Security for Cloud Pak for Data as a Service

Cloud Pak for Data as a Service conforms to IBM Cloud security requirements. See How do I know that my data is safe?.

Security levels in Cloud Pak for Data as a Service

Security for Cloud Pak for Data as a Service is configured in layers to ensure your data, applications, and identity are protected on any cloud. Cloud Pak for Data as a Service follows the Shared Responsibility model, where security controls are the responsibility of IBM, the cloud, and the customer. In addition, Cloud Pak for Data as a Service is hosted on IBM Cloud so the security profile includes the IBM Cloud security functions. The security levels are:

1. Network security – Network security protects the network infrastructure and the points where your database or applications interact with the cloud, including IP address and external site restrictions, integrations with Satellite locations or third-party clouds, database connections, endpoints, and multi-tenancy. Security services in the cloud deliver native capabilities as a service.
2. Enterprise security – Refers to how an IBM Cloud account is configured to support multiple accounts in an enterprise; For example, your company might have many teams, each with one or more of their own accounts for development, testing, and production environments. Or, you might isolate certain workloads in separate accounts to meet compliance guidelines.
3. Account security – Refers to IAM and Access group roles, Service IDs, monitoring and other security constraints for the IBM Cloud account.
4. Data security – Refers to protection for the Cloud Object Storage service instance, data encryption, and other security measures related to data.
5. Collaborator security – Refers to role-based access controls assigned to collaborators in Cloud Pak for Data as a Service to control access to features.

Resiliency

Cloud Pak for Data as a Service is disaster resistant:

• The metadata for your projects and catalogs is stored in a three-node dedicated Cloudant Enterprise cluster that spans multiple geographic locations.
• The files that are associated with projects and catalogs are protected by the level of resiliency that is specified by the IBM Cloud Object Storage plan.
• Paid plans for Watson Knowledge Catalog plan include automatic backups of catalogs, projects, and deployment spaces.

Compliance

See Keep your data secure and compliant.

Learn more

• Watson Studio terms
• Watson Knowledge Catalog terms
• Watson Machine Learning terms
• Managing security and compliance in IBM Cloud
• Software Product Compatibility Reports: IBM Watson Studio.
• Software Product Compatibility Reports: Watson Studio Enterprise.
• Software Product Compatibility Reports: IBM Watson Machine Learning service.
• Software Product Compatibility Reports: IBM Watson Machine Learning service (when you purchase the service through IBM Sales).
• Software Product Compatibility Reports: IBM Watson Knowledge Catalog Paygo.
• Software Product Compatibility Reports: IBM Watson Knowledge Catalog.