To create a successful, secure cloud environment, you must understand the numerous security options and how to apply them in your cloud solution.
These docs give you an overview of the security components needed for secure cloud deployment, development, and operations. We explain the built-in security features of IBM® Cloud® offerings and show you how to extend and integrate other security services to create the most secure cloud solution possible.
These docs are intended for use by an application developer or a cloud architect.
These documents offer prescriptive guidance to help you define and manage security for your applications and assets in IBM Cloud. We cover a comprehensive list of cloud security topics, including how to:
- Manage identity and access to cloud resources and applications
- Protect and secure your cloud’s infrastructure, applications, and data
- Gain complete visibility into your resources on IBM Cloud
- Incorporate security into the DevOps approach
- Mitigate risks and achieve compliance with a strong security policy and governances
These documents are intended to answer frequently asked questions such as what capabilities and services does IBM Cloud provide that can be leveraged to secure hybrid cloud applications and what IBM operational security processes ensure the workload deployed on IBM Cloud is secure.
How to use these documents
You should read these documents along with the domain overview and use cases published in the IBM Cloud Architecture Center.
The security domain overview and scenarios provide a list of the components required to meet the use case. The component table links to specific sections of these docs, and each section discusses how that component or capability can be addressed for various IBM Cloud deployment options like IBM SoftLayer and IBM Bluemix. Each section of the whitepaper includes links to component documentation, articles, blogs, and references that you can refer to for more specific details.
These documents were authored by a group of security and cloud subject matter experts (SMEs) with review inputs from various development and field teams across IBM.
This version is an initial compilation and will be regularly updated with new and timely guidance on the topic of cloud security.
Before you begin reading this document, you should visit the IBM Cloud Architecture Center: Security domain for an overview of how to build a secure cloud workload. Learn about security runtimes, security components, functional and non-functional requirements, and security use cases.
Also, for a quick introduction to IBM Cloud deployment models and to learn about which cloud deployment models are best for your needs, view the doc: Choosing a cloud implementation and deployment model.
When creating a secure cloud solution, you must consider the following components of security when choosing your cloud solution.
- Choosing a cloud implementation and deployment model
- Securing workloads on IBM Cloud: Application security
- Securing workloads on IBM Cloud: Data security
- Securing workloads on IBM Cloud: Identity and access management
- Securing workloads on IBM Cloud: Infrastructure security
- Securing workloads on IBM Cloud: Network security
- Securing workloads on IBM Cloud: Physical security
- Securing workloads on IBM Cloud: Secure DevOps
- Securing workloads on IBM Cloud: Security intelligence and monitoring
- Securing workloads on IBM Cloud: Security policy, governance, risk, and compliance