Securing your data

Configuration data

IBM Cloud Logs Routing stores the configuration data for your tenants. Tenant data that is stored in one region is not copied to any other region. Both public and private connections to the management API are encrypted by using TLS 1.2.

The storage where the configuration is stored is encrypted with LUKS by using AES-256.

Any stored credentials (such as Log Analysis ingestion keys) are individually secured with envelope encryption by using AES-256 and an encryption key that is owned and managed by IBM Cloud Logs Routing.

Log data

Log data that is routed by IBM Cloud Logs Routing is secured by using a private connection. The connection supports TLS 1.2.

Log data is routed to a destination such as an IBM Cloud Logs instance or an IBM Log Analysis instance. You manage the instance and the data that is collected in the instance. For example, for more information about IBM Log Analysis data security, see Data security.

Configuration data

IBM Cloud Logs Routing stores configuration data only.

To stop IBM Cloud Logs Routing from routing logs to a destination, you must delete the tenant. For more information, see Delete the tenant.

To completely delete all the configuration data of the account, complete the following steps:

1. Delete the tenant.
2. Open an IBM support ticket to request deletion of all your service metadata. For more information about opening an IBM support ticket, or about support levels and ticket severities, see Creating support cases.

Log data

The IBM Cloud Logs Routing service routes data to 1 or more destinations. It does not store log data. You must follow the guidance that is provided by each destination type to delete log data.