Learning about Security and Compliance Center architecture and workload isolation
Effective 15 Dec 2025, Security and Compliance Center is end of support. Any existing service instances on that date will be non-functional. Start your transition now to Security and Compliance Center Workload Protection, which is readily available and offers advanced cloud security posture management (CSPM). For more see, see Transitioning to Security and Compliance Center Workload Protection.
Review the following architecture for IBM Cloud® Security and Compliance Center and learn more about different isolation levels, so that you can choose the solution that best meets the requirements of the workloads that you want to run in the cloud.
Security and Compliance Center architecture
Security and Compliance Center is a multi-tenant, regional service that is fully integrated with the IBM Cloud platform. The IBM-managed components of the Security and Compliance Center are organized to provide compute isolation between workloads.
Check out the following image to see how the service workloads are isolated and managed.
| Component | Description |
|---|---|
| Control plane | The microservices that make up the individual components of the service run in the control plane, where they are isolated from the other components. Additionally, internal dependencies are run and isolated as part of the control plane. |
| Data plane |
| Component | Description |
|---|---|
| IBM Cloud services | As you interact with Security and Compliance Center, you are responsible for the instances of the other services that you chose to interact with through the service. |
| {[logs_full]} | As you interact with the service, a log of the events that are generated can be found in your instance of {[logs_full]}. |
Security and Compliance Center workload isolation
Each regional deployment of the Security and Compliance Center serves multiple tenants and can be accessed through public endpoints. By default, all data at rest is encrypted by IBM keys. Data in transit is encrypted by using TLS. Your data is isolated from other customers' data, but it does share physical resources such as CPU, memory, and I/O devices.