| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-12-14 |
Db2onCloud |
{:external: target="_blank" .external} {:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:tip: .tip} {:important: .important} {:note: .note} {:deprecated: .deprecated} {:pre: .pre}
{: #encryption}
The {{site.data.keyword.Db2_on_Cloud_long}} service has security built into all levels of its architecture. {: shortdesc}
The following methods are used to secure your data:
- By default, VPC volumes are encrypted at rest with IBM-managed encryption. Bring-your-own-key (BYOK) for encryption is also available through Key Protect integration.
- Backups are encrypted.
- Data in motion is encrypted through SSL/TLS. The current supported version of this encryption is TLS 1.3.
- All {{site.data.keyword.Db2_on_Cloud_short}} storage is provided on storage encrypted by using AES-256 encryption.
- Backplane network connectivity is supported through {{site.data.keyword.cloud}} Service Endpoints
- Database-level security is supported through Role-Based Access Control (RBAC) and Row and Column Access Control (RCAC)
Administrators can make encrypted connections mandatory. For more information, see SSL connectivity.