Security considerations

You can integrate Cloud services with IBM® Security Key Lifecycle Manager (ISKLM) to provide security to the data that is stored on the cloud storage tier, or you can use the native key manager provided with the Cloud services.

Transparent cloud tiering: For information on integration of ISKLM with Transparent cloud tiering, see Configuring Cloud services with SKLM (optional).
Note: Ensure that you back up your security keys by using the mmcloudgateway service backupConfig command. Data encrypted by using the Cloud services cannot be recovered, if security keys are lost.

Cloud data sharing: Cloud data sharing currently supports importing any cloud data, assuming it is not read in an encrypted format. Cloud data sharing supports encrypted data only if it was exported by Cloud data sharing and the encryption keys are shared between the importer and the exporter. For this reason, it is recommended that the native Cloud services and Cloud data sharing encryption are used to provide encryption at rest. A secure connection should be used to transfer data between IBM Spectrum Scale™ and the cloud. Thus, data is stored encrypted on IBM Spectrum Scale, and stored encrypted on the cloud, and is secured by the connection when transferring between the two systems.

Parent topic: Planning for Cloud services