How do I know that my data is safe?

Designed with secure engineering practices, the IBM Cloud® platform provides layered security controls across network and infrastructure. IBM Cloud focuses on protection across the entirety of the compute lifecycle, which includes everything from the build process and key management to the security of data services. IBM Cloud also provides a group of security services that can be used by application developers to secure their mobile and web apps. These elements combine to make IBM Cloud a platform with clear choices for secure application development.

In addition to our own diligence in creating and operating a secure cloud, IBM® also engages many different firms to assess the security and compliance of our cloud platform. For more information, see IBM Cloud compliance programs for a detailed list of certifications and attestations.

IBM Cloud ensures security readiness by adhering to security policies that are driven by best practices in IBM for systems, networking, and secure engineering. These policies include practices such as source code scanning, dynamic scanning, threat modeling, and penetration testing. IBM Cloud follows the IBM Product Security Incident Response Team (PSIRT) process for security incident management. See the IBM Security Vulnerability Management (PSIRT) site for details.

In addition to the regular penetration testing conducted by IBM and our partners, customers may conduct penetration testing of their VPC or Classic Infrastructure resources on IBM Cloud. Prior authorization to do so is not required by IBM Cloud. IBM Cloud customers under an active NDA can request a copy of a penetration testing executive summary by opening a support case.

For more details about security for your applications and environments in IBM Cloud, see IBM Security.