using FIPS 140-2 Level 4 certified hardware. The same state of the art cryptographic technology relied upon by banks and financial services is now offered to cloud users via IBM Cloud.
You can Keep Your Own Keys by uploading your own master key protected by FIPS 140-2 Level 4 certified hardware.
You can enable the security benefits of Bring Your Own Key (BYOK) by importing your own root of trust encryption keys, called Customer Root Keys (CRKs), into the service. With the Key Protect API, you can use a CRK to wrap (encrypt) and unwrap (decrypt) the keys that are associated with your data resources, so you control the security of your encrypted data in the cloud.