Community
Security and Compliance for IBM dashDB and Cloudant
February 14, 2017 | Written by: Henrik Loeser
Share this post:
I often get asked about the security features of IBM dashDB and Cloudant. Both are database services (“DBaaS”) offered on IBM Bluemix. Once the security topic is addressed, compliance-related questions are next. A good chunk of questions can be answered by reviewing the provided product documentation. Below are the links to get you started on database security and compliance.
Security and Compliance Documentation
Both dashDB and Cloudant are listed on the security and compliance page for Bluemix as having the ISO 27001 and SOC 2 certifications. Also, the basic concepts of securing data-at-rest (data stored on disk), data-in-transit (data transmitted over the network) and data-in-use (data currently processed in memory) are explained. Overview information for data protection is also provided in the guide to Securing Workloads on IBM Cloud. Bluemix also provides a Trust Center on its product portal. But that is just general information. For specifics we have to visit the product-related documentation.
For the Cloudant database-as-as-service there is information on the Bluemix documentation site as well as on the Cloudant site:
- General Cloudant Overview offered by Bluemix documentation.
- The security concepts and details can be found on the Cloudant DBaaS Data Protection & Security page at Cloudant.
- The page Cloudant Security Compliance provide an overview and more information on the ISO 27001 and SOC 2 certifications as well as on HIPAA, a certification for the health insurance industry.
For dashDB similar information can be found again on the Bluemix documentation site as well as in the Knowledge Center for dashDB.:
- An overview of dashDB along with resource links is offered by the Bluemix documentation.
- In the Knowledge Center is an overview page for the IBM dashDB security and compliance topics.
- The Security Compliances for dashDB Managed Service lists details on the ISO 27001, SOC 2 and HIPAA certifications and which service plans have been certified.
- Some details regarding encrypted data-at-rest for both the data stored in the database and in backups is in the overview of dashDB Managed Service.
I hope that the provided links help to answer your general questions on Cloudant and dashDB security and compliance topics, two of the DBaaS offerings on Bluemix.

Technical Offering Manager / Developer Advocate
Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains
IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.
How to Automate TLS Certificate Rotation to Avoid Outages
In this post, we'll share how you can make sure you have end-to-end protection for data in transit without running into any TLS certificate expiry issues.
Track Your Cloud Activities Using IBM Cloud Activity Tracker with LogDNA
With IBM Cloud Activity Tracker with LogDNA, you can improve the security monitoring of your application by setting alerts for user access patterns and gain greater trackability for how your Cloud Service and Cloud Account is being used, configured, and accessed.