IBM Cloud Docs
Managing security and compliance with Event Streams

Managing security and compliance with Event Streams

Event Streams is integrated with the Security and Compliance Center to help you manage security and compliance for your organization.

With the Security and Compliance Center, you can do the following:

  • Monitor for controls and goals that pertain to Event Streams.
  • Define rules for Event Streams that can help to standardize resource configuration.

Security and Compliance Center is only applicable to the Enterprise plan.

Monitoring security and compliance posture with Event Streams

As a security or compliance focal, use the Event Streams goals to help ensure that your organization is adhering to the external and internal standards for your industry. By using the Security and Compliance Center to validate the resource configurations in your account against a profileA specification of a resource's capacities and capabilities. Different profiles are optimized for different workloads and use cases. A resource's pricing model might depend on its profile., identify potential issues as they arise.

All of the goals for Event Streams are added to the IBM Cloud Control Library but can also be mapped to other profiles.

To start monitoring your resources, check out Getting started with Security and Compliance Center.

Available goals for Event Streams

  • Check whether Event Streams is accessible through public endpoints.
  • Check whether Event Streams is accessible only by using private endpoints.
  • Check whether Event Streams network access is restricted to a specific IP range.
  • Check whether Event Streams is enabled with customer-managed encryption and Keep Your Own Key (KYOK).

Governing Event Streams resource configuration

As a security or compliance focal, use the Security and Compliance Center to define configuration rules for the instances of Event Streams that you create.

Config rulesA JSON document that defines the configuration of resources and validates the compliance based on security requirements when a resource is created or modified. are used to enforce the configuration standards that you want to implement across your accounts. To learn more about the data that you can use to create a rule for Event Streams, review the following table.

Rule properties for Event Streams
Resource type Property Operator Value Description
Instance public_network_enabled is_true is_false
Indicates whether access to a Event Streams instance is allowed through a public network.
Instance private_network_enabled is_true is_false
Indicates whether access to a Event Streams instance is allowed through a private network.
Instance private_access_allowlist ips_in_range
If private networking is enabled, this property indicates whether access to a Event Streams instance should be restricted to a specific range of private IP CIDR formatted subnets.

To learn more about defining config rules, check out Defining custom rules.