Bookmark and Share

Recent Posts

Big Data's Impact on Enterprise Security

October 27, 2015

With the growing demand to integrate DB2 for z/OS data with Hadoop and other systems used to perform business analytics, I was wondering what information and solutions are available from IBM to govern, audit and protect sensitive data.

I checked the IBM z Systems Software Security page, which lists products that are designed to help with masking, audit and compliance as well as encryption. On the right side of the landing page I noticed a scrolling banner with the topic: Information Protection and System z by analyst Mike Ferguson.

Though this document is dated 2013, the content is nonetheless relevant and valuable.
The paper examines the profound impact of emerging big data workloads on traditional information security procedures. Of course DBAs and DB2 system programmers are directly affected by these changes, since DB2 pros typically work with the security team and auditors to track and enforce data access.

The paper lists two classifications of big data: big data transaction processing and big data analytics. Big data transaction processing refers to the extreme volumes of transactions that may update data in relational DBMSs, NoSQL or file systems. Big data analytics is about advanced analytics on traditional structured and multi-structured data.

Big data analytics workloads move beyond the traditional data warehouse with new data analysis requirements. To support these new workloads, new technology has emerged, including stream processing software, analytical RDBMs, Hadoop solutions on premise and cloud and NO-SQL DBMSs such as graph DBMS.

So how can security compliance be enforced and managed in environments where sensitive DB2 and IMS data is moving around the network to Hadoop and other analytics systems? This paper presents the IBM Big Data Platform, listing the IBM solutions that are designed to implement enterprise information protection in big data environments.

The products are: 
* IBM RACF, which manages role-based access to data and services.
* IBM DB2 10 for z/OS, which provides encryption for DB2 data.
* IBM InfoSphere Guardian Data Encryption for IMS and DB2 Databases, data encryption for DB2 and IMS data using System z hardware.
* IBM InfoSphere Business Glossary, which manages common data definitions for master data and transaction data,allowing business users to highlight information to be protected.
* IBM InfoSphere Discovery, which analyzes data and data relationships to identify the location of the data to be protected.
* IBM InfoSphere Optim Data Privacy solution for z/OS, which manages data privacy, information retention and archiving.
* IBM InfoSphere Guardium Data Redaction, which protects sensitive unstructured data contained in documents and forms from unintentional disclosure.
* IBM InfoSphere Guardium Data Activity Monitor and Vulnerability Assessment for System z, which provides real-time database activity monitoring.
* IBM Security zSecure Audit and Admin (integrated with Qradar), which detects and reports security events and exposures on z/OS, DB2, CICS, IMS, UNIX and Linux on System z on systems with RACF, CA ACF2 or CA Top Secret.
* IBM Qradar, a suite of products that collects, stores, analyzes and queries logs and risk-related data.
* IBM Secure Key Lifecycle Manager, which automates the encryption key management process.

The paper goes into much more detail, presenting different user cases involving these solutions.

Is your company implementing big data projects and setting policies for information protection? Please share your experiences in comments.

Posted October 27, 2015| Permalink

comments powered by Disqus