Learning about Security and Compliance Center architecture and workload isolation
As of 17 July 2025, you cannot create new instances in this version of this product. All of the functionality is now available in the updated experience of Security and Compliance Center Workload Protection. For more information, see the transition documentation.
Review the following architecture for IBM Cloud® Security and Compliance Center and learn more about different isolation levels, so that you can choose the solution that best meets the requirements of the workloads that you want to run in the cloud.
Security and Compliance Center architecture
Security and Compliance Center is a multi-tenant, regional service that is fully integrated with the IBM Cloud platform. The IBM-managed components of the Security and Compliance Center are organized to provide compute isolation between workloads.
Check out the following image to see how the service workloads are isolated and managed.
| Component | Description |
|---|---|
| Control plane | The microservices that make up the individual components of the service run in the control plane, where they are isolated from the other components. Additionally, internal dependencies are run and isolated as part of the control plane. |
| Data plane |
| Component | Description |
|---|---|
| IBM Cloud services | As you interact with Security and Compliance Center, you are responsible for the instances of the other services that you chose to interact with through the service. |
| Activity Tracker | As you interact with the service, a log of the events that are generated can be found in your instance of Activity Tracker. |
Security and Compliance Center workload isolation
Each regional deployment of the Security and Compliance Center serves multiple tenants and can be accessed through public endpoints. By default, all data at rest is encrypted by IBM keys. Data in transit is encrypted by using TLS. Your data is isolated from other customers' data, but it does share physical resources such as CPU, memory, and I/O devices.