IBM Cloud® Hyper Protect Crypto Services is an as-a-service (aaS) key management and encryption solution, which gives you full control over your encryption keys for data protection.

The integrated Unified Key Orchestrator acts as a secure key repository for distributing and orchestrating keys across multiple clouds, enabling quick recovery from key loss or disasters. With Hyper Protect Crypto Services, you can: 

• build on the highest level of security with FIPS 140-2 level 4 certified hardware;
• experience a worry-free approach to multicloud key management through the all-in-one as-a-service solution and benefit from automatic key backups and built-in high availability secure business continuity and disaster recovery;
• manage your keys seamlessly across multiple cloud environments and create keys securely and bring your own key seamlessly to hyperscalers such as Microsoft Azure AWS and Google Cloud Platform to enhance the data security posture and gain key control; and
• protect data by pervasively encrypting data at rest and in transit with Keep Your Own Key (KYOK), having full control and authority over encryption keys and sole access to your master key.

Features

• **Worry-free multicloud key management: **Create keys securely and seamlessly in a multicloud environment, including Microsoft Azure, AWS and Google Cloud Platform. Manage your keys under your exclusive control with a generic key lifecycle model based on NIST recommendations.
• **HSM APIs and adapters: **Use the API to interact with the key management service (KMS) to manage root keys and standard keys. The service is built on FIPS 140-2 Level 4 certified hardware and PKCS #11 is supported. Single-tenant dedicated HSM domains are fully controlled by you, and IBM Cloud administrators have no access—the highest security offered by any cloud provider in the industry.
• **IBM Cloud service encryption and key lifecycle management: **Encrypt IBM Cloud services with keys under your control through KYOK integration for consistent adoption. Use a user-friendly GUI and Cloud APIs to track key lifecycles, ensuring unrecoverable deletion of data regardless of the source application.
• **Service initialization through key ceremony: **Take ownership of HSM. IBM is the first to provide cloud command-line interface (smart cards) for the HSM key ceremony to operate your HSM fully remotely. Key ceremony and smart cards management software is made available in the offering (with no extra charge).
• **Built-in high availability and disaster recovery: **Use a built-in central backup to redistribute and rotate keys to quickly recover from loss and minimize security threats. High availability and disaster recovery are available in the offering.   

Benefits

Enhance your data security posture and handle keys with ease.

• **Control keys exclusively with technical assurance: **Encrypt integrated IBM Cloud Services and applications with KYOK. Retain complete control of your data encryption keys with technical assurance and provide runtime isolation with confidential computing.
• **Manage keys effortlessly across clouds: **Enhance security and manage keys with Unified Key Orchestrator across IBM Cloud, Microsoft Azure, AWS and Google Cloud Platform, maximizing efficiency with its award-winning user experience.
• **Support quantum-safe cryptography: **Protect your sensitive data with quantum-safe measures by using Hyper Protect Crypto Services' Dillithium for quantum-safe signing. Use a key management system to ensure crypto agility and future-proof your security against quantum threats.
• **High security encryption and asset protection: **Use the FIPS 140-2 Level 4 hardware security module to leverage the highest security level in the industry to store and transfer high-value digital assets in highly secure wallets reliable at scale.
• **Meet compliance requirements. **Adhere to various global guidelines and regulations, including those from NIST, GDPR, C5, ACSC/ASC, ECUC, ENISA, DPDPA, DORA and more. By maintaining control over your keys, you can achieve complete data privacy and sovereignty, enhancing data protection and control.