Security and Compliance for IBM dashDB and Cloudant

Share this post:

I often get asked about the security features of IBM dashDB and Cloudant. Both are database services (“DBaaS”) offered on IBM Bluemix. Once the security topic is addressed, compliance-related questions are next. A good chunk of questions can be answered by reviewing the provided product documentation. Below are the links to get you started on database security and compliance.

Security and Compliance Documentation

Both dashDB and Cloudant are listed on the security and compliance page for Bluemix as having the ISO 27001 and SOC 2 certifications. Also, the basic concepts of securing data-at-rest (data stored on disk), data-in-transit (data transmitted over the network) and data-in-use (data currently processed in memory) are explained. Overview information for data protection is also provided in the guide to Securing Workloads on IBM Cloud. Bluemix also provides a Trust Center on its product portal. But that is just general information. For specifics we have to visit the product-related documentation.

For the Cloudant database-as-as-service there is information on the Bluemix documentation site as well as on the Cloudant site:

• General Cloudant Overview offered by Bluemix documentation.
• The security concepts and details can be found on the Cloudant DBaaS Data Protection & Security page at Cloudant.
• The page Cloudant Security Compliance provide an overview and more information on the ISO 27001 and SOC 2 certifications as well as on HIPAA, a certification for the health insurance industry.

For dashDB similar information can be found again on the Bluemix documentation site as well as in the Knowledge Center for dashDB.:

• An overview of dashDB along with resource links is offered by the Bluemix documentation.
• In the Knowledge Center is an overview page for the IBM dashDB security and compliance topics.
• The Security Compliances for dashDB Managed Service lists details on the ISO 27001, SOC 2 and HIPAA certifications and which service plans have been certified.
• Some details regarding encrypted data-at-rest for both the data stored in the database and in backups is in the overview of dashDB Managed Service.

I hope that the provided links help to answer your general questions on Cloudant and dashDB security and compliance topics, two of the DBaaS offerings on Bluemix.