November 8, 2017 | Written by: Shane Dunn and Brandon Beadel & Simon Rogers
Share this post:
Our data responsibility obligations matter to us. Data privacy, data residency, and data protection matter to you and your users.
With this post, we have two goals:
- To share our data-first approach to help you architect and deliver secure data-centric applications
- To answer your data protection questions so you can leverage our cloud and unlock your data potential
Developers and architects are crucial to our trusted partnership status for data processing. Central to system design and deployment considerations is the need to maintain a data-centric focus and a data-first approach. Our systems support and enhance our clients’ work of our clients—and the heart of their business is their data.
We know this. Our cloud services treat customer data privacy and security as the highest priority. We have a comprehensive program in place to secure data and meet customer requirements linked to data-centric standards, such as PCI, HIPAA and FFIEC.
Secure by design
Data privacy is our primary consideration when developing all solutions—and we put data control in our customers’ hands. Our access controls are designed to reduce the need for access to customer content and limit the level of access in the rare cases where it is necessary. We do this by implementing strict access controls, privileges, and granular permission systems to ensure clients know and agree to situations where we interact with their data.
Secure access to data
Data security is assured through the processes and technical mechanisms shown below. This data-centric security model is driven by access controls and extensive monitoring and logging. The access approval process includes mechanisms to:
- Ensure that security access approval is routed to the data owner (where possible) or data service owner to validate the need
- Mandate that access requests for data flow through the data-centric security logic
- Access requests are properly logged to create a clear audit trail
- Ongoing need is audited and use of the rights is monitored
When an individual needs access to data, he or she (or their manager) initiates a workflow to request access:
- The workflow first notifies the appropriate data owner about the request, along with individual details, required access level of access, and access request justification. The level of access is limited to the minimum necessary to perform the job function. The systems may allow simple yes/no access or may require a more sophisticated set of criteria interpreted by security access guards. Access may be granted to the entire subject area, to business objects, or individual business attributes, depending on the necessary breadth of security control.
- The data owner approves or denies the request. The response is logged. The data owner has a report of those with access and can remove access as appropriate.
- If access is approved, the workflow sends a request to add the access rights to the individual’s security profile, manual or automated. The security profile is typically in a user directory such as LDAP.
Data-centric security access
There are two types of data-centric guard functions that protect data access:
- Pre-access guards: Determine whether the caller is authorized to access the requested data. These guards run at the start of the request.
- Post-access guards: Adjust data that is returned to the caller so it complies with the information protection policies for the service. These guards should run towards the end of the processing, before the data is returned to the caller. Examples include masking sensitive data, removing elements that identify individuals, and encrypting data for transmission.
Many types of data platforms are available to developers to store and analyze data. Our catalog, for example, includes many choices, including SQL and NoSQL databases and application servers. Each data platform may have its own support mechanisms for securing data. Clients may choose to distribute or replicate their data across multiple platforms depending on the requirements of the business workloads.
The data-centric security access guard functions must provide consistent access control to all copies of data. The data services are responsible for calling the data-centric security guard functions to validate that the user or system requesting data is authorized.
The stored data can then be isolated from external users and systems so they are only callable by the data services. This is accomplished by using an isolated network or access security set up with a restricted set of user accounts that only the data services, authorized processes inside the data service, and specific personnel in the data service operation team can access.
Access monitoring and logging
All access requests made and granted, along with details of the data retrieved, are recorded in the audit data repositories—which are separate and secure. These repositories are designed for analytical review and investigation by the security team.
Security analytics and auditing
The use of workflow for granting and removing access rights provides auditable evidence of user access to particular data. Access logging reveals:
- Who extracted a particular type of data
- The scope of a particular individual’s access to data
Data responsibility at IBM Cloud Europe
Our data-centric approach to building and operating IBM Cloud ensures your data privacy and security are respected. The technology and processes outlined here ensure we meet these requirements continuously. We also give you the tools to enable success with your own privacy and security. Many products and services are available from the robust IBM Cloud catalog that provide the needed functionality to secure data and meet the stringent requirements of global standards and regulations. We provide customers with mechanisms to limit access, to log and monitor activity, to respond to vulnerabilities and risks, and more. With us, clients focus on what is most important to their business: turning their data into actionable insight.
Our data-first security principles safeguard customer data across the world. IBM Cloud Europe is planning additional capabilities which give clients even more control of their data and more visibility into how we process data.
We are updating our security access procedures for dedicated and shared environments in Europe to ensure client content (including personal data and special personal data) stays in the EU. EU-based IBM employees play a critical role in our incident and change management processes, reviewing all changes that affect client data and any data access requests from outside the EU. For dedicated cloud instances, we’re putting you in control—you will review and approve all non-EU access requests to your content if an instance requires support or access from a non-EU based employee.
If data must be accessed outside the EU, we ensure appropriate and transparent transfer mechanisms are in place and consistent levels of protection are maintained—regardless of location. This allows us to securely connect our worldwide team with European support professionals to leverage global subject matter expertise.
For more resources about how we protect your data:
Learn more about our European data protection controls