Architecture decisions for security

Architecture decisions for security

The following are security architecture decisions for the AI summarization using highly resilient serverless architecture pattern.

Architecture decisions for data encryption

Architecture decisions for data security
Architecture decision	Requirement	Options	Decision	Rationale
Data Secrurity: Encryption	Encrypt all application data in transit to protect it from unauthorized disclosure.	Application-level encryption with TLS	Application-level encryption with TLS	Deployed apps are exposed through HTTPS and IBM Cloud® Code Engine creates and manages the underlying TLS certifications automatically for you.

Architecture decisions for Cloud Identity and Access Management

Architecture decisions for IAM
Architecture decision	Requirement	Options	Decision	Rationale
IBM Cloud® Identity and Access Management (IAM)	Securely authenticate users for platform services and control access to resources consistently across IBM Cloud	Cloud Identity and Access Management	Cloud Identity and Access Management	Use IAM access policies to assign users, service IDs, and trusted profiles access to resources within the IBM Cloud account.

Architecture decisions for application security

Architecture decisions for application security
Application Security - DDoS	Requirement	Options	Decision	Rationale
Enforce information flow policies and protect the boundaries of the application. Protect against or limit the effects of denial-of-service attacks.	IBM Cloud® Internet Services	IBM Cloud® Internet Services	Code Engine provides immediate DDoS protection for your application. Code Engine's DDoS protection is provided by Cloud Internet Services (CIS) at no additional cost.