Data isolation on IBM watsonx Orchestrate

Edit online

Data protection focuses on preventing data loss, corruption, or unauthorized disclosure, regardless of where the data resides, while data isolation focuses on preventing data from being accessed or affected by other workloads, tenants, or users within the same system.

Data isolation refers to the practice of keeping each customer's data separate from others in a shared computing environment, such as the cloud. Although customers share the same underlying infrastructure (like servers and storage), data isolation ensures that no one can see or access anyone else’s data. Each customer’s information is stored and managed independently, as if they were using their own private system.

How data isolation works

Data isolation not only protects sensitive information but also allows better control and management of data access and usage. Regardless of whether you use watsonx Orchestrate on IBM Cloud or Amazon Web Services (AWS), the principles and standards remain the same.

Here's how your information is separated from others:

  1. Dedicated data space: When you sign up, the service creates a private storage area just for you. Your data is never mixed with other customers’ data.

  2. End-to-end protection: Your data stays isolated and protected throughout its entire lifecycle ensuring confidentiality and integrity.

  3. Consistent security standards: The same isolation policies and controls apply across IBM Cloud and AWS, so you receive uniform protection and compliance regardless of the hosting environment.

Logical and physical storage isolation

Note:

Data isolation on AWS is currently available only on HIPAA-compliant clusters. Support for AWS Commercial is planned for 2026.

As a multi-tenant SaaS platform, watsonx Orchestrate ensures strict logical data isolation across all watsonx Orchestrate plans, preventing any mixing of data between tenants. All read and write operations to storage systems are governed through tenant-specific access controls and security policies.

For organizations that require additional isolation at the physical storage layer, watsonx Orchestrate offers Premium edition for both IBM Cloud and AWS that provide dedicated data isolation. This option delivers an added layer of security for customers with stringent regulatory or compliance requirements.

Existing watsonx Orchestrate instances cannot be upgraded to a Premium plan with data isolation. Instead, create a new watsonx Orchestrate Premium tenant, and move your current environment to it.