IBM Cloud Docs
Data security and privacy in Event Streams

Data security and privacy in Event Streams

IBM® uses the following methods to help ensure the security and privacy of your data: cryptographic protocols, encryption, and data isolation. Each plan provides different data isolation models.

Cryptographic protocols

  • Connections are restricted to the following strong cipher suites:

For TLS v1.2:

  * TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

For TLS v1.3:

  * TLS_AES_128_GCM_SHA256
  * TLS_AES_256_GCM_SHA384
  * TLS_CHACHA20_POLY1305_SHA256

  • To be a fully supported configuration, all clients must support the following:

    • TLS v1.2 or v1.3
    • Elliptic curve cryptography
    • TLS server name indication (SNI)

  • Additionally, you must use TLS v1.2 or v1.3 in the following cases:

    • To make connections to the Kafka native and REST interfaces.
    • The browser that you use to access the Event Streams dashboard must support TLS v1.2 or v1.3.

Encryption of message payloads, topic names, and consumer groups

Message data is encrypted for transmission between Event Streams and clients as a result of TLS. Event Streams stores message data at rest and message logs on encrypted disks.

Topic names and consumer groups are encrypted for transmission between Event Streams and clients as a result of TLS. However, Event Streams does not encrypt these values at rest. Therefore, do not use confidential information in your topic names.

On the Satellite plan, all encryption is determined by the options that you specify on your chosen storage provider.

For information about compliance on each of the Event Streams plans, see What's supported by the Lite, Standard, Enterprise, and Satellite plans.

Data isolation model

Event Streams's data isolation model varies according to which plan you use.

Enterprise plan

The Enterprise plan provides a tenant-specific service in the IBM service domain. The Enterprise plan creates a single tenant instance on a dedicated Kubernetes cluster on shared hardware (VSI isolation). By default, the Enterprise plan provides public endpoints, but it also supports Cloud service endpoints to enable private endpoints for further network isolation on request. The Enterprise plan creates single tenant Block Storage for Classic for each new instance.

Satellite plan

The Satellite plan provides a tenant-specific service in the IBM service domain and is based on the Enterprise plan. The Satellite plan creates a single tenant instance on a dedicated Kubernetes cluster by using hosts (physical and virtual) that you provided and attached to your Satellite location. The Satellite plan creates single tenant Block Storage for Classic for each new instance by using the Block Storage for Classic configuration that you specified for your storage provider.

Standard plan

The Standard plan provides a public service with public endpoints. The Standard plan creates a tenant instance on a shared Kubernetes cluster on shared hardware (VSI isolation). The Standard plan provides public endpoints only.

The Standard plan uses shared Block Storage for Classic and achieves tenant isolation through separation of files and access controls.

Lite plan

The Lite plan provides a public service with public endpoints. The Lite plan creates a tenant instance on a shared Kubernetes cluster on shared hardware (VSI isolation). The Lite plan provides public endpoints only.

The Lite plan uses shared Block Storage for Classic and achieves tenant isolation through separation of files and access controls.

Data retention and reclamation

On all plans, except for Satellite, when a service instance is deleted, the data is not deleted immediately. It is scheduled for reclamation and Event Streams sets this retention period to three days, after which the data (both topics and messages that are written to the topics) is irreversibly destroyed. It is also possible to restore a deleted instance that is not yet reclaimed.

You can check the status of a reclamation, and force or cancel a scheduled reclamation by using the IBM Cloud CLI.

On the Satellite plan, data retention and reclamation are determined by how you configured them on your chosen storage provider.