{"id":26099,"date":"2025-03-27T10:58:54","date_gmt":"2025-03-27T17:58:54","guid":{"rendered":"https:\/\/www.pingcap.com\/?p=26099"},"modified":"2026-04-16T10:42:15","modified_gmt":"2026-04-16T17:42:15","slug":"tidb-cloud-security-protecting-data-simplifying-compliance","status":"publish","type":"post","link":"https:\/\/www.pingcap.com\/ko\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/","title":{"rendered":"Secure by Design: How TiDB Cloud Protects Your Data and Simplifies Compliance"},"content":{"rendered":"<p>When security controls fail, the consequences aren\u2019t just technical\u2014they\u2019re financial, legal, and reputational. A single database misconfiguration cost one company <a href=\"https:\/\/www.sec.gov\/newsroom\/press-releases\/2024-63#:~:text=(ICE)%20agreed%20to%20pay%20a,and%20Integrity%20(Regulation%20SCI).\">$10 million in fines<\/a>. <strong>TiDB Cloud prevents these risks, offering enterprise-grade security without unnecessary complexity.<\/strong><\/p>\n\n\n\n<p>In this post, we\u2019ll explore how <a href=\"https:\/\/docs.pingcap.com\/tidbcloud\/\">TiDB Cloud<\/a> protects your data, compare the security features of its <a href=\"\/ko\/tidb-cloud-starter\/\">Starter<\/a> \uadf8\ub9ac\uace0 <a href=\"\/ko\/tidb-cloud-dedicated\/\">Dedicated<\/a> tiers, and explain when a <a href=\"\/ko\/tidb-self-managed\/\">self-managed TiDB deployment<\/a> might be the best fit.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ensuring_Data_Privacy_and_Customer_Control_in_TiDB_Cloud\"><\/span>Ensuring Data Privacy and Customer Control in TiDB Cloud<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Built with a security-by-design approach, TiDB Cloud enforces strict architectural boundaries between PingCAP&#8217;s operational environment and customer data, ensuring that customer information remains private, inaccessible, and under customer control at all times:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Clear Data Separation<\/strong> \u2014 Customer account data (e.g., name, email, billing information) is managed by PingCAP solely for service provisioning and account management purposes, and is logically separated from all customer workload data.<\/li>\n\n\n\n<li><strong>Privacy-Preserving Observability<\/strong> \u2014 Observability data (e.g., metrics and system logs) is used exclusively to maintain platform reliability and performance. All diagnostic data is automatically sanitized at the point of generation \u2014 query text, row-level data, and personally identifiable information (PII) are redacted or masked before becoming accessible to PingCAP personnel.<\/li>\n\n\n\n<li><strong>Strict Isolation of Business Data<\/strong> \u2014 Customer business data (i.e., data stored within TiDB clusters) is fully isolated from PingCAP&#8217;s operational systems through enforced architectural controls. PingCAP personnel have no credentials, access paths, or mechanisms to access customer databases or their contents. This is not merely a policy restriction \u2014 it is a platform-level guarantee enforced by design.<\/li>\n\n\n\n<li><strong>Access Governance &amp; Auditing<\/strong> \u2014 All administrative actions on TiDB Cloud infrastructure are logged, monitored, and reviewed to ensure compliance with security policies. Audit logs can also be forwarded to Security Information and Event Management (SIEM) tools for real-time monitoring.<\/li>\n\n\n\n<li><strong>Regulatory Compliance<\/strong> \u2014 TiDB Cloud meets SOC 2 Type II, ISO 27001, GDPR, and HIPAA standards, ensuring alignment with global data protection requirements.<\/li>\n\n\n\n<li><strong>Encryption<\/strong> \u2014 Customer data is encrypted in transit and at rest. TiDB Cloud Dedicated also supports Customer-Managed Encryption Keys (CMEK), allowing organizations to maintain full control over their encryption keys via AWS KMS.<\/li>\n\n\n\n<li><strong>Role-Based Access Control (RBAC) &amp; Network Security<\/strong> \u2014 Customers define Identity and Access Management (IAM) roles, access policies, and network configurations, ensuring that only authorized users and systems can access their data. TiDB Cloud also supports VPC Peering, Private Endpoints, and IP Access Lists to isolate database traffic from the public internet.<\/li>\n\n\n\n<li><strong>Data Retention &amp; Incident Response<\/strong> \u2014 TiDB Cloud enforces strict data retention policies and follows an established security incident response process to quickly identify, contain, and mitigate potential threats.<\/li>\n<\/ul>\n\n\n\n<p>TiDB Cloud ensures that customer data remains private, secure, and under customer control at all times.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Who_Gets_In_Locking_Down_Access_with_IAM_and_Database_Security\"><\/span>Who Gets In? Locking Down Access with IAM and Database Security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Too many people with too much access is one of the most common security risks. TiDB Cloud minimizes this risk by following role-based access control (RBAC), ensuring users have only the permissions they need.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How TiDB Cloud Manages Access<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/docs.pingcap.com\/tidbcloud\/tidb-cloud-org-sso-authentication\/\">Single Sign-On (SSO)<\/a> \u2013<\/strong> Simplifies authentication by allowing employees to log in using Google, GitHub, or Microsoft credentials.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/docs.pingcap.com\/tidb\/stable\/role-based-access-control\/\">Granular Role-Based Access Control (RBAC)<\/a> \u2013<\/strong> Assigns users the minimum necessary permissions to prevent unauthorized actions.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/docs.pingcap.com\/tidbcloud\/manage-user-access\/\">Hierarchical IAM Roles<\/a> \u2013<\/strong> TiDB Cloud structures access at two levels:\n<ul class=\"wp-block-list\">\n<li><strong>Organization-Level Access \u2013<\/strong> Owners and admins can manage global settings, billing, and project creation.<\/li>\n\n\n\n<li><strong>Project-Level Access \u2013<\/strong> Users can be assigned project-specific roles, restricting them to certain clusters without exposing the entire environment.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Database-Level Security: Authentication and Authorization<\/h3>\n\n\n\n<p>Beyond IAM, each TiDB cluster has its own internal security controls, ensuring that even if someone gains access to the TiDB Cloud Console, they still need valid database credentials to interact with the data.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>User Authentication \u2013 <\/strong>TiDB uses MySQL-compatible authentication, allowing businesses to:\n<ul class=\"wp-block-list\">\n<li>Create database users with strong password policies.<\/li>\n\n\n\n<li>Enable TLS-based authentication for additional security.<\/li>\n\n\n\n<li>Support external authentication mechanisms like LDAP.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Fine-Grained Authorization Controls \u2013<\/strong> TiDB supports role-based privilege management within each database:\n<ul class=\"wp-block-list\">\n<li>Restrict access to specific tables, schemas, or query types.<\/li>\n\n\n\n<li>Assign read-only, write, or administrative privileges to users based on job roles.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Database Auditing \u2013 <\/strong>In TiDB Cloud Dedicated, businesses can track user logins, queries, and schema modifications for compliance.\n<ul class=\"wp-block-list\">\n<li>Audit logs capture who accessed what data and when, helping prevent unauthorized data exfiltration.<\/li>\n\n\n\n<li>Logs can be forwarded to SIEM tools for real-time security alerting.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Why This Matters<\/h3>\n\n\n\n<p>A financial services company using TiDB Cloud Dedicated strengthens database security by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enforcing strong password policies for database users.<\/li>\n\n\n\n<li>Limiting developer access to only specific datasets instead of full database privileges.<\/li>\n\n\n\n<li>Configuring database audit logging to monitor every query accessing customer credit card data.<\/li>\n\n\n\n<li>Using SIEM integration to detect unusual access patterns and potential insider threats.<\/li>\n<\/ul>\n\n\n\n<p>By implementing IAM-based access control at the cloud level and fine-grained security inside the database, TiDB Cloud ensures that even privileged users cannot access sensitive data unless explicitly permitted.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Stopping_Cyber_Threats_Before_They_Reach_Your_Database\"><\/span>Stopping Cyber Threats Before They Reach Your Database<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A database exposed to the Internet is an open invitation for cyberattacks. TiDB Cloud provides multiple layers of protection to ensure only authorized connections can reach your database.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How TiDB Cloud Blocks Unauthorized Access<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>End-to-End Encryption \u2013 <\/strong>All data in transit is protected using TLS 1.2\/1.3, preventing eavesdropping or data interception.<\/li>\n\n\n\n<li><strong>Private Endpoints \u2013<\/strong> Ensures that database traffic never leaves your cloud provider\u2019s internal network, using AWS PrivateLink or Google Cloud Private Service Connect.<\/li>\n\n\n\n<li><strong>IP Access Lists \u2013<\/strong> Restricts database connections only to approved IP addresses, preventing unauthorized access attempts.<\/li>\n\n\n\n<li><strong>VPC Peering (Dedicated Only) \u2013<\/strong> Directly connects your database to your private cloud, eliminating public internet exposure.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How This Works in Practice<\/h3>\n\n\n\n<p>A healthcare startup managing patient records needs to comply with HIPAA regulations.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>They configure private endpoints, ensuring only their internal application servers can communicate with the database.<\/li>\n\n\n\n<li>This setup blocks external threats while simplifying regulatory compliance.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Encryption_Your_Last_Line_of_Defense\"><\/span>Encryption: Your Last Line of Defense<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Even the strongest access controls can be bypassed if data isn\u2019t encrypted. TiDB Cloud ensures that even if attackers gain access to raw storage, they won\u2019t be able to read your data.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How TiDB Cloud Locks Down Your Data<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Encryption at Rest \u2013 <\/strong>All stored data is automatically encrypted, ensuring that physical or virtual disk access doesn\u2019t expose sensitive information.<\/li>\n\n\n\n<li><strong>Encryption in Transit \u2013 <\/strong>Every database connection is secured using TLS 1.2\/1.3, preventing eavesdropping or tampering.<\/li>\n\n\n\n<li><strong>Bring Your Own Keys (CMEK) \u2013<\/strong> <strong>Dedicated Only \u2013<\/strong> Some industries require full control over encryption keys. TiDB Cloud Dedicated allows customers to manage their own keys using AWS KMS or Google Cloud KMS, ensuring that only authorized users can decrypt data.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Why This Matters<\/h3>\n\n\n\n<p>A global e-commerce company operating across multiple countries uses CMEK to manage encryption keys internally.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This ensures that if a legal issue requires access revocation, their cloud provider cannot decrypt the data on their behalf.<\/li>\n\n\n\n<li>It also meets regulatory requirements in regions with strict data sovereignty laws.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Catching Security Risks Before They Become Disasters<\/h3>\n\n\n\n<p>Security isn\u2019t just about blocking attacks\u2014it\u2019s also about spotting unusual activity before it escalates. TiDB Cloud provides detailed audit logging, allowing organizations to track changes and detect anomalies in real time.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How TiDB Cloud Monitors Activity<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/docs.pingcap.com\/tidbcloud\/tidb-cloud-console-auditing\/\">Cloud Console Logs<\/a> \u2013<\/strong> Tracks cluster changes, user role updates, and API actions, providing visibility into who is making changes to your environment.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/docs.pingcap.com\/tidbcloud\/tidb-cloud-auditing\/\">Database Audit Logs (Dedicated Only)<\/a> \u2013 <\/strong>Captures queries, logins, and schema modifications for deeper security monitoring at the database level.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/docs.pingcap.com\/tidb\/stable\/log-redaction\/#:~:text=When%20TiDB%20provides%20detailed%20log,to%20shield%20user%20data%20values.\">Log Redaction<\/a> \u2013<\/strong> To prevent accidental leakage of sensitive information, TiDB Cloud supports log redaction. This ensures that personally identifiable information (PII) and sensitive data are not written to system logs, preserving customer data privacy during monitoring and debugging.<\/li>\n\n\n\n<li><strong>Integration with SIEM Tools \u2013<\/strong> Audit logs are delivered to a customer-managed S3 bucket by default. From there, organizations can integrate with their preferred SIEM or log analysis tools, such as Datadog or Splunk, using standard data ingestion pipelines.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Why This Matters<\/h3>\n\n\n\n<p>A financial services firm handling sensitive credit card data configures audit logs to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Log every query accessing sensitive financial records.<\/li>\n\n\n\n<li>Trigger alerts if an unusual query pattern or unexpected login attempt occurs.<\/li>\n\n\n\n<li>Investigate potential fraud attempts in real time before damage occurs.<\/li>\n<\/ul>\n\n\n\n<p>By using detailed audit logs, organizations can identify suspicious activity early and act before a breach happens.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Compliance_Made_Easy_Meeting_SOC_2_GDPR_HIPAA_and_More\"><\/span>Compliance Made Easy: Meeting SOC 2, GDPR, HIPAA, and More<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Security is critical, but compliance is often a legal requirement. TiDB Cloud meets major industry standards, helping businesses achieve regulatory compliance without additional overhead.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Compliance Standard<\/strong><\/td><td><strong>What It Ensures<\/strong><\/td><td><strong>Who Needs It<\/strong><\/td><\/tr><tr><td><strong>SOC 2 Type II<\/strong><\/td><td>Protects against unauthorized access and ensures operational security<\/td><td>SaaS companies handling customer data<\/td><\/tr><tr><td><strong>ISO 27001 \/ 27701<\/strong><\/td><td>Provides a framework for security and privacy management<\/td><td>Global businesses needing a certified security program<\/td><\/tr><tr><td><strong>GDPR &amp; CCPA<\/strong><\/td><td>Ensures personal data privacy and user control over information<\/td><td>Any company handling European (GDPR) or California (CCPA) user data<\/td><\/tr><tr><td><strong>HIPAA<\/strong><\/td><td>Secures healthcare data to protect patient privacy<\/td><td>Healthcare providers, insurers, and vendors handling medical records<\/td><\/tr><tr><td><strong>PCI-DSS<\/strong><\/td><td>Safeguards payment card information and transactions<\/td><td>E-commerce companies, payment processors, and financial services<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Why This Matters<\/h3>\n\n\n\n<p>A B2B SaaS platform handling European user data needs to comply with GDPR regulations.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instead of building compliance from scratch, they leverage TiDB Cloud\u2019s ISO 27701 certification as proof of secure data handling.<\/li>\n\n\n\n<li>This saves time and resources, ensuring compliance without additional security infrastructure.<\/li>\n<\/ul>\n\n\n\n<p>By choosing a database that meets these standards, companies reduce compliance risk and simplify audits.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Serverless_vs_Dedicated_Which_TiDB_Cloud_Option_is_More_Secure\"><\/span>Serverless vs. Dedicated: Which TiDB Cloud Option is More Secure?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>TiDB Cloud offers two deployment options, each with different security features. The right choice depends on your workload, compliance requirements, and security needs.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Feature<\/strong><\/td><td><strong>Serverless<\/strong><\/td><td><strong>Dedicated<\/strong><\/td><td><strong>Why It Matters<\/strong><\/td><\/tr><tr><td><strong>Tenant Isolation<\/strong><\/td><td>Shared infrastructure<\/td><td>Single-tenant<\/td><td>Dedicated provides stronger isolation, reducing risk in multi-tenant environments.<\/td><\/tr><tr><td><strong>Private Endpoints<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><td>Both options prevent data from traversing the public internet.<\/td><\/tr><tr><td><strong>IP Access Lists<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><td>Both options allow businesses to restrict database access to specific IPs, adding an extra layer of security.<\/td><\/tr><tr><td><strong>VPC Peering<\/strong><\/td><td>Not available<\/td><td>Supported<\/td><td>Dedicated clusters can connect directly to a private cloud, eliminating public exposure.<\/td><\/tr><tr><td><strong>Database Audit Logging<\/strong><\/td><td>Not available<\/td><td>Supported<\/td><td>Audit logs help track unauthorized access attempts and changes.<\/td><\/tr><tr><td><strong>Encryption at Rest<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><td>Ensures data is unreadable if physical storage is compromised.<\/td><\/tr><tr><td><strong>Custom Encryption Keys for Encryption at Rest<\/strong><\/td><td>Not available<\/td><td>Supported<\/td><td>Organizations that require full control over encryption keys need a Dedicated cluster.<\/td><\/tr><tr><td><strong>RBAC and IAM<\/strong><\/td><td>Supported<\/td><td>Supported<\/td><td>Enforces least-privilege access across the organization and within projects.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Which TiDB Cloud Option is Right for You?<\/h3>\n\n\n\n<p><strong>Choose<\/strong> <strong>TiDB Cloud Serverless<\/strong> if you need a flexible, low-maintenance database for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Development, prototyping, or testing environments.<\/li>\n\n\n\n<li>Non-sensitive workloads that don\u2019t require advanced compliance or custom security controls.<\/li>\n\n\n\n<li>Teams looking for automatic scaling with strong default security (encryption in transit\/at rest, IAM, RBAC, IP allowlists).<\/li>\n<\/ul>\n\n\n\n<p><strong>Choose<\/strong> <strong>TiDB Cloud \uc804\uc6a9<\/strong> when your application requires:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Stronger workload and network isolation through single-tenancy and VPC peering.<\/li>\n\n\n\n<li>Advanced security features like audit logging and bring-your-own-encryption keys (CMEK).<\/li>\n\n\n\n<li>Compliance with regulatory frameworks like HIPAA, ISO 27001, or GDPR.<\/li>\n\n\n\n<li>Granular security observability and integration with SIEM tools.<\/li>\n\n\n\n<li>Full control over user access, roles, and infrastructure-level identity management.<\/li>\n<\/ul>\n\n\n\n<p>These options aren\u2019t mutually exclusive\u2014many teams start with Serverless and migrate to Dedicated as their security, compliance, and customer needs grow.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Real-World Example<\/h3>\n\n\n\n<p>A tech startup developing a new SaaS product chooses <strong>Serverless<\/strong> for rapid prototyping and testing.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>They benefit from automatic scaling and minimal operational overhead while building out their application.<\/li>\n<\/ul>\n\n\n\n<p>As they expand to enterprise customers, they migrate to <strong>Dedicated<\/strong>, allowing them to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enforce strict network security with VPC Peering and IP Access Lists.<\/li>\n\n\n\n<li>Enable database audit logging to track access and comply with security requirements.<\/li>\n\n\n\n<li>Use custom encryption keys (CMEK) to maintain full control over sensitive customer data.<\/li>\n<\/ul>\n\n\n\n<p>This transition ensures compliance and enhanced security without disrupting their growth.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"When_Self-Managed_TiDB_is_Your_Best_Bet\"><\/span>When Self-Managed TiDB is Your Best Bet<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For some businesses, even a secure cloud environment isn\u2019t enough. Running TiDB on-premises or in a self-managed cloud is necessary when organizations require full control over security, compliance, and infrastructure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why Companies Choose Self-Managed TiDB<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Regulatory Compliance \u2013 <\/strong>Some industries, such as government agencies and financial institutions, have strict policies that prohibit storing data on any public cloud, regardless of encryption or certifications.<\/li>\n\n\n\n<li><strong>Custom Security Integrations \u2013<\/strong> Businesses that require custom authentication methods (e.g., LDAP, Kerberos) or hardware security modules (HSMs) often need direct control over their database environment.<\/li>\n\n\n\n<li><strong>On-Premises Data Sovereignty \u2013<\/strong> Organizations conducting classified research or working with highly sensitive intellectual property need to store and process data within specific geographic regions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-World Example<\/h3>\n\n\n\n<p>A defense contractor working with classified information chooses to deploy self-managed TiDB in a private data center.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This setup ensures that data never leaves their controlled environment, meeting strict government regulations.<\/li>\n\n\n\n<li>It allows them to integrate with specialized security infrastructure, such as air-gapped networks and government-certified encryption modules.<\/li>\n<\/ul>\n\n\n\n<p>By running TiDB on dedicated, private infrastructure, organizations can maintain complete control over security, compliance, and data governance.