IBM powers up cloud service for managing crypto keys
As in encryption, not coins, thankfully
IBM has unveiled a cloud-based key management service that should make it easier for organizations to manage encryption keys across complex multi-cloud hybrid environments, as well as on-premises.
The new support comes in the form of the Unified Key Orchestrator, a multi-cloud key management product sold as a managed service as part of IBM's Cloud Hyper Protect Crypto Services.
Many organizations have by now adopted a multi-cloud strategy, hosting workloads in the most advantageous location, whether that is in a public cloud or in the organization's own datacenter.
However, protecting your data through encryption in this scenario means managing keys in silos on-premises and in multiple clouds, and this can lead to challenges in demonstrating compliance, ensuring the right security posture and maintaining data governance and sovereignty, IBM said.
In particular, Big Blue claims it learned from customers that managing keys across a hybrid cloud environment is costly and requires deep security expertise, and that moving workloads means that security teams have to learn multiple cloud key lifecycle management systems.
To address these issues, the Unified Key Orchestrator provides administrators with a single control plane for all their organization’s encryption keys. The keys themselves are protected by the customer's own master key on the service's HSM (hardware security module).
Unified Key Orchestrator also provides for secure transfer of keys to internal keystores and external keystores used by the services that customers have access to, such as Microsoft's Azure Key Vault and AWS KMS.
The service acts as a central hub for backing up all the keys used by an organization and is able to quickly redistribute keys to recover from errors resulting from lost keys, IBM said.
- Satellite comms networks on alert after US govt warning
- The long-term strategy behind IBM's Red Hat purchase
- Teradata: Public cloud sales soar from low base, majority of business still on-prem
- Telecoms consulting outfit Sentaca disappears inside IBM's Hybrid Cloud Services
If all this sounds too good to be true, here's the rub: the service is only available via IBM Cloud, which is proving to be a less popular choice among many enterprise customers these days than the big three cloud providers – Azure, AWS and GCP.
However, to sweeten the deal, IBM points out that Unified Key Orchestrator provides a tiered pricing model designed to reduce the complexity and cost of managing multiple key management systems.
It also provides an API that customers can use to plug the Unified Key Orchestrator into their DevOps process to integrate key management when they deploy workloads to the cloud.®