March 10, 2020 By Michael Jordan 3 min read

In my discussions with CIOs and CISOs in organizations around the globe, I’ve noticed a common concern. How can these organizations keep business and customer data private and protected as they transform for hybrid multicloud?

As the volume and complexity of data sharing grows this concern is increasingly validated. According to the 2018 Third-Party Data Risk Study by Opus and Ponemon, 59 percent of companies experienced a data breach caused by a third party[1]. As research company Enterprise Management Associates (EMA) notes in a recent paper sponsored by IBM, data sharing is a common part of business today and data theft is almost equally as common[2]. And because applications span hybrid multicloud environments, much of your customer data may live in the public cloud and may be shared frequently with your external business partners.

Data security solutions to address these concerns exist, but many are siloed. As data moves from one place to another, that data must be independently protected at every stop along the way, resulting in protection that can be fragmented, rather than end-to-end.  Organizations moving more workloads to hybrid multicloud environments must ensure that data within these environments is protected effectively.

Read on to learn how recent enhancements to the IBM Z® platform help you keep data protected and private in the hybrid multicloud.

Extend data privacy and protection with Data Privacy Passports

One advantage IBM Z enjoys when it comes to security is that we own the z/OS operating system and software stack. This allows us to design security into the platform from the chip to the software stack, and continuously innovate and react to or anticipate customer needs by adding new capabilities. Recently we announced IBM Data Privacy Passports, a data privacy and security enforcement solution with off-platform access revocation. Now you can protect data and provide need-to-know access to data as it moves away from the system of record. Just as a passport allows you to travel beyond your home country’s borders with your government’s protection, Data Privacy Passports allows data to move beyond your data center while retaining the protection provided on IBM Z.

Securely build, deploy and manage mission-critical applications with IBM Hyper Protect Virtual Servers

Many technologies aim to protect applications in production, but the build phase may expose applications to vulnerabilities. IBM Hyper Protect Virtual Servers are designed to protect Linux® workloads on IBM Z and LinuxONE throughout the application lifecycle by combining several built-in capabilities from the hardware, firmware and operating system. You can build applications with integrity through a secure build Continuous Integration Continuous Delivery (CICD) pipeline flow. Through this CICD, developers can validate the code that is used to build their images, which helps reassure their users of the integrity level of their applications. After deploying, administrators can use RESTful APIs to manage the application infrastructure — without having access to those applications or their sensitive data.

Clients such as KORE Technologies and Phoenix Systems can address tampering and unauthorized access to data by isolating memory and restricting command-line access for administrators. “It’s crucial that we can push code out to our customer environments quickly and efficiently, ” says Isabella Brom, COO at KORE Technologies. “With IBM Hyper Protect Virtual Servers we can do that, while protecting our clients’ digital assets from compromise either from outside or from within.”

Protect data in flight with IBM Fibre Channel Endpoint Security

With pervasive encryption, you can decouple data protection from data classification by encrypting data for an application or database without requiring costly application changes. The design of new IBM Fibre Channel Endpoint Security for IBM z15™ extends the value of pervasive encryption by protecting data flowing through the Storage Area Network (SAN) from IBM z15™ to IBM DS8900F or between Z platforms. This occurs independent of the operating system, file system, or access method in use, and can be used in combination with full disk encryption to ensure SAN data is protected both in-flight and at-rest.

Redact sensitive data with IBM Z Data Privacy for Diagnostics

Even though IBM has earned a reputation for being a stable platform, problems do occur and diagnosing these problems often requires organizations to send diagnostic reports to IBM or other vendors. It is possible for sensitive data to be captured as part of the error reporting process and there is no easy way for an organization to determine what data has been captured. This can pose a problem for compliance with data privacy regulations. With IBM Z Data Privacy for Diagnostics, a z/OS capability available on IBM z15™, you maintain control when working with third-party vendors by redacting data tagged as sensitive and creating a protected diagnostic dump that can  be shared externally.

[1] 2018 Data Risk in the Third-Party Ecosystem: Third Annual Study. Opus and Ponemon Institute, 2018. Written permission to use stat received 5 March 2020.  URL:

[2] “Managing Data in a Dangerous World: The State of Data Protection.” Enterprise Management Associates. Paper commissioned by IBM. URL:

Was this article helpful?

More from Cybersecurity

What is AI risk management?

8 min read - AI risk management is the process of systematically identifying, mitigating and addressing the potential risks associated with AI technologies. It involves a combination of tools, practices and principles, with a particular emphasis on deploying formal AI risk management frameworks. Generally speaking, the goal of AI risk management is to minimize AI's potential negative impacts while maximizing its benefits. AI risk management and AI governance AI risk management is part of the broader field of AI governance. AI governance refers to…

Data protection strategy: Key components and best practices

8 min read - Virtually every organization recognizes the power of data to enhance customer and employee experiences and drive better business decisions. Yet, as data becomes more valuable, it's also becoming harder to protect. Companies continue to create more attack surfaces with hybrid models, scattering critical data across cloud, third-party and on-premises locations, while threat actors constantly devise new and creative ways to exploit vulnerabilities. In response, many organizations are focusing more on data protection, only to find a lack of formal guidelines and…

What you need to know about the CCPA draft rules on AI and automated decision-making technology

9 min read - In November 2023, the California Privacy Protection Agency (CPPA) released a set of draft regulations on the use of artificial intelligence (AI) and automated decision-making technology (ADMT). The proposed rules are still in development, but organizations may want to pay close attention to their evolution. Because the state is home to many of the world's biggest technology companies, any AI regulations that California adopts could have an impact far beyond its borders.  Furthermore, a California appeals court recently ruled that…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters