July 19, 2019 By Zeeshan Khan 3 min read

Data security is critical, and it is a shared responsibility.

With ever-changing market dynamics and the need for our clients to support multiple use cases within their environments, Cloud Service Providers are held to higher standards as it pertains to satisfying the technology requirements. The chief requirement among them is the data security of end-user storage data.

At IBM, the security of client data is always a top priority. However, it is equally important for our clients to understand that data security is a shared responsibility. A good number of data security breaches could be prevented by ensuring that strict access control policies are in place and enforced throughout the data lifecycle. IBM is committed in sharing this responsibility with our clients to help ensure that they feel confident in storing data on IBM Cloud (see the “Security in the IBM Cloud” page for more information).

Security in IBM Cloud Object Storage

Designed and built with IBM’s best practices for security, IBM Cloud Object Storage provides our clients with the ability to securely store large volumes of unstructured data in a cost-effective way. Here are some of the security features included in the offering:

Secure to the Core

IBM Cloud Object Storage uses SecureSlice™ technology that combines Information Dispersal Algorithm (IDA) and an All-or-Nothing Transform (AONT) to ensure data confidentiality, integrity, and availability. With SecureSlice™, data slices are distributed across multiple geographic locations (or devices within a single data center), are always encrypted, and no full copy of data exists on any individual storage node.

By default, all objects stored on IBM Cloud Object Storage are encrypted at-rest using randomly generated keys and an all-or-nothing transform. IBM Cloud Object Storage provides the flexibility to encrypt individual objects with customer provided root encryption keys (referred to as Server-Side Encryption with Customer Provided Keys or SSE-C).

Clients requiring granular control and management of Data Encryption Keys (DEKs) can bring their own root keys to the IBM Cloud and use them to encrypt the DEKs that are generated with IBM Cloud Object Storage. This can be accomplished by leveraging integration of IBM Cloud Object Storage with IBM Key Protect. With Key Protect, clients can create, add, and manage root keys, which can be associated with an instance of IBM Cloud Object Storage when creating buckets (referred to as Server-Side Encryption with IBM Key Protect or SSE-KP).

Please review the product documentation page for additional details on how to set up and leverage IBM Key Protect with IBM Cloud Object Storage buckets.

Using a firewall to restrict access to Cloud Object Storage buckets

IBM Cloud Object Storage provides the ability to restrict access to buckets by using a bucket-level firewall that will only allow access if the request originates from a trusted network. Access can be restricted to a specific IP address within your network. Read more about this feature in the “Setting a firewall” section on our product page.

Integration with IBM Cloud Identity and Access Management (IAM)

To control the level of access provided across various resources within IBM Cloud, clients can leverage IBM Cloud Identity and Access Management (IAM). IAM access policies are used to assign users and service IDs access to the resources within your IBM Cloud catalog. Users and service IDs can also be grouped together into an access group to make it easier to control the level of access provided.

IAM access policies and credentials management can also be used to control access to the individual IBM Cloud Object Storage buckets which are used to create logical segregation of objects stored. Bucket-level permissions can be set via UI or API to grant specific access roles to certain users.

You can also find out information and steps on how to use IAM with IBM Cloud Object Storage on our getting started with IAM product page.

Get started with IBM Cloud Object Storage

The aforementioned features of IBM Cloud Object Storage and integrations with other IBM Cloud services provide a high-level view of built-in security features and options available to our clients. Depending on the use case(s), clients are able to leverage a combination of the features outlined and set appropriate access policies and restrictions to govern the use and sharing of data within their organizations.

With the various industry compliance certifications and the underlying security features, IBM Cloud Object Storage provides our clients with a secure, cost-effective, and simple option to satisfy data storage requirements.

Additional information on the offering and details around the features is available from our product page.

For more information on object storage technology, see “Object Storage: A Complete Guide.”

Was this article helpful?

More from Cloud

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters