Securing your data in IBM OpenPages
To ensure that you can securely manage your data when you use IBM OpenPages® as a Service, it is important to know exactly what data is stored and encrypted and how you can delete it.
How your data is stored and encrypted in IBM OpenPages
IBM OpenPages service instance data is stored to a relational database service (RDS) on AWS and S3 bucket. The data on the storage is encrypted by using a 256-bit Advanced Encryption Standard (AES) cipher. The encryption key is owned by OpenPages service.
In addition to the storage level encryption, IBM OpenPages settings that are marked for encryption are further encrypted before they are stored to the relational database table. The encryption is done by using a 256-bit Advanced Encryption Standard (AES) cipher, and the encryption key is owned by the IBM OpenPages service.
IBM OpenPages also uses the following security mechanisms to protect your data in transit.
- TLS 1.2+ for end to end communications
- mTLS for internal communications
- Web App Firewall and DDoS protection
- Ingress and Egress network rules to isolate your dedicated instance
Protecting your sensitive data in IBM OpenPages
The IBM OpenPages service stores personal data, such as a user's email address, first name, and last name, on Amazon Relational Database Service (RDS). The data is replicated automatically from the IBM Cloud account in the IAM service. After the data replication, the user can log in to the IBM OpenPages service, and they can view the user selector object fields.
Credentials and API keys for external integration, such as Watson NLU and Regulatory change feeds, are further encrypted before they are stored to the relational database.
To protect access to your sensitive data, you can configure IP allowlisting of your service instance to limit the source IP address or IP address ranges to access the service. The IP allowlisting can be configured from the Settings page of OpenPages console UI.
Additional sensitive data can be stored with the encryped option of OpenPages settings.
Deleting your data in IBM OpenPages
When you delete your instance of IBM OpenPages, all the user data that is associated with it is also deleted. When the service instance is deleted, a 7-day reclamation period begins. During that time, you're able to restore the instance and all of its associated user data. However, if the instance and data are permanently deleted, it can no longer be restored. IBM OpenPages does not store any data from permanently deleted instances.
If your instance was automatically deleted as part of the release of new pricing plans, you can use the reclamation process to restore it. After it is restored, you must upgrade your plan within 1 hour or it will be deleted again.
The IBM OpenPages data retention policy describes how long your data is stored after you delete the service. The data retention policy is included in the IBM OpenPages service description, which you can find in the IBM Cloud Terms and Notices.
Deleting an IBM OpenPages instance
If you no longer need an instance of IBM OpenPages, you can delete the service instance and any data that is stored. Your instance enters a disabled state, and after 7 days its data is permanently deleted. You can also choose to delete your service instance by using the console.
-
Delete the service and place it in a reclamation period of 7 days.
ibmcloud resource service-instance-delete "<instance_name>"
Replace
<instance_name>
with the name of the IBM OpenPages instance that you want to delete. -
Optional: To permanently delete your instance, get the reclamation ID.
ibmcloud resource reclamations --resource-instance-id <instance_ID>
Replace
<instance_ID>
with your IBM OpenPages instance ID.If you choose to permanently delete the instance by deleting its reclamation, you cannot restore your data.
-
Optional: Permanently delete the reclamation instance.
ibmcloud resource reclamation-delete <reclamation_ID>
Replace
<reclamation_ID>
with the value that you retrieved in the previous step.
Restoring a deleted service instance
If you haven't permanently deleted your instance, you can restore it during the 7-day reclamation period.
-
View which service instances are available for restoration.
ibmcloud resource reclamations
From the list of available instances, copy the reclamation ID of the IBM OpenPages instance that you want to restore.
-
Restore the reclamation.
ibmcloud resource reclamation-restore <reclamation_ID>
Replace
<reclamation_ID>
with the value that you retrieved in the previous step.
watsonx.governance When you restore IBM OpenPages, the integration with watsonx.governance is not restored. You need to re-enable the integration.