Table of contents

Auditing your sensitive data with IBM Guardium

IBM® Guardium® safeguards your sensitive information by auditing what is happening in your sensitive-data environments, such as your databases, data warehouses, file systems, or Big Data environments.

Before you begin

To use IBM Guardium, you must install the Watson™ Knowledge Catalog service.

About this task

Personally identifiable information or PII (also called personal data or sensitive personal information) is any information that can be used to identify a living person, such as a full name, an address, an identification number, and so-on. There are numerous regulations that determine how you must handle PII, including the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the Family Educational Right and Privacy Act (FERPA).

One way that you can protect PII is by ensuring that you have security measures in place to prevent unauthorized access to your data. But in the event of a data security breach, it's also important to ensure that you have an audit trail so that you know who accessed the data, when they accessed it, where they accessed it, and what data they accessed.

You can use the data governance features in IBM Cloud Pak for Data to identify sensitive data, including data that resides on Hadoop systems.

When you integrate IBM Guardium and Cloud Pak for Data, users with Manage catalog permissions can specify which assets are audited by IBM Guardium.

The following graphic illustrates the high-level process that you must follow to integrate the two applications. It also shows the different users who are typically involved in the process.

Begin alt text. Chief Risk Officer's mission statement: We need to have a full audit trail for sensitive personal information. We need to know who, what, when, and where. Reach out to Nadine, our lead IBM Guardium admin, with questions. Cloud Pak for Data admin, speaking to Nadine: My application is connected to numerous data sources that contain sensitive personal information (SPI). Nadine, the IBM Guardium admin, responding: I can give you information about the IBM Guardium appliances that we use to audit the data sources connected to your application. Let me generate the client secret that Cloud Pak for Data can use to connect to IBM Guardium. Cloud Pak for Data, responding: Thanks for your help. I've configured a connection to each appliance and added the groups we discussed. Cloud Pak for Data admin, speaking to a data steward: We're going to use IBM Guardium to audit assets that contain SPI. Please use the auditing feature in Cloud Pak for Data. Data steward, responding: OK. I'll make sure to add the assets to IBM Guardium during discovery so that we can audit them.End alt text.

To integrate the applications, complete the following tasks: