{:shortdesc: .shortdesc} {:external: target="_blank" .external}

{: #security}

Designed with secure engineering practices, the {{site.data.keyword.cloud}} platform provides layered security controls across network and infrastructure. {{site.data.keyword.cloud_notm}} provides a group of security services that can be used by application developers to secure their mobile and web apps. These elements combine to make {{site.data.keyword.cloud_notm}} a platform with clear choices for secure application development. {:shortdesc}

{{site.data.keyword.cloud_notm}} ensures security readiness by adhering to security policies that are driven by best practices in IBM for systems, networking, and secure engineering. These policies include practices such as source code scanning, dynamic scanning, threat modeling, and penetration testing. {{site.data.keyword.cloud_notm}} follows the IBM Product Security Incident Response Team (PSIRT) process for security incident management. See the IBM Security Vulnerability Management (PSIRT){: external} site for details.

{{site.data.keyword.cloud_notm}} Public and Dedicated use classic infrastructure-as-a-service (IaaS) cloud services and take full advantage of its security architecture. Classic IaaS provides multiple, overlapping tiers of protection for your applications and data. For {{site.data.keyword.cloud_notm}} Local, you own the physical security, and provide the infrastructure by hosting {{site.data.keyword.cloud_notm}} Local in your own data center behind a company firewall. In addition, {{site.data.keyword.cloud_notm}} adds security capabilities at the platform as a service (PaaS) layer in different categories: platform, data, and application. For further security details on your environment and apps in the {{site.data.keyword.Bluemix_notm}}, see Securing applications and environments on cloud{: external}.