Considerations for GDPR readiness
This document is intended to help you in your preparations for GDPR readiness. The document provides information about Netezza Performance Server features that you can configure, and aspects of its use that can help your organization with GDPR readiness. This information is not an exhaustive list.
Notice
You are responsible for ensuring your own compliance with various laws and regulations, including the European Union General Data Protection Regulation. You are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that might affect your business and any actions you might need to take to comply with such laws and regulations.
The products, services, and other capabilities that are described are not suitable for all client situations. Their availability might be restricted. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that you are in compliance with any law or regulation.
GDPR
General Data Protection Regulation (GDPR) was adopted by the European Union (“EU”) and applies from 25 May 2018.
Why is GDPR important?
- New and enhanced privileges for individuals
- A widened definition of personal data
- New obligations for processors
- Potential for significant financial penalties for non-compliance
- Compulsory data breach notification
Read more about GDPR
Product Configuration - considerations for GDPR Readiness
Netezza Performance Server provides the features and capabilities that are needed to help you meet your GDPR responsibilities. This document is intended to provide guidance for the capabilities that are relevant to your needs under this legislation.
Configuration to support data handling requirements
The GDPR legislation requires that personal data is strictly controlled and that the integrity of the data is maintained. This requires the data to be secured against loss through system failure and also through unauthorized access or through theft of computer equipment or storage media.
- Handle main key for encryption to protect data at rest.
- Use a secure access method such as ssh to gain entry.
- Control user access through Kerberos and or LDAP.
- Set appropriate access control methods for database and or tables (especially where personal data is stored).
Data lifecycle
What is the end-to-end process through which personal data goes through in Netezza Performance Server?
What types of data?
Netezza Performance Server is a general-purpose data warehouse system. You choose what data needs to be stored and managed. As a general-purpose data warehouse system, it can be used to store various data in a structured manner that can be later used for analytics and reporting purposes. Netezza Performance Server does not restrict users in storing and managing personal data in the original database and tables.
Netezza Performance Server does collect operational data such as connected users, IP addresses, as part of system logging.
Where in the process?
Business data can be loaded into the database and tables through various means and at various stages as dictated by your business needs. For more information, see Netezza Performance Server data loading.
For what purpose?
Business data that is stored in the database and tables are used by NPS for business analytics and reporting purposes. The operational data that is being captured in the system logs and diagnostic files is used mainly for system troubleshooting purposes.
Personal data used for online contact with IBM
Netezza Performance Server clients can submit online comments/feedback/requests to contact IBM about Netezza Performance Server subjects in various ways, primarily:
- Public comments in the IBM Netezza Performance Server community on IBM developerWorks.
- Public comments on IBM Netezza Performance Server topics in IBM Knowledge Center.
- Public comments in dWAnswers.
- Feedback forms in the IBM NPS community.
Typically, only the client name and email address are used to enable personal replies for the subject of the contact, and the use of personal data conforms to the IBM Online Privacy Statement.
Data storage
Controlling the storage of personal data.
Self-Encrypting Drives (SEDs)
Netezza Performance Server uses self-encrypting drives (SEDs) for improved security and protection of the data that is stored on the system. Self-encrypting drives (SEDs) encrypt data as it is written to the disk. Each disk has a disk encryption key (DEK) that is set at the factory and stored on the disk. The disk uses the DEK to encrypt data as it writes, and then to decrypt the data as it is read from disk. The operation of the disk, and its encryption and decryption, is apparent to the users who are reading and writing data. The default encryption and decryption mode are referred to as the secure erase mode. In the secure erase mode, you do not need an authentication key or password to decrypt and read data. SEDs offer improved capabilities for an easy and speedy secure erase for situations when disks must be repurposed or returned for support or warranty reasons.
For the optimal security of the data stored on the disks, SEDs have a mode that is referred to as the auto-lock mode. In auto-lock mode, the disk uses an authentication encryption key (AEK) to protect its DEK. When a disk is powered off, the disks are automatically locked. When the disk is powered on, the SED requires a valid AEK to read the DEK and unlock the disk to proceed with read and write operations. If the SED does not receive a valid authentication key, the data on the disk cannot be read. The auto-lock mode helps to protect the data when disks are accidentally or intentionally removed from the system.
Storage in backup
When you create Netezza Performance Server database users, the account passwords are stored in the database in encrypted form. The Netezza Performance Server system has a default encryption process. For more security, you can create and specify a host key for encrypting passwords.
When you back up the user and group information, the backup set saves information about the password encryption. If you use a custom host key, the host key is included in the backup set to process the account passwords during a restore. The backup process stores an encrypted host key by using the default encryption process, or you can use the nzbackup -secret option to encrypt the host key by using a user-supplied string. To restore that backup set, an administrator must specify the same string in the nzrestore -secret option. To protect the string, it is not captured in the backup and restore log files.
If you are using Tivoli Storage Manager (TSM) encrypted backup support, you can configure the Netezza Performance Server backups to use encrypted backups. To configure encrypted backups, you must specify some settings to the TSM configuration files in the backup archive and API clients. For each TSM server in your environment, you can specify that the Tivoli backup connector use encrypted backups to store the files sent by the Netezza Performance Server backup utilities. Refer to https://www.ibm.com/support/knowledgecenter/SS5FPD_1.0.0/com.ibm.ips.doc/postgresql/admin/c_sysadm_tsm_encrypted_backups.html section in the Netezza Performance Server system admin guide for detailed setup about configuring system for encrypted backup by using TSM.
Data access
Controlling access to personal data.
Roles and access rights
You can control access to Netezza Performance Server itself by placing the system in a secured location such as a data center. You can control access through the network to your Netezza Performance Server by managing the Linux user accounts that can log in to the operating system. You control access to the Netezza Performance Server database, objects, and tasks on the system by managing the Netezza Performance Server database user accounts that can establish SQL connections to the system. Linux accounts allow users to log in to the Netezza Performance Server server at the operating system level, but they cannot access the Netezza Performance Server database by using SQL.
Separation of duties
You are recommended to develop an access model for your Netezza Performance Server system. An access model is a profile of the users who require access to the Netezza Performance Server and the permissions or tasks that they need.
Administrators
As the admin user, you can create other database users and groups to grant and manage access to the objects (such as databases, tables, and views) and administration tasks (such as creating or dropping tables, deleting rows, and creating users).
For more information, see: Performance Server database users, groups, and roles.
Privileged administrators
The default admin user account is a powerful database super-user account. Use the admin account rarely. IBM suggests that you create an administration group that reflects an appropriate set of permissions and capabilities (See: Creating an administrative user group.
The Netezza Performance Server security model is a combination of administrator privileges granted to users and or groups, object privileges that are associated with specific objects. (for example, table xyz) and classes of objects (for example: all tables). You need administrative privileges to take data outside of Netezza Performance Server.
For more about Netezza Performance Server administration, see Administration overview.
Activity logs
All major software components that run on the host machine have an associated log. In addition, query history captures user activity information on the system, such as the queries that are run, query plans, table access, column access, session creation, and failed authentication requests.
For more information, see:
Data processing
Controlling the processing of personal data.
Encryption
Netezza Performance Server supports:
- SSL for encrypting communication with Netezza Performance Server client users as well as peer
authentication between the client and Netezza Performance Server host. The encryption protects the
communication for the Netezza Performance Server client
users who access their data by using ODBC, JDBC, nzsql, or the command-line
interfaces. The peer authentication uses a digital certificate from the Netezza Performance Server system to confirm the identity of the
clients and Netezza Performance Server host.
For more information, see Client encryption and security.
- External and Kerberos authentication. Passwords are also encrypted in default authentication.
- SP 800-131a cryptography standard for key management.
Self-encrypting drives (SED) for storing data. SEDs encrypt data as it is written to the disk.
Backup set saves information about the password encryption. The backup process stores an encrypted host key (if provided) by using the default encryption process, or you can use the nzbackup -secret option to encrypt the host key by using a user-supplied string.
IBM Fluid Query
IBM Fluid Query helps to address Big Data requirements around access to a wide range of structured databases existing across an enterprise. Federation technology enables the ability to query remote database objects across IBM on-premises and Cloud architectures, and third-party commercial, open source, and, Hadoop distributions. The product also delivers a local bulk data copy capability that enables Netezza Performance Server to move or copy data in bulk with Hadoop distributions.
The following password authentication security options are also available:
- LDAP authentication (optional).
- SSL authentication (optional).
- Kerberos authentication (optional).
- Local authentication (default).
The password is encrypted by default by using the static encryption key. With extra parameters used when you are running fqConfigure.sh, you can use the automatically generated 128-bit AES key or generate your own key.
Data deletion
Controlling the deleting of personal data
After you delete data, disks are self-encrypted. The data might still be present on the system, but is not accessible to the outside world.
Data monitoring
Monitoring the processing of personal data
Query history captures details about user activity on Netezza Performance Server, such as the queries that are run, query plans, table access, column access, session creation, and failed authentication requests.
History information is saved in a history database. Users with the correct privileges can review the query history information for details about the users and activity on the PDA system. These features enhance the query history with auditing and the following benefits:- Guaranteed audit capture of all operations.
- Digital signing of audit data.
- Audit data stored in row-secure tables.
- Secure data offload to a different Netezza Performance Server system, lowering the impact on a production system and improving the security of the audit.