Extend privacy assurance in hybrid cloud with IBM Hyper Protect Data Controller

By | 2 minute read | June 25, 2021

As IBM CEO Arvind Krishna has stated, data breaches and ransomware attacks such as the recent attack on Colonial Pipeline are increasing in frequency and scope, making data protection and privacy more critical than ever. According to a recent study conducted by Ponemon and commissioned by IBM, customers’ personally identifiable information (PII) was the most frequently compromised type of record, impacted in 80% of the data breaches studied[1]. At the same time, many enterprises are adopting hybrid cloud architectures to help them increase agility and drive innovation. In today’s threat landscape, sharing data across a hybrid cloud environment introduces new challenges around maintaining compliance and governance—and new security vulnerabilities that bad actors can take advantage of.

Enterprises need to be able to share data to extract value from it, but how can they maintain privacy assurance in the era of hybrid cloud?

Maintain privacy by policy

Today we announce the latest addition to the IBM Hyper Protect Services family designed to help you gain a higher level of privacy assurance and maintain data integrity: IBM Hyper Protect Data Controller. This data-centric audit and protection capability allows you to define and control who has access to eligible data as it leaves the system of record and moves throughout your enterprise[2]. With the addition of IBM Hyper Protect Data Controller, the security capabilities and technical assurance associated with Hyper Protect Services help provide protection for your consistent data access policies. Additionally, robust audit logging can help you address your regulatory compliance directives.

The data-centric protection provided by Hyper Protect Data Controller opens a wide range of new possibilities for data sharing, so you can leave non-sensitive data in the clear while keeping sensitive data private. Consider the data used by the call center agent at your bank. The bank stores data in their system of record, and the agent needs access to certain information to assist you—such as the last four digits of your social security number to verify your identity. IBM Hyper Protect Data Controller protects your eligible sensitive data using encryption and masking before it leaves the system of record, and only reveals the data that the agent is authorized to see. This is made possible through a set of centralized policy controls that the data owner can dynamically update when the agent’s access needs change—including revocation of future access if the agent no longer has the call center responsibilities and moves into a different role within the organization.

Prevent unauthorized policy changes

Once a data owner sets policy controls that govern data access, how can they be sure a bad actor won’t modify them? IBM Hyper Protect Data Controller is deployed within IBM Hyper Protect Virtual Servers, which establishes a protective boundary designed to prevent access by unauthorized users—providing the data owner with a tamper-resistant confidential computing environment to set and maintain policy controls for data access.

Whether you are running your workloads with sensitive data in the cloud, on premises or in a hybrid solution, Hyper Protect Services can offer you protection for your sensitive data, keys and now data access policies. We look forward to continuing our journey to protect your data access and use, wherever it resides.

To learn more about how IBM Hyper Protect Data Controller can protect your eligible sensitive data as it travels throughout your enterprise and beyond, visit the product webpage and read about the latest enhancements here.

[1] Ponemon 2020 Cost of a Data Breach Report: https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/pdf, commissioned by IBM [2] IBM Hyper Protect Data Controller supports data sources that can be accessed through a JDBC connection or REST APIs.