Data security and encryption
The IBM® Db2® as a Service service has security built into all levels of its architecture.
The following methods are used to secure your data:
- The default keys are managed by Key Protect. Bring-your-own-key (BYOK) for encryption is also available through Key Protect integration.
- Backups are encrypted.
- Data in motion is encrypted through SSL/TLS. The current supported version of this encryption is TLS 1.3.
- All IBM Db2 SaaS storage is provided on storage encrypted by using AES-256 encryption.
- Backplane network connectivity is supported through IBM Cloud® Service Endpoints
- Database-level security is supported through Role-Based Access Control (RBAC) and Row and Column Access Control (RCAC)
Administrators can make encrypted connections mandatory. For more information, see SSL connectivity.