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Choosing_the_Right_Security_Strategy_for_Your_Database\"><\/span>Choosing the Right Security Strategy for Your Database<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>TiDB Cloud delivers enterprise-grade security without unnecessary complexity. The right deployment model depends on your security, compliance, and operational needs:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>TiDB Cloud Serverless \u2013<\/strong> Ideal for development, testing, and non-sensitive workloads, offering automatic scaling with minimal configuration.<\/li>\n\n\n\n<li><strong>TiDB Cloud Dedicated \u2013<\/strong> The best choice for compliance-driven industries, providing advanced security features, private networking, and encryption control.<\/li>\n\n\n\n<li><strong>TiDB Self-Managed \u2013<\/strong> Required when complete infrastructure control is necessary, such as for government agencies, highly regulated industries, or air-gapped environments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What\u2019s Next?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Looking for a detailed security assessment?<\/strong> <a href=\"https:\/\/www.pingcap.com\/ko\/contact-us\/\">Contact our team<\/a> for a security consultation tailored to your compliance needs.<\/li>\n\n\n\n<li><strong>Want to see TiDB Cloud\u2019s compliance certifications? <\/strong><a href=\"https:\/\/www.pingcap.com\/ko\/trust-hub\/compliance\/\">Request our latest SOC 2, ISO 27001, or HIPAA compliance reports today<\/a>.<\/li>\n\n\n\n<li><strong>Ready to test TiDB Cloud\u2019s security features?<\/strong> <a href=\"https:\/\/tidbcloud.com\/free-trial\/?__hstc=86493575.56092b205279b52d173af4ce908b29cc.1742330167370.1743090157442.1743096766623.34&amp;__hssc=86493575.24.1743096766623&amp;__hsfp=2436917072&amp;_gl=1*1rk1due*_gcl_aw*R0NMLjE3Mzk0ODAwNjIuQ2p3S0NBaUF6YmE5QmhCaEVpd0E3Z2xiYWxTb3VCS1Z4SUZxVEpIX0s1bVFpYkJ6aTNPMUpYM0tGcjdYaG1CZzJ0ZFdvODd6WjhHRkdSb0NvOG9RQXZEX0J3RQ..*_gcl_au*NzY3NDM3MDEuMTc0MjMyOTgxOA..*_ga*MzczMDk0NTUyLjE3NDIzMjk4MDQ.*_ga_3JVXJ41175*MTc0MzA5Njc2NC4zMi4xLjE3NDMwOTczNDAuMzkuMC43NzYxMDgyODM.*_ga_ZEL0RNV6R2*MTc0MzA5Njc5My4xNC4xLjE3NDMwOTczNDIuMC4wLjA.*_ga_9FRXHHPYVY*MTc0MzA5Njc2Ni4zMi4xLjE3NDMwOTczNDIuMzkuMC4w&amp;website_referrer_url=https:\/\/www.google.com\/\">Sign up for a free trial<\/a> and start building with confidence.<\/li>\n<\/ul>\n\n\n\n<p>By making security a priority from day one, organizations can protect their data, simplify compliance, and reduce risk without compromising performance.<\/p>","protected":false},"excerpt":{"rendered":"<p>When security controls fail, the consequences aren\u2019t just technical\u2014they\u2019re financial, legal, and reputational. A single database misconfiguration cost one company $10 million in fines. TiDB Cloud prevents these risks, offering enterprise-grade security without unnecessary complexity. In this post, we\u2019ll explore how TiDB Cloud protects your data, compare the security features of its Starter and Dedicated [&hellip;]<\/p>\n","protected":false},"author":284,"featured_media":26106,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ub_ctt_via":"","footnotes":""},"categories":[13],"tags":[218,394,147,393,31],"class_list":["post-26099","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-product","tag-compliance","tag-database-security","tag-distributed-sql","tag-encryption","tag-tidb-cloud"],"acf":[],"featured_image_src":"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png","author_info":{"display_name":"Mark Donsky","author_link":"https:\/\/www.pingcap.com\/ko\/blog\/author\/mdonsky\/"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>TiDB Cloud Security: Protecting Data Without Added Complexity<\/title>\n<meta name=\"description\" content=\"Explore the security features behind TiDB Cloud and learn when a self-managed TiDB deployment might be the best fit.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pingcap.com\/ko\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TiDB Cloud Security: Protecting Data Without Added Complexity\" \/>\n<meta property=\"og:description\" content=\"Explore the security features behind TiDB Cloud and learn when a self-managed TiDB deployment might be the best fit.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pingcap.com\/ko\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"TiDB\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/pingcap2015\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-27T17:58:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-16T17:42:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/static.pingcap.com\/files\/2025\/03\/27104531\/tidb_1200x627-4.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1254\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mark Donsky\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/static.pingcap.com\/files\/2025\/03\/27104550\/tidb_twitter_1600x900-4.png\" \/>\n<meta name=\"twitter:creator\" content=\"@PingCAP\" \/>\n<meta name=\"twitter:site\" content=\"@PingCAP\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Donsky\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\"},\"author\":{\"name\":\"Mark Donsky\",\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/person\/ebeea8e13f20859f7d79e6906889616a\"},\"headline\":\"Secure by Design: How TiDB Cloud Protects Your Data and Simplifies Compliance\",\"datePublished\":\"2025-03-27T17:58:54+00:00\",\"dateModified\":\"2026-04-16T17:42:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\"},\"wordCount\":2283,\"publisher\":{\"@id\":\"https:\/\/www.pingcap.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png\",\"keywords\":[\"Compliance\",\"Database Security\",\"Distributed SQL\",\"Encryption\",\"TiDB Cloud\"],\"articleSection\":[\"Product\"],\"inLanguage\":\"ko-KR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\",\"url\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\",\"name\":\"TiDB Cloud Security: Protecting Data Without Added Complexity\",\"isPartOf\":{\"@id\":\"https:\/\/www.pingcap.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png\",\"datePublished\":\"2025-03-27T17:58:54+00:00\",\"dateModified\":\"2026-04-16T17:42:15+00:00\",\"description\":\"Explore the security features behind TiDB Cloud and learn when a self-managed TiDB deployment might be the best fit.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage\",\"url\":\"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png\",\"contentUrl\":\"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png\",\"width\":3600,\"height\":1200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.pingcap.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure by Design: How TiDB Cloud Protects Your Data and Simplifies Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.pingcap.com\/#website\",\"url\":\"https:\/\/www.pingcap.com\/\",\"name\":\"TiDB\",\"description\":\"TiDB | SQL at Scale\",\"publisher\":{\"@id\":\"https:\/\/www.pingcap.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.pingcap.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.pingcap.com\/#organization\",\"name\":\"PingCAP\",\"url\":\"https:\/\/www.pingcap.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png\",\"contentUrl\":\"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png\",\"width\":811,\"height\":232,\"caption\":\"PingCAP\"},\"image\":{\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/pingcap2015\",\"https:\/\/x.com\/PingCAP\",\"https:\/\/linkedin.com\/company\/pingcap\",\"https:\/\/youtube.com\/channel\/UCuq4puT32DzHKT5rU1IZpIA\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/person\/ebeea8e13f20859f7d79e6906889616a\",\"name\":\"Mark Donsky\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/static.pingcap.com\/files\/2022\/10\/17234942\/avatar.jpg\",\"contentUrl\":\"https:\/\/static.pingcap.com\/files\/2022\/10\/17234942\/avatar.jpg\",\"caption\":\"Mark Donsky\"},\"description\":\"Product Manager\",\"url\":\"https:\/\/www.pingcap.com\/ko\/blog\/author\/mdonsky\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TiDB Cloud Security: Protecting Data Without Added Complexity","description":"Explore the security features behind TiDB Cloud and learn when a self-managed TiDB deployment might be the best fit.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pingcap.com\/ko\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/","og_locale":"ko_KR","og_type":"article","og_title":"TiDB Cloud Security: Protecting Data Without Added Complexity","og_description":"Explore the security features behind TiDB Cloud and learn when a self-managed TiDB deployment might be the best fit.","og_url":"https:\/\/www.pingcap.com\/ko\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/","og_site_name":"TiDB","article_publisher":"https:\/\/facebook.com\/pingcap2015","article_published_time":"2025-03-27T17:58:54+00:00","article_modified_time":"2026-04-16T17:42:15+00:00","og_image":[{"width":2400,"height":1254,"url":"https:\/\/static.pingcap.com\/files\/2025\/03\/27104531\/tidb_1200x627-4.png","type":"image\/png"}],"author":"Mark Donsky","twitter_card":"summary_large_image","twitter_image":"https:\/\/static.pingcap.com\/files\/2025\/03\/27104550\/tidb_twitter_1600x900-4.png","twitter_creator":"@PingCAP","twitter_site":"@PingCAP","twitter_misc":{"Written by":"Mark Donsky","Est. reading time":"11\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#article","isPartOf":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/"},"author":{"name":"Mark Donsky","@id":"https:\/\/www.pingcap.com\/#\/schema\/person\/ebeea8e13f20859f7d79e6906889616a"},"headline":"Secure by Design: How TiDB Cloud Protects Your Data and Simplifies Compliance","datePublished":"2025-03-27T17:58:54+00:00","dateModified":"2026-04-16T17:42:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/"},"wordCount":2283,"publisher":{"@id":"https:\/\/www.pingcap.com\/#organization"},"image":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png","keywords":["Compliance","Database Security","Distributed SQL","Encryption","TiDB Cloud"],"articleSection":["Product"],"inLanguage":"ko-KR"},{"@type":"WebPage","@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/","url":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/","name":"TiDB Cloud Security: Protecting Data Without Added Complexity","isPartOf":{"@id":"https:\/\/www.pingcap.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png","datePublished":"2025-03-27T17:58:54+00:00","dateModified":"2026-04-16T17:42:15+00:00","description":"Explore the security features behind TiDB Cloud and learn when a self-managed TiDB deployment might be the best fit.","breadcrumb":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#primaryimage","url":"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png","contentUrl":"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png","width":3600,"height":1200},{"@type":"BreadcrumbList","@id":"https:\/\/www.pingcap.com\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pingcap.com\/"},{"@type":"ListItem","position":2,"name":"Secure by Design: How TiDB Cloud Protects Your Data and Simplifies Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.pingcap.com\/#website","url":"https:\/\/www.pingcap.com\/","name":"\ud2f0DB","description":"TiDB | SQL at Scale","publisher":{"@id":"https:\/\/www.pingcap.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pingcap.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/www.pingcap.com\/#organization","name":"PingCAP","url":"https:\/\/www.pingcap.com\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/","url":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","contentUrl":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","width":811,"height":232,"caption":"PingCAP"},"image":{"@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/pingcap2015","https:\/\/x.com\/PingCAP","https:\/\/linkedin.com\/company\/pingcap","https:\/\/youtube.com\/channel\/UCuq4puT32DzHKT5rU1IZpIA"]},{"@type":"Person","@id":"https:\/\/www.pingcap.com\/#\/schema\/person\/ebeea8e13f20859f7d79e6906889616a","name":"Mark Donsky","image":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.pingcap.com\/#\/schema\/person\/image\/","url":"https:\/\/static.pingcap.com\/files\/2022\/10\/17234942\/avatar.jpg","contentUrl":"https:\/\/static.pingcap.com\/files\/2022\/10\/17234942\/avatar.jpg","caption":"Mark Donsky"},"description":"Product Manager","url":"https:\/\/www.pingcap.com\/ko\/blog\/author\/mdonsky\/"}]}},"grav_blocks":false,"card_markup":"<a class=\"card-resource bg-white\" href=\"https:\/\/www.pingcap.com\/ko\/blog\/tidb-cloud-security-protecting-data-simplifying-compliance\/\"><div class=\"card-resource__image-container\"><img class=\"card-resource__image\" alt=\"tidb_feature_1800x600 (1)\" src=\"https:\/\/static.pingcap.com\/files\/2025\/03\/27104514\/tidb_feature_1800x600-1-4.png\" loading=\"lazy\" width=3600 height=1200 \/><\/div><div class=\"card-resource__content-container\"><div class=\"card-resource__content-head\"><div class=\"card-resource__category\">Product<\/div><\/div><h5 class=\"card-resource__title\">Secure by Design: How TiDB Cloud Protects Your Data and Simplifies Compliance<\/h5><\/div><\/a>","_links":{"self":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts\/26099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/users\/284"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/comments?post=26099"}],"version-history":[{"count":9,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts\/26099\/revisions"}],"predecessor-version":[{"id":33111,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts\/26099\/revisions\/33111"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/media\/26106"}],"wp:attachment":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/media?parent=26099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/categories?post=26099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/tags?post=26099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}