Security and Compliance for IBM dashDB and Cloudant


Database Security & Compliance

I often get asked about the security features of IBM dashDB and Cloudant. Both are database services (“DBaaS”) offered on IBM Bluemix. Once the security topic is dealt with, compliance-related questions are next. A good chunk of questions can be answered by going over the provided product documentation. Here are the links to get you started on database security and compliance.

Security and Compliance Documentation

Both dashDB and Cloudant are listed on the security and compliance page for Bluemix as having the ISO 27001 and SOC 2 certifications. Also, the basic concepts of securing data-at-rest (data stored on disk), data-in-transit (data transmitted over the network) and data-in-use (data currently processed in memory) are explained. Overview information for data protection is also provided in the guide to Securing Workloads on IBM Cloud. Bluemix also provides a Trust Center on its product portal. But that is just general information. For specifics we have to visit the product-related documentation.

For the Cloudant database-as-as-service there is information on the Bluemix documentation site as well as on the Cloudant site:

General Cloudant Overview offered by Bluemix documentation
The security concepts and details can be found on the Cloudant DBaaS Data Protection & Security page at Cloudant.
The page Cloudant Security Compliance provide an overview and more information on the ISO 27001 and SOC 2 certifications as well as on HIPAA, a certification for the health insurance industry.

For dashDB similar information can be found again on the Bluemix documentation site as well as in the Knowledge Center for dashDB:

An overview of dashDB along with resource links is offered by the Bluemix documentation
In the Knowledge Center is an overview page for the IBM dashDB security and compliance topics
The Security Compliances for dashDB Managed Service lists details on the ISO 27001, SOC 2 and HIPAA certifications and which service plans have been certified.
Some details regarding encrypted data-at-rest for both the data stored in the database and in backups is in the overview of dashDB Managed Service.

I hope that the provided links help to answer your general questions on Cloudant and dashDB security and compliance topics, two of the DBaaS offerings on IBM Bluemix.