0 / 0
Securing your data in watsonx.governance as a Service on AWS

Securing your data in watsonx.governance as a Service on AWS

To securely manage your data when you use watsonx.governance on AWS, it is important to know exactly what data is stored and encrypted and how you can delete it.

How your data is stored and encrypted in watsonx.governance

Watsonx.governance service instance data is stored in a relational database service (RDS) on AWS and S3 bucket. The data in the storage is encrypted by using a 256-bit Advanced Encryption Standard (AES) cipher. The encryption key is owned by the watsonx.governance service.

In addition to the storage level encryption, watsonx.governance settings that are marked for encryption are further encrypted before they are stored to the relational database table. The encryption is done by using a 256-bit Advanced Encryption Standard (AES) cipher, and the encryption key is owned by the watsonx.governance service.

Watsonx.governance also uses the following security mechanisms to protect your data in transit.

  • TLS 1.2+ for end to end communications
  • mTLS for internal communications
  • Web App Firewall and DDoS protection
  • Ingress and Egress network rules to isolate your dedicated instance

Protecting your sensitive data in watsonx.governance

The watsonx.governance service stores personal data, such as a user's email address, first name, and last name, on Amazon Relational Database Service (RDS). The data is replicated automatically from the IBM SaaS Console in the IAM service. After the data replication, the user can log in to the watsonx.governance service and view the user selector object fields.

Credentials and API keys for external integration, such as IBM Watson Natural Language Understanding and IBM Watson Machine Learning , are further encrypted before they are stored to the relational database.

To protect access to your sensitive data, you can configure IP allowlisting of your service instance to limit the source IP address or IP address ranges to access the service. The IP allowlisting can be configured from the Settings page of the IBM SaaS Console.

Additional sensitive data can be stored with the encrypted option of Governance console settings.

Deleting your data in watsonx.governance

When you delete your instance of watsonx.governance, all the user data that is associated with it is also deleted. When the service instance is deleted, a 30-day reclamation period begins. During that time, you're able to restore the instance and all of its associated user data by contacting Support. However, if the instance and data are permanently deleted, it can no longer be restored. watsonx.governance does not store any data from permanently deleted instances.

The watsonx.governance data retention policy describes how long your data is stored after you delete the service. The data retention policy is included in the watsonx.governance service description, which you can find in the Terms and Notices.

Deleting a watsonx.governance instance

If you no longer need an instance of watsonx.governance, you can delete the service instance and any data that is stored. You delete instances by using the IBM SaaS Console.

Your instance data is retained for 30 days. After 30 days, it is permanently deleted. You can delete your service instance by using the console.

Restoring a deleted service instance

If your instance is within the 30-day retention period, you can get it restored by submitting a support ticket.

Parent topic: Watsonx.governance on AWS

Generative AI search and answer
These answers are generated by a large language model in watsonx.ai based on content from the product documentation. Learn more