Locking the front door offers a measure of protection, but it’s the key that provides ultimate control.

In the world of enterprise computing, data encryption is an important step to guard against network attacks and theft, but the real test involves how security keys are stored and managed. IBM Corp. has recently introduced Cloud Hyper Protect Crypto Services for encryption and key management.

The same cryptographic technology used by IBM’s banking and financial customers is now being offered to cloud users as well. “As some people would say, encryption is for amateurs; key management is for professionals,” said Nataraj Nagaratnam (pictured), distinguished engineer, chief technology officer, and director of cloud security at IBM. “Ultimately, it comes down to how you manage your keys.”

Nagaratnam spoke with Dave Vellante (@dvellante) and Stu Miniman (@stu), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the IBM Think event in San Francisco, California. They discussed the value of key management and new security tools to protect applications in containerized environments. (* Disclosure below.)

High-level cloud certification

IBM’s new key management service for cloud users is the only Hardware Security Module designed to meet FIPS 140-2 Level 4 certification in the public cloud market, according to the company. The same key management technology is used in the backbone of IBM’s Enterprise Blockchain.

“It’s not just bring your own keys; it’s keep your own keys,” Nagaratnam said. “This is a shift because now customers can gain more confidence with that. We are bringing that to cloud to make the data secure.”

In addition to the key management offering, IBM also released on Monday the beta version of its Cloud Data Shield, which was initially announced in November. The product is designed to provide data-in-use protection for container workloads that run on IBM’s Cloud Kubernetes Service.

Leveraging Intel Software Guard Extensions, or SGX, Data Shield protects critical aspects of application functionality in memory.

“It is developer focused on the experience so that in a single click in an automated way, they can protect their apps,” Nagaratnam explained. “That’s our goal; that’s where our customers want to go, and we are addressing that with these capabilities.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the IBM Think event. (* Disclosure: IBM Corp. sponsored this segment of theCUBE. Neither IBM nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE