Data security & encryption

The IBM Db2 Warehouse SaaS service has security built into all levels of its architecture.

The following methods are used to secure your data:

• Data at rest and database backups are encrypted using NIST SP 800-131A compliant cryptographic algorithms
• Data in motion is encrypted through SSL/TLS
• When deployed to IBM Cloud, backplane network connectivity is supported through IBM Cloud Service Endpoints
• When deployed to Amazon Web Services, backplane network connectivity is supported through Amazon Web Services PrivateLink
• Database-level security is supported through Role-Based Access Control (RBAC) and Row and Column Access Control (RCAC)
• Inter-node encryption is always enabled for the current generation of plans hosted on AWS, where available. It can optionally be enabled for your Flex or Flex Performance instance hosted on IBM Cloud. For more information, see Inter-node encryption

Encrypted connections are enforced by default. For more information, see SSL connectivity.