IBM® watsonx.data as a Service for Government Multicloud

IBM watsonx.data uses FedRAMP’s robust security controls to deliver consistent and reliable performance.

Overview

FedRAMP stands for the Federal Risk and Authorization Management Program. It is a United States government-wide program that standardizes the security assessment, authorization, and continuous monitoring of cloud products and services.

FedRAMP helps ensure that cloud services that are used by federal agencies meet strict cybersecurity standards.

By using FedRAMP environment, you can:
  • Protect sensitive government data
  • Reduce duplication of effort across agencies
  • Speed up cloud adoption in the public sector
  • Provide consistent security across cloud platforms

IBM watsonx.data can operate within FedRAMP-compliant environments, which makes it suitable for use in regulated government settings under certain conditions.

Procurement

For US Federal Government entities, the procurement of IBM watsonx.data is available exclusively through IBM Direct Sales. This offering is not available through the AWS Marketplace or any other federal procurement platform.

Feature limitations

The following features and integrations are restricted or unsupported for watsonx.data in a FedRAMP environment:
  • Query Optimizer
  • Private VPE (Virtual Private Endpoint)
  • Semantic automation for data enrichment
  • IBM Data Gate
  • IBM DataStax
  • Arrow flight connectors - MariaDB, Salesforce, and Greenplum
  • Spark labs experience - Visual Studio Code development environment
Restriction: Use of mobile devices to support or execute actions within the IBM information system is strictly prohibited in FedRAMP environments.

Customer support

The IBM Site Reliability Engineering (SRE) team is a global organization responsible for ensuring the reliability, scalability, and security of IBM’s software-as-a-service (SaaS) and managed services platforms. Operating across multiple cloud environments, the SRE team plays a critical role in maintaining high availability and performance for IBM’s enterprise-grade solutions.

The customer is expected to engage the SRE team in the following cases:
  • To support the creation of DNS entries and the provisioning of certificates for Presto, Presto C++, Spark, and Milvus components, the customer needs to engage the SRE team. As of now, both certificate management and DNS configuration are manual processes, and therefore require direct involvement from the SRE team to help ensure proper setup and integration.
  • To enable an external data source, the customer needs to open a support ticket. Engaging the SRE team is necessary to configure the appropriate egress settings, which allow secure outbound network connectivity from the customer environment to the external data source. Without this configuration, the connection cannot be established.
  • To use the Identity Provider (IDP) for authentication, the customer needs to open a support ticket. The SaaS Platform Security SRE team engages with the customer’s security focal point to exchange the necessary configuration artifacts. When the artifacts are validated, the SRE team configures the watsonx.data platform to integrate with the customer’s IDP. The customer can then authenticate users by using their own identity system.