Pricing plans
| Plan | Features and capabilities | Pricing | |
|---|---|---|---|
Summary
A dedicated key management service and Hardware Security Module (HSM) provides you with the Keep Your Own Key capability for cloud data encryption. Built on FIPS 140-2 Level 4 certified hardware, Hyper Protect Crypto Services provides you with exclusive control of your encryption keys. With Unified Key Orchestrator, you can connect your service instance to keystores in IBM Cloud and third-party cloud providers, back up and manage keys using a unified system, and orchestrate keys across multiple clouds.
Features and capabilities
1. Key Management
Key lifecycle management
Hyper Protect Crypto Services provides a single-tenant key management service that allows you to create, import, rotate, and manage keys with standardized APIs. Once the encryption keys are deleted, you can be assured that your data is no longer retrievable.
Encryption for IBM Cloud services
By integrating with other IBM Cloud services, Hyper Protect Crypto Services offers the capability of bringing your own encryption to the cloud. The service provides double-layer protection for your cloud data by wrapping the encryption keys associated with your cloud services.
Access management and auditing
Hyper Protect Crypto Services integrates with IBM Cloud Identity and Access Management (IAM) to enable your granular control over user access to service resources. You can also monitor activities of Hyper Protect Crypto Services using IBM Cloud Activity Tracker with LogDNA service.
2. Cloud HSM
Customer-controlled HSM
With Keep Your Own Key, Hyper Protect Crypto Services allows you to take the ownership of the HSM through assigning your own administrators and loading master keys. This ensures your full control of the entire key hierarchy where no IBM Cloud administrators have access to your keys.
Cryptographic operations
Hyper Protect Crypto Services supports Enterprise PKCS #11 for cryptographic operations. This includes generating keys, encrypting and decrypting data, signing data, and verifying signatures. The cryptographic functions are executed in HSMs and can be accessed through APIs to provide hardware-based protection for your applications.
Security certification
The service is built on FIPS 140-2 Level 4-certified hardware, the highest offered by any cloud provider in the industry. The HSM is also certified to meet the Common Criteria Part 3 conformant EAL 4.
3. Unified Key Orchestrator
Connection to external keystores
Unified Key Orchestrator provides key lifecycle management according to NIST recommendations and secure transfer of keys to internal keystores in the service instance or external keystores. You can push your keys to third-party cloud keystores, such as Azure Key Vault, AWS Key Management Service (KMS), Google Cloud KMS, or IBM Key Protect for IBM Cloud, distribute keys across keystores, and manage keys and keystores through both the UI and REST API.
Unified key backup and management system
Unified Key Orchestrator enables you to back up all keys in IBM Cloud. You can redistribute keys through your Hyper Protect Crypto Services instance to quickly recover from fatal cloud errors. And at the same time, you own the root trust of your key hierarchy.
Key orchestration across multiple clouds
You can orchestrate keys through a single and unified user experience across multiple clouds with an auditable key lifecycle orchestration mechanism.
Compliance: GDPR, HIPAA, ISO 27001/27017/27018, SOC 2 Type 1, IRAP, IBM Cloud for Financial Services
Getting support
If you're experiencing issues with this product, go to the IBM Cloud Support Center and navigate to creating a case. Use the All products option to search for this product to continue creating the case or to find more information about getting support. Third party and community supported products might direct you to a support process outside of IBM Cloud.