In my discussions with CIOs and CISOs in organizations around the globe, I’ve noticed a common concern. How can these organizations keep business and customer data private and protected as they transform for hybrid multicloud?
As the volume and complexity of data sharing grows this concern is increasingly validated. According to the 2018 Third-Party Data Risk Study by Opus and Ponemon, 59 percent of companies experienced a data breach caused by a third party. As research company Enterprise Management Associates (EMA) notes in a recent paper sponsored by IBM, data sharing is a common part of business today and data theft is almost equally as common. And because applications span hybrid multicloud environments, much of your customer data may live in the public cloud and may be shared frequently with your external business partners.
Data security solutions to address these concerns exist, but many are siloed. As data moves from one place to another, that data must be independently protected at every stop along the way, resulting in protection that can be fragmented, rather than end-to-end. Organizations moving more workloads to hybrid multicloud environments must ensure that data within these environments is protected effectively.
Read on to learn how recent enhancements to the IBM Z® platform help you keep data protected and private in the hybrid multicloud.
Extend data privacy and protection with Data Privacy Passports
One advantage IBM Z enjoys when it comes to security is that we own the z/OS operating system and software stack. This allows us to design security into the platform from the chip to the software stack, and continuously innovate and react to or anticipate customer needs by adding new capabilities. Recently we announced IBM Data Privacy Passports, a data privacy and security enforcement solution with off-platform access revocation. Now you can protect data and provide need-to-know access to data as it moves away from the system of record. Just as a passport allows you to travel beyond your home country’s borders with your government’s protection, Data Privacy Passports allows data to move beyond your data center while retaining the protection provided on IBM Z.
Securely build, deploy and manage mission-critical applications with IBM Hyper Protect Virtual Servers
Many technologies aim to protect applications in production, but the build phase may expose applications to vulnerabilities. IBM Hyper Protect Virtual Servers are designed to protect Linux® workloads on IBM Z and LinuxONE throughout the application lifecycle by combining several built-in capabilities from the hardware, firmware and operating system. You can build applications with integrity through a secure build Continuous Integration Continuous Delivery (CICD) pipeline flow. Through this CICD, developers can validate the code that is used to build their images, which helps reassure their users of the integrity level of their applications. After deploying, administrators can use RESTful APIs to manage the application infrastructure — without having access to those applications or their sensitive data.
Clients such as KORE Technologies and Phoenix Systems can address tampering and unauthorized access to data by isolating memory and restricting command-line access for administrators. “It’s crucial that we can push code out to our customer environments quickly and efficiently, ” says Isabella Brom, COO at KORE Technologies. “With IBM Hyper Protect Virtual Servers we can do that, while protecting our clients’ digital assets from compromise either from outside or from within.”
Protect data in flight with IBM Fibre Channel Endpoint Security
With pervasive encryption, you can decouple data protection from data classification by encrypting data for an application or database without requiring costly application changes. The design of new IBM Fibre Channel Endpoint Security for IBM z15™ extends the value of pervasive encryption by protecting data flowing through the Storage Area Network (SAN) from IBM z15™ to IBM DS8900F or between Z platforms. This occurs independent of the operating system, file system, or access method in use, and can be used in combination with full disk encryption to ensure SAN data is protected both in-flight and at-rest.
Redact sensitive data with IBM Z Data Privacy for Diagnostics
Even though IBM has earned a reputation for being a stable platform, problems do occur and diagnosing these problems often requires organizations to send diagnostic reports to IBM or other vendors. It is possible for sensitive data to be captured as part of the error reporting process and there is no easy way for an organization to determine what data has been captured. This can pose a problem for compliance with data privacy regulations. With IBM Z Data Privacy for Diagnostics, a z/OS capability available on IBM z15™, you maintain control when working with third-party vendors by redacting data tagged as sensitive and creating a protected diagnostic dump that can be shared externally.
 2018 Data Risk in the Third-Party Ecosystem: Third Annual Study. Opus and Ponemon Institute, 2018. Written permission to use stat received 5 March 2020. URL: https://www.businesswire.com/news/home/20181115005665/en/Opus-Ponemon-Institute-Announce-Results-2018-Third-Party
 “Managing Data in a Dangerous World: The State of Data Protection.” Enterprise Management Associates. Paper commissioned by IBM. URL: https://www.ibm.com/account/reg/us-en/signup?formid=urx-43056