Introducing IBM Cloud Data Security Broker.

The global average cost of a data breach in 2022 was USD 9.44 million, not to mention the reputational impact that these breaches could cause. To protect consumers’ privacy, regulatory requirements around the world are significantly evolving around data security (e.g., Schrems II in Europe, State-level Privacy Acts in the US). Given such a risk and compliance landscape, sensitive data protection has become a business imperative for organizations looking to modernize their applications to cloud.

Enterprises use encryption to protect data at rest—at the operating system, file system and even database. But they are still struggling to answer questions like: How can they encrypt personally identifiable information (PII) like a social security number? Or mask personal health information (PHI)? Or de-identify such data when using analytics and AI? And how can they do that at scale so that not every application accessing this encrypted data requires change, and not every application developer becomes a security expert?

What is IBM Cloud Data Security Broker?

Clearly, a modern cloud solution is required that addresses these needs – where businesses can encrypt, mask, de-identify or tokenize sensitive data (without changing application code). This is why we are introducing IBM Cloud Data Security Broker.

IBM Cloud Data Security Broker is a cloud security solution that can be used to achieve field-level encryption, masking and tokenization. It is based on innovative architecture where a ‘broker’ sits in between an application and data store to achieve data security seamlessly. It provides a data-centric protection layer allowing customers to tokenize, encrypt and mask data at the column or row level. This is achieved without any application code modifications while supporting customer-managed encryption keys—either a Bring Your Own Key (BYOK) or Keep Your Own Key (KYOK) model.

Security teams can centrally define the granular application encryption policies and manage keys. Developers can seamlessly integrate applications with data stores, even if those sensitive fields are encrypted. It allows IT teams to deploy these application architectures on hybrid multicloud; on IBM Cloud or in any other cloud provider through an IBM Cloud Satellite deployment pattern. It also enables data and analytics teams to access data without compromising privacy:

Data Security Broker consists of two major components:

  • Data Security Broker Manager: Centralized administrative console for configuration and management of data protection policies.
  • Data Security Broker Shield: A reverse proxy technology that is in the customer’s control and performs encryption, decryption, tokenization, masking and access control functions for each data source.

The primary benefits include the following:

  • On-the-fly encryption, de-identification, masking or tokenization of data in the cloud
  • “No-code” deployment that does not require application changes
  • Fast, scalable and unintrusive to data throughput
  • Role-based data access control to dynamically enforce who can see what data
  • A consolidated suite of data protection capabilities like encryption, tokenization, dynamic data masking, Format Preserving Encryption (FPE), field and record level encryption, file and object encryption and secure data sharing
  • Customers can manage and control their encryption keys with Bring Your Own Key (BYOK) and Keep Your Own Key (KYOK) models
  • Automated cloud deployment patterns

Get started

IBM Cloud Data Security Broker is now available as Beta in IBM Cloud with support for PostgreSQL databases. It integrates with IBM Cloud Hyper Protect Crypto Services and Key Protect for customer-managed keys. This innovative and elegant solution is made possible in close collaboration with Baffle’s proven technology.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters