Securing your data in Event Notifications
To ensure that you can securely manage your data when you use IBM Cloud® Event Notifications, you must know exactly what data is stored and encrypted and you must know how to delete any stored data.
How your data is stored and encrypted in Event Notifications
Event Notifications stores and encrypts details that are related to your destinations like email (sender, recipients, subject), or SMS (sender, recipient, details). As a multi-tenant service, every tenant has a designated encryption key and user data in each tenant is encrypted with only that tenant's key. This tenant key is protected by using Event Notifications managed Key Protect. Event Notifications ensures that private information is encrypted before it is stored.
You can add a higher level of encryption control to your data at rest (when it is stored) by enabling integration with a Key Management Service (KMS). The data that you store in IBM Cloud is encrypted at rest by using envelope encryption. If you need to control the encryption keys, you can integrate Key Protect or Hyper Protect Crypto Services. This process is commonly referred to as Bring Your Own Key (BYOK). With Key Protect and Hyper Protect Crypto Services, you can create, import, and manage encryption keys. You can assign access policies to the keys, assign users or service IDs to the keys, or give the key access only to a specific service.
For more information, see Managing encryption.
Protecting your sensitive data in Event Notifications
The data that you store in the Event Notifications instance is encrypted at rest by using a randomly generated key, which is in turn protected by Key Protect, managed by Event Notifications service.
Deleting your data in Event Notifications
The Event Notifications data retention policy describes how long your data is stored after you delete the service. As in IBM Cloud data retention policy you can restore a resource within 7 days after you delete it.
Commands to delete data
- Log in to your IBM Cloud account by using IBM Cloud CLI from terminal.
ibmcloud resource reclamations
lists your deleted instance along with the reclamation ID for it.- Use
ibmcloud resource reclamation-delete <reclamation_id_for_instance>
to permanently delete data that is related to a deleted instance. - If an instance is not restored, all related data is automatically deleted after the data retention period.
Deleting Event Notifications instances
If you no longer need an instance of Event Notifications, you can delete the service instance by using IBM Cloud CLI. You can also choose to delete your service instance by using the console. Any data that is stored related to that instance is also deleted.
Restoring deleted data for Event Notifications
To restore a deleted instance or to delete the instance permanently, you can use Resource Reclamations. For more information about resource reclamation, see Using Resource Reclamations.
Data security and compliance
Event Notifications service has data security strategies in place to meet your compliance needs and ensure that your data remains secure and protected in the cloud.
Security readiness
Event Notifications ensures security readiness by adhering to IBM best practices for systems, networking, and secure engineering.
To learn more about security controls across IBM Cloud, see How do I know that my data is safe?.
To learn more about how your data is secured in Event Notifications, see securing your data in Event Notifications.
Data encryption
Event Notifications stores and encrypts details that are related to your destinations like email (sender, recipients, subject), or SMS (sender, recipient, details).
Access to Event Notifications takes place over HTTPS and uses Transport Layer Security (TLS) to encrypt data in transit.
For more information on supported TLS ciphers, see TLS cipher support.
If you attempt to use a cipher that is not on this list, you may experience connectivity issues. Update your client to use one of the supported ciphers. If you are using openssl
, you can use the command openssl ciphers -v
at the command line (or, for some installations of openssl
, use the -s -v
options) to show a verbose list of what ciphers your client supports.
Compliance readiness
Event Notifications meets controls for global, industry, and regional compliance standards, including ISO 27001/27017/27018/27701, and others.
For a complete listing of IBM Cloud compliance certifications, see Compliance on the IBM Cloud.
ISO 27001, 27017, 27018, 27701
Event Notifications is ISO 27001, 27017, 27018, and 27701 certified. You can view compliance certifications by visiting Compliance on the IBM Cloud.