Address customer data privacy and protection concerns with encryption everywhere

By | 5 minute read | October 14, 2019

Data privacy and protection remain top boardroom and C-suite issues. The data breach threat still looms large: 59 percent of businesses experienced a data breach caused by a vendor or third party in 2018[1]. As organizations migrate workloads to hybrid multicloud environments, they must ensure that the data within these environments is effectively protected.

Consumers have grown more concerned with the privacy of their data — as have regulators. In 2019, many fines were levied related to GDPR and U.S. Federal Trade Commission regulations. High-profile corporate data breaches and misuses have increased consumer scrutiny of how corporations use and share their data. A new IBM and The Harris Poll study found that almost all consumer respondents (94 percent) agree that businesses should do more to protect their privacy.[2]

These trends, along with recent regulations such as the EU GDPR, the upcoming California Consumer Privacy Act, and Thailand’s Personal Data Protection Act, indicate that the pendulum is swinging toward more privacy and protection of personal data.

In addition to protection, your customers now expect privacy and control of their data. How can you deliver this?

Expand data privacy and protection

Until now, in my experience, both organizations and solutions have typically focused on protecting data at the aggregate level — within entire databases or applications. Existing data-protection solutions tend to be siloed and focus on protecting only data within the IT infrastructure. But data does not stay in one place: it needs to move. The need to manage privacy across multiple disjointed solutions makes enforcing the appropriate use of data (data privacy) across an organization complex.

Pervasive encryption helps prevent data misuse from data breaches across your enterprise and keeps data within your direct control. Even if hackers breach the data, they would likely not be able to access it because it is encrypted.

Pervasive encryption lets you encrypt all enterprise data, keeping it secured within your on-premises environment. But what about when the data leaves this environment? What about data on other platforms?

Much of your customers’ data lives in the public cloud and is shared with your business partners. Your customers want this data private and easy to control, yet instantly accessible. Consumer mandates for data privacy and protection wherever their data lives require the extension of enterprise-level security beyond your data center’s on-premises architecture. This requires data-centric audit and protection (DCAP): protecting information at the data level rather than broadly at the IT infrastructure level. Think of this level of protection as having encryption everywhere.

Introducing IBM Data Privacy Passports, exclusively for IBM z15™

IBM Data Privacy Passports, a leading-edge DCAP solution available in beta on the new IBM z15, empowers you to  build customer trust by keeping data private and secured wherever it goes.

With Data Privacy Passports, you control how data is shared and accessed. Now you can protect and provision data while revoking access to that data at any time, regardless of where the data is located. Data Privacy Passports extends encryption everywhere, enforcing data privacy by policy even when the data leaves your data center and extending IBM Z enterprise-class protection to data from other sources. It enables you to enforce the appropriate use of data across private, public and hybrid clouds at the data level. It does this all without impacting system performance.

A simple example demonstrates how Data Privacy Passports creates strong data privacy and protection for your customers. Consider an international bank that does business with a financial technology company. The bank sets rules governing the company’s use of the bank’s customer data through agreed-upon terms and conditions. Using Data Privacy Passports, it can enforce these rules and limit or revoke access to data as appropriate.

Keep data protected and private

Here’s a closer look at how Data Privacy Passports keeps data private and secured while simplifying compliance and data management.

  • Protect data wherever it goes. Data does not stay in one place and typical solutions are often fragmented or siloed. Data Privacy Passports addresses this by introducing Trusted Data Objects (TDO), which provide data-centric protection that moves with the data–even with unauthorized copies.
  • Ensure privacy with controlled data usage. Data Privacy Passports is designed to establish and enforce an enterprise-wide data privacy policy where different views of data are surfaced to different users based on their need to know. TDO technology can also be used to prevent collusion between data owners to use data inappropriately. It does this by breaking the referential integrity between data tables with different owners or limiting that connection based on policy.
  • Track provenance and consumption of data. Track the data from point of origin to point of consumption, with a central point of auditing information for data access and aggregation for your compliance obligations. End-to-end tracking is achieved by encrypting the data as a Trusted Data Object, so it does not need to be tracked throughout its journey but only when opened with a passport controller. If a user whose access you have revoked tries to access the data through the passport controller, it fails and that fail is logged.
  • Simplify data management with Embedded Key Management. Data Privacy Passports provides all required key management for TDOs created and distributed throughout your enterprise and beyond. This greatly reduces the complexity of implementing the solutions and provides simple management of data as it moves between systems and across hybrid multiclouds.

Dive deeper into IBM Data Privacy Passports

To dive deeper into Data Privacy Passports, register for our webinar on Thursday, 31 October at 11 AM EDT. We’ll cover data privacy in greater depth and you’ll discover how Data Privacy Passports helps protect your data wherever it goes, in and out of your data center. You’ll also see how the unparalleled data protection of IBM z15 helps you meet consumer privacy demands and protect against data breach damage while reducing data protection cost and complexity.

[1] 2018 Data Risk in the Third-Party Ecosystem: Third Annual Study. Ponemon Institute, 2018. Written permission to use stat received 9 September 2019.

[2] “Consumer Attitudes Toward Data Privacy.” 2019 IBM and the Harris Poll survey, commissioned by IBM.