Cloud
Security
July 19, 2019 By Zeeshan Khan 3 min read

Data security is critical, and it is a shared responsibility.

With ever-changing market dynamics and the need for our clients to support multiple use cases within their environments, Cloud Service Providers are held to higher standards as it pertains to satisfying the technology requirements. The chief requirement among them is the data security of end-user storage data.

At IBM, the security of client data is always a top priority. However, it is equally important for our clients to understand that data security is a shared responsibility. A good number of data security breaches could be prevented by ensuring that strict access control policies are in place and enforced throughout the data lifecycle. IBM is committed in sharing this responsibility with our clients to help ensure that they feel confident in storing data on IBM Cloud (see the “Security in the IBM Cloud” page for more information).

Security in IBM Cloud Object Storage

Designed and built with IBM’s best practices for security, IBM Cloud Object Storage provides our clients with the ability to securely store large volumes of unstructured data in a cost-effective way. Here are some of the security features included in the offering:

Secure to the Core

IBM Cloud Object Storage uses SecureSlice™ technology that combines Information Dispersal Algorithm (IDA) and an All-or-Nothing Transform (AONT) to ensure data confidentiality, integrity, and availability. With SecureSlice™, data slices are distributed across multiple geographic locations (or devices within a single data center), are always encrypted, and no full copy of data exists on any individual storage node.

By default, all objects stored on IBM Cloud Object Storage are encrypted at-rest using randomly generated keys and an all-or-nothing transform. IBM Cloud Object Storage provides the flexibility to encrypt individual objects with customer provided root encryption keys (referred to as Server-Side Encryption with Customer Provided Keys or SSE-C).

Clients requiring granular control and management of Data Encryption Keys (DEKs) can bring their own root keys to the IBM Cloud and use them to encrypt the DEKs that are generated with IBM Cloud Object Storage. This can be accomplished by leveraging integration of IBM Cloud Object Storage with IBM Key Protect. With Key Protect, clients can create, add, and manage root keys, which can be associated with an instance of IBM Cloud Object Storage when creating buckets (referred to as Server-Side Encryption with IBM Key Protect or SSE-KP).

Please review the product documentation page for additional details on how to set up and leverage IBM Key Protect with IBM Cloud Object Storage buckets.

Using a firewall to restrict access to Cloud Object Storage buckets

IBM Cloud Object Storage provides the ability to restrict access to buckets by using a bucket-level firewall that will only allow access if the request originates from a trusted network. Access can be restricted to a specific IP address within your network. Read more about this feature in the “Setting a firewall” section on our product page.

Integration with IBM Cloud Identity and Access Management (IAM)

To control the level of access provided across various resources within IBM Cloud, clients can leverage IBM Cloud Identity and Access Management (IAM). IAM access policies are used to assign users and service IDs access to the resources within your IBM Cloud catalog. Users and service IDs can also be grouped together into an access group to make it easier to control the level of access provided.

IAM access policies and credentials management can also be used to control access to the individual IBM Cloud Object Storage buckets which are used to create logical segregation of objects stored. Bucket-level permissions can be set via UI or API to grant specific access roles to certain users.

You can also find out information and steps on how to use IAM with IBM Cloud Object Storage on our getting started with IAM product page.

Get started with IBM Cloud Object Storage

The aforementioned features of IBM Cloud Object Storage and integrations with other IBM Cloud services provide a high-level view of built-in security features and options available to our clients. Depending on the use case(s), clients are able to leverage a combination of the features outlined and set appropriate access policies and restrictions to govern the use and sharing of data within their organizations.

With the various industry compliance certifications and the underlying security features, IBM Cloud Object Storage provides our clients with a secure, cost-effective, and simple option to satisfy data storage requirements.

Additional information on the offering and details around the features is available from our product page.

For more information on object storage technology, see “Object Storage: A Complete Guide.”

Was this article helpful?
YesNo
Zeeshan Khan
Principal Offering Manager, Cloud Object Storage

More from Cloud
July 19, 2024

IBM Cloud Virtual Servers and Intel launch new custom cloud sandbox

4 min read - A new sandbox that use IBM Cloud Virtual Servers for VPC invites customers into a nonproduction environment to test the performance of 2nd Gen and 4th Gen Intel® Xeon® processors across various applications. Addressing performance concerns in a test environment Performance testing is crucial to understanding the efficiency of complex applications inside your cloud hosting environment. Yes, even in managed enterprise environments like IBM Cloud®. Although we can deliver the latest hardware and software across global data centers designed for…

July 18, 2024

10 industries that use distributed computing

6 min read - Distributed computing is a process that uses numerous computing resources in different operating locations to mimic the processes of a single computer. Distributed computing assembles different computers, servers and computer networks to accomplish computing tasks of widely varying sizes and purposes. Distributed computing even works in the cloud. And while it’s true that distributed cloud computing and cloud computing are essentially the same in theory, in practice, they differ in their global reach, with distributed cloud computing able to extend…

July 16, 2024

How a US bank modernized its mainframe applications with IBM Consulting and Microsoft Azure

9 min read - As organizations strive to stay ahead of the curve in today's fast-paced digital landscape, mainframe application modernization has emerged as a critical component of any digital transformation strategy. In this blog, we'll discuss the example of a US bank which embarked on a journey to modernize its mainframe applications. This strategic project has helped it to transform into a more modern, flexible and agile business. In looking at the ways in which it approached the problem, you’ll gain insights into…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters