Nearly every business will engage with sensitive information, requiring network security to ensure the highest levels of data protection while applications and databases speak to each other. While cloud-based systems commit to fully encrypting traffic, private endpoints can increase the level of isolation.
Prevent data exposure to the public Internet
Web applications running on public cloud databases often do not want to be exposed to the public Internet. With private endpoints, traffic does not leave the internal IBM Cloud network and goes over the customer’s private network interface. Since the database is accessing the internal network only, all data transfer is free.
Easily connect to a private VPN network
Another consideration for organizations seeking to expand into public cloud databases, or move sensitive data from on-premises to cloud, is the connection to the organization’s private VPN network. Many businesses like to restrict access to their cloud database and design applications to run inside a private VPN network. To support this need, Db2 on Cloud can be deployed on an isolated network that is accessible through a secure Virtual Private Network (VPN). Using Private Endpoints makes connecting to a Db2 on Cloud database in an organization’s private VPN network on IBM Cloud safer and easier to do.
Allow exact database access to key IP addresses
Strengthening the trust for public cloud database deployments can be achieved through several of the items outlined above, but another key tactic is requesting IP address whitelisting. Db2 on Cloud’s Private Endpoint technology allows only specific applications to access your organization’s database through its whitelist functionality. Contact IBM support for help to add whitelisting rules for your Private Endpoint.