Today, we are announcing a new cloud security capability called context-based restrictions.

Context-based restrictions give account owners and administrators the ability to define and enforce access restrictions for IBM Cloud® resources based on the context of the access request, such as network attributes.

These restrictions work with traditional IAM policies (which are based on identity) to provide an extra layer of protection. Since both IAM access and context-based restrictions define access, context-based restrictions offer protection even in the face of compromised or mismanaged credentials.

How do context-based restrictions work?

An account administrator manages context-based restrictions via rules. A context-based restrictions rule associates an IBM Cloud resource with one or more contexts, where each context describes a set of conditions that an access request must satisfy in order for that access to be permitted.

Today, a context can describe conditions based on any combination of the following:

  • The client IP from which the request originated.
  • The service endpoint type on which the request was received (e.g., public vs private).

Note that the concept of contexts is defined to be extensible and allows for future support of additional conditions.

Start using context-based restrictions

Strengthen your security strategy by applying context-based restrictions to your resources. To learn how to restrict account management service requests to the contexts you define, complete this tutorial

Today, you can create context-based restrictions for the following services:

  • IAM Users
  • IAM Groups
  • IAM Access Policy Management
  • IAM Custom roles

Support for additional services will be added in the future.

You can create context-based restrictions with your method of choice: 

To learn more, see What are context-based restrictions?

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters