Overview

The ability to store user identities in a known secure location is essential in preventing fraudulent access, keeping personally identifiable information (PII) safe, and complying with privacy regulations such as GDPR.

ForgeRock Identity Cloud’s capabilities for storing, securing and retrieving all identity data include:

• Secure data storage
• Tenant isolation

Secure data storage

What is it?

With secure data storage, you can prevent access to data from external sources. This may be accomplished through proper access controls and encryption.

How is it achieved in Identity Cloud?

Identity Cloud protects customer data at both the service and physical levels.

At the service level, each customer’s data is stored solely within their environment, in a dedicated trust zone. It is never commingled with other customers’ data and can be accessed only by the customer. Further, least privilege access ensures that the service infrastructure can be accessed only by ForgeRock users whose jobs involve building and operating Identity Cloud.

At the physical level, the Identity Cloud service is wholly hosted within Google Cloud Platform (GCP). It comprises a distinct GCP and Kubernetes environment and provides dedicated storage for customer secrets and data that only it can access. GCP provides native data encryption at rest and all data is encrypted when written to a hard drive and decrypted when read.

For further information on secure data storage in Identity Cloud, see

• ForgeRock Identity Cloud Security and Compliance whitepaper
• ForgeRock Identity Cloud Security
• FAQ: Identity Cloud security architecture
• Where your data resides

Business benefits

Secure data storage helps keep personally identifiable information (PII) safe and helps organizations comply with regulations such as the GDPR.

In 2022, unauthorized access accounted for 49% of all identity breaches. Proper service level and physical level customer data protection protects organizations from these types of attacks.

Cloud tenant isolation

What is it?

With cloud tenant isolation, a cloud computing environment is provided that is solely for the use of one customer deployment.

How is it achieved in Identity Cloud?

Identity Cloud’s architecture is built with full tenant isolation to protect customer data even if another cloud tenant is compromised.

Each Identity Cloud customer environment is self-sufficient and sovereign. It comprises a distinct GCP and Kubernetes environment, runs a distinct copy of the service code under dedicated identities, and provides dedicated storage for customer secrets and data that only it can access.

All Identity Cloud customer environments are built from a standard template. They are hosted using a common technology base, maintained according to a consistent set of processes, and continually upgraded to the latest code base.

For further information on cloud tenant isolation in Identity Cloud, see

• ForgeRock Identity Cloud Security and Compliance whitepaper
• ForgeRock Identity Cloud Security
• FAQ: Identity Cloud security architecture
• High availability and disaster recovery
• Where your data resides

Business benefits

Identity Cloud’s tenant isolation provides excellent performance because no other organization is sharing the service.

Security is increased because data is not co-located with other customer’s data, which eliminates the ability for an outsider to intentionally or accidentally see customer data. With no central database of tenant data that can be compromised, customers can keep their user information safe and secure.

Delivered across 17 regions on five continents, Identity Cloud’s regional presence enables organizations to easily comply with data sovereignty and data residency regulations.