A passport to data-centric protection and privacy, pt 2
From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IBM Systems IT Infrastructure blog. The opinions in these posts are their own, and do not necessarily reflect the views of IBM.
Despite the challenges associated with breaches and growing hacker threats I discussed in part 1 of this blog series, businesses do have effective options for protecting their prized data. Recently, I discussed the emerging data privacy and protection landscape with two IBM Z security subject matter experts: IBM Z Security Offering Manager Jessica Doherty and Senior Technical Staff Member Anthony Sofia.
IBM Z data privacy and protection solutions support a hybrid cloud environment by enabling more dynamic policies and faster encryption, driving down costs, providing transparency for access control (reducing insider and elevated privileges threats). A key function from a security administrator perspective is that enhanced security in the cloud, enabled by IBM solutions such as IBM Data Privacy Passports, currently available in beta, and IBM Cloud Hyper Protect Services, mitigates the risk of hackers getting key access to data. With the large amount of data being created and used each day, the ability to securely store, prioritize, analyze and share (and scale) that data is fundamental to security, operations and commerce.
Two other capabilities on IBM Z enable encrypting everywhere. Organizations today are challenged to encrypt all data in-flight by corporate directive while protecting the integrity and confidentiality of this date. IBM Fibre Channel Endpoint Security, an upcoming IBM Z capability, enables FICON® or FCP Links from the IBM z15 to the IBM DS8900F storage family to be encrypted and protected. This promotes a mechanism for all data flowing within and across data centers is traveling between authenticated entities. It also improves your ability to provide auditable information verifying that customer data is only accessed by IBM Z and IBM DS8900F storage devices.
The second capability is IBM Z Data Privacy for Diagnostics. This is a z/OS capability exclusive to z15 to control access to data shared with business partners and ecosystems. Organizations are looking to protect from the accidental sharing of sensitive data when sending diagnostic information to vendors. IBM Z Data Privacy for Diagnostics helps them accomplish this by using sensitive data-tagging APIs to detect, and redact all tagged data from diagnostic dumps.
Introducing IBM Data Privacy Passports
I was aware of many of the new IBM platform improvements, but what really excited me in my discussion with Jessica and Anthony was their explanation of IBM Data Privacy Passports. Data Privacy Passports, available now in beta, offers another layer of protection and privacy for data based on a sound stack of infrastructure provided by the new IBM z15. To me this addresses a significant gap in both internal and external supply chain security that is a vulnerability of focus and opportunity for many hackers. Data Privacy Passports brings in a new agility for administrators and users to control their own data, including with third party vendors.
Businesses and organizations are very concerned with ensuring that data shared with their own networks, that often includes third-party partners, remains protected, accessible, and private. Data Privacy Passports enables transparent, end-to-end, data-level protection. With Data Privacy Passports you can encrypt your data, grant and revoke access to it, and maintain control of it – even as it is in transit and no matter where it is. This allows for different lines of business in an enterprise to share data from different processes. It minimizes complexity and reduces costs.
Data Privacy Passports also allows for policy-based views of data where you can start to enforce the kinds of perimeters so data can be shared where it wasn’t before on a need to know. For example, data can be protected at the field level. This is critical for both enterprises and or ensuring transparency and security in any supply chain.
Data security does require a multilevel approach if we are going to effectively reduce the breach epidemic among businesses. The data-centric IBM z15 and Data Privacy Passports offers security solutions to simultaneously address breaches and provide privacy and ease of operations for any business operating in the connected digital landscape. It is these kind of innovative technology solutions and tools that makes me optimistic as we confront cybersecurity challenges coming in the next decade.
Address data privacy and protection requirements with encryption everywhere
Watch Jessica and Anthony in an on-demand webinar: Address data privacy and protection requirements with encryption everywhere. They’ll cover data privacy in greater depth and you’ll discover how Data Privacy Passports helps protect your data wherever it goes, in and out of your data center. You’ll also see how the unparalleled data protection of IBM z15 helps you meet consumer privacy demands and protect against data breach damage while reducing data protection cost and complexity.
 “18.4x faster encryption than other solutions.” Source: Solitaire Interglobal Ltd, Pervasive Encryption: A New Paradigm for Protection: https://www.ibm.com/account/reg/us-en/signup?formid=urx-17749
 A- Source: IBM Competitive Project Office. IBM z15 Data Privacy Passports: Protecting data wherever it goes and generating a projected 300% ROI. URL: https://www.ibm.com/downloads/cas/B36KQKYD B – Pervasive encryption on z/OS can result in approximate savings of 3-5% in administrative and programming labor costs, based on an IT Economics analysis.” Substantiation: “Pervasive Encryption relieves programmers and system administrators from having to selectively implement encryption for their data and programs. Cost benefits ranging from 3- 5% are estimated based on a labor model of headcount derived from IT Economics assessments for client environments. Results may vary by customer.”
 Statement of direction in z15 announcement: To be delivered post-GA