A centralized key management software for handling your sensitive encryption keys

Unified Key Orchestrator for IBM® z/OS®, formerly IBM Enterprise Key Management Foundation-Web Edition, is a key management software that centrally orchestrates and secures the lifecycle of encryption keys across your enterprise for both on-premises and multiple cloud environments, including IBM Cloud®, AWS KMS, Azure Key Vault and Google Cloud.

Unified Key Orchestrator for z/OS (UKO for z/OS) can help your enterprise manage and move key management workloads across and between your on-premises and cloud environments, assisting with compliance and security. With UKO for z/OS, you can manage your encryption keys across your enterprise from a single, trusted user interface. Deployed as a z/OS software, UKO for z/OS enables you to orchestrate keys across all your IBM z/OS systems and multiple public clouds. It even extends support to key management for zKey on Linux® on IBM Z® and IBM Security® Guardium® Key Lifecycle Manager. Unified Key Orchestrator for z/OS is also designed for key management specific to IBM z/OS data set encryption to support your IBM Z Pervasive Encryption journey.

Features

• **Data set dashboard: **Proactively manage your data set encryption deployment with an enterprise view of which data sets are encrypted and which keys are in use.
• **Security-rich key generation: **Generate keys with IBM Federal Information Processing Standards (FIPS) 140-2 level 4 certified CryptoExpress card on IBM Z for hardware-generated keys.
• **Policy-based key generation: **Create your key templates to generate keys that adhere to your internal policies such as enforcing key naming conventions.
• **Role-based access and dual control: **Comply with security standards with role-based access that defines functions for each role, and enforce dual control requiring 2 or more people to activate EKMF.
• **External RESTful API: **Integrate key management with your business processes. Set up keys for Pervasive Encryption, Key Protect, Azure, AWS, zkey, Google Cloud and IBM Security® Guardium® Key Lifecycle Manager (GKLM).
• **Advanced auditability and compliance: **Provide auditors with consolidated key management logs for all keys managed.
• **Key rotation: **Rotate managed keys, including master keys, on demand to comply with your policy requirements.
• **Multi-tenancy: **Use secure repositories with fine-grained access controls known as vaults to enable multi-tenancy and self-service key management.
• **Secure room operation: **Set up UKO for z/OS and Enterprise Key Management Foundation Workstation (EKMF Workstation) for secure room operation.

Benefits

• **Unified key management: **Orchestrate your keys across your enterprise for both on-premises and cloud environments from a single pane of glass.
• **Multicloud key management: **Prepare and use Bring Your Own Key (BYOK) for a secure transfer to IBM Cloud Key Protect, AWS KMS, Microsoft Azure Vault and Google Cloud.
• **Central backup and recovery: **Back up and recover key material to prevent losing access due to cryptographic erasure.