Storing and encrypting data in Security and Compliance Center
When you work with IBM Cloud® Security and Compliance Center, you must ensure that you understand how your data is securely managed by knowing which data is stored or encrypted, and how you can delete any stored data.
For more information about how IBM Cloud platform secures your data, see How do I know that my data is safe?
How is my configuration data obtained?
To evaluate your account for compliance, Security and Compliance Center gathers resource configuration information from your targeted environment through an internal service-to-service authorization. The policy allows for Security and Compliance Center to read the configuration but the service is unable to change it in any way. Collected data includes the properties and configurations for supported services, network objects, hosts, databases, Kubernetes platforms, and virtual machines.
How is data stored?
The results data that is generated by the service is stored in a Cloud Object Storage bucket that is owned by the customer. For help configuring storage, see Storing data in Security and Compliance Center.
Deleting your data
When you work with Security and Compliance Center, you own the data that is generated. It is automatically forwarded to a Cloud Object Storage bucket that you connect. Managing the removal of data is your responsibility.