Yes, cloud can be more secure than your own data center

Organizations like yours, large and small, are relying on a cloud that is designed to be secure, protected and aligned with key standards.

As these companies become more digital, cloud is helping them transform - securely. They are using encryption, monitoring for vulnerabilities and deploying a wide range of security practices to drive confidence and stay protected.

They’re doing all this with IBM Cloud.

Cloud security you can trust

Security leadership

Security is embedded throughout our offering lifecycle.

  • Deliver security by design, achieved through our Secure Engineering Framework (see Redguide in Resources list)
  • Focus on enforced standards, tested processes and dedicated tools to protect your data
  • Ensure annual security education and certification by employees to comply with established Business Conduct Guidelines (see Resources)
  • Provide operational security enforced by scanning and intrusion detection, continuously updated to keep ahead of new attack vectors
  • Perform regular audits to verify that operational security meets controls
  • Monitor a global security incident process 24/7/365; trained personnel ready to strike in the event of a security incident
  • Manage user access with a policy-based authentication service that provides an easy to embed single sign-on capability for Node.js or Liberty for Java™ applications
  • Deliver application security scanning services for web and mobile apps across both static (white box) and dynamic (black box) testing
  • Minimize data center and server exposure to outside threats with three distinct and redundant architectures

Protecting your data

Our services are designed to protect your proprietary content and data.

  • Access to client data, including any personal data, is allowed only by authorized personnel in accordance with principles of segregation of duties, strictly controlled under identity and access management policies, and monitored in accordance with IBM’s internal privileged user monitoring and auditing program.
  • Access to your data is only granted as necessary to deliver services and support to you (i.e., least required privilege).
  • We are choosing strategically to align with many industry and country requirements, while continuously monitoring regulatory environments for new requirements.
  • For situations when you have chosen a cloud service hosted in a data center located in the United States, many IBM cloud services are Privacy Shield certified. View a full list of IBM cloud services included in the IBM Privacy Shield certification, as well as details on the IBM Privacy Shield Privacy Policy.
  • For information on IBM's conduct of the company with respect to privacy and security, please see the Governance section of IBM's 2015 Corporate Responsibility Report.
  • IBM will sign EU Model Clauses (EUMC) agreements where required.

Aligned with industry and global standards

IBM has a common set of security standards across the IBM Cloud portfolio. We regularly review them against commonly accepted industry standards and regulation. Each offering is aligned with specific standards – see the offering terms for more information.

  • ISO 27001
  • ISO/IEC 27017:2015
  • ISO 27018:2014
  • FISMA and FedRAMP
  • MTCS
  • Cloud Security Alliance STAR
  • PCI

Many of our cloud services are self-certified under Safe Harbor (U.S.-EU & U.S.-Switzerland). Note Regarding Safe Harbor: On October 6, 2015, the EU Courts invalidated the Safe Harbor program. For more information: IBM Statement on Safe Harbor Ruling. IBM intends to make use of the robust Privacy Shield framework for Transatlantic data flows.

Our internal Information Security Management System (ISMS) supports teams in managing compliance within the superset of requirements from multiple regulatory regimes

Prior to completion of transition and integration, offerings from recent acquisitions may have different practices than those described above. The statements above may be altered as required by law or regulation.

Video: Building Security and Privacy with IBM SaaS

IBM Cloud Applications: Building Security and Privacy with IBM SaaS

IBM security and privacy experts discuss IBM's security leadership and how IBM Cloud applications are protected by its security-driven culture.

Additional resources

Security in IBM Cloud data centers

SaaS offering terms and conditions

Boosting security in the cloud with SaaS

IBM Bluemix security documentation

The IBM Cloud portfolio

Data security and privacy principles incorporated into IBM services