MAINFRAME > Hot Topics

Confidently Secure Your Data with Hyper Protect DBaaS in IBM Cloud on IBM Z

Hyper Protect DBaaS

In the present cognitive computing world, data is everything. By the year 2020, enterprises will have accumulated 44 ZB (zettabytes) of data. Much of that data includes highly valuable information about an enterprise itself or the individuals associated with the enterprise—for example, the Personally Identifiable Information (PII) of employees or customers. To protect such data, an enterprise must have a secured infrastructure and databases.

According to estimates, approximately 80 percent of the threats to a typical enterprise’s data are posed by insiders such as system administrators or former employees. To counter these types of insider threats and to ensure secured data access, IBM Cloud has introduced Hyper Protect DBaaS, an off-premise, database-as-a-service offering hosted on IBM Z.

Why “Hyper Protect”?

As the name “Hyper Protect” implies, this solution offers a highly secure and highly available platform for hosting enterprise data. Hyper Protect DBaaS incorporates the unique value of Secure Service Containers (SSC) hosted on IBM Z. Tamper-proof and highly secure, SSC allows administrators to interact with the systems only via standard REST APIs (there is no SSH available).

Figure 1 shows how Hyper Protect DBaaS is hosted in an SSC logical partition (LPAR) in IBM Z.

How Is DBaaS End-User Friendly?

An end user can login into IBM Cloud to create an instance of the Hyper Protect DBaaS offering. This provides the user with access to three clusters of the selected database instance (thus ensuring high availability). These clusters can only be accessed with the user name and password specified by the user at the time of the service creation in IBM Cloud. IBM does not have access to the customer data or instances.

The management dashboard of IBM Hyper Protect DBaaS provides a rich set of features for managing database instances created by the user. The Manage Clusters Dashboard, shown in Figure 2, is the one stop place for the Database Administrator (DBA) to perform these tasks:

  • Create new databases and manage existing databases
  • Manage the database instances (start/stop/restart)
  • Create new users and manage existing users

Note