Architecture decisions for security
The following are security architecture decisions for connecting cloud services to on-premises environments by using the Private Path service.
Architecture decisions for data security – encryption
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Data encryption in transit of application traffic | Encrypt all application data in transit to protect it from unauthorized disclosure. |
Application-level encryption with TLS
|
Application-level encryption with TLS with termination (certificate location) at target server on-premises | End-to-end encryption with certificate validation |
Architecture decisions for identity and access management
| Architecture decision | Requirement | Options | Decision | Rationale |
|---|---|---|---|---|
| Private Path authorization | Approval-based authorization for connection requests | Private Path connection requests (manual) Private Path access policies (automated) |
Either, depending on the use case | Manual approval or automated approval based on account IDs |
| Identity and Access Management (IAM) | Securely authenticate users for platform services and control access to resources consistently across IBM Cloud | Cloud Identity and Access Management | Cloud Identity and Access Management | Use IAM access policies to assign users, service IDs, and trusted profiles access to resources within the IBM Cloud account. |