Introduction

The next step is to create a Key Protect service and a Root Key. In the Regulated Archive scenario, Key Protect and COS work together to help protect the regulated data while at rest. This added protection encrypts the data encryption keys (DEKs) associated with the COS. To completely understand how the COS and Key Protect integration works, go here.

In this scenario, IBM Key Protect is used. In other client scenarios, IBM Hyper Protect Crypto Services may be required.

IBM Key Protect for IBM Cloud is a full-service encryption solution that allows data to be secured and stored in IBM Cloud using the latest envelope encryption techniques that leverage FIPS 140-2 Level 3 certified cloud-based hardware security modules. Learn more about IBM Key Protect here.

Learn more about IBM Hyper Protect Crypto Services here and its ability to provide a higher level of security like FIPS 140-2 Level 4.

Key Protect services are specific to an IBM Cloud location. In this demonstration, a new Root Key will be generated via the IBM Cloud Portal, but Key Protect also supports Bring Your Own Key (BYOK).