Module 5 Flashcards
Identity
The identity concept consists of user identities, service and app identities, API keys, and resources. Users are identified by their IBMid, SoftLayer, or AppID user ID. Service IDs are a second type of identity that is used in an account.
Access Management
The concept of access management consists of a few interrelated components, including users, service IDs, access groups, resources, policies, roles, actions, and the IBM Cloud IAM control system, which allows users to take actions on resources within an account.
How IBM Cloud IAM works
There are two common types of IAM systems in cloud providers and understanding each of these models can help users gain a better understanding of how IAM works in IBM Cloud.
Security in the Virtual Private Clouds (VPCs)
Security groups and ACLs provide ways to control the traffic across the subnets and instances in acompany’sIBM Cloud Virtual Private Cloud, using rules that they specify.
two types of network access controls comprise the layers of VPC security:
Access control lists (ACLs) and security group
Network Security
Computer network security protects the integrity of information contained by a network and controls who access that information
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) is a technology that encrypts traffic between the client application and the server application.
btaining an SSL/TLS Certificate
SSL/TLS certificates are issued to a specific domain or sub-domains by certificate authorities, also known as CAs.
IBM Certificate Manager
Is aservice helps users manage and deploy SSL/TLS certificates for their apps and services. Certificate Manager provides users with a security-rich repository for their certificates and their associated private keys.
how user data is stored and encrypted in Block Storage
IBM Cloud Block Storage that is provisioned with either Endurance or Performance option is secured with provider-managed encryption, at no extra cost and no impact to performance.
Provisioning Storage with Encryption
The provider-managed encryption-at-rest feature is available for Block Storage that is provisioned in most data centers.
IBM Object Storage Security
Uses an innovative approach for cost-effectively storing large volumes of unstructured data that ensures security, availability, and reliability.
IBM Secrets Manager
Secrets managementservices enable the secure management of digitalcredentials that ultimately allow entitiesto securely interact with services.
How user data is stored and encrypted in Secrets Manage
Their secrets are encrypted at rest by usingenvelope encryption. At no time are their credentials available in clear text while they are stored by the service.
Continuous Delivery
Allowsdevelopment teams to automate the process that moves software through the software development lifecycle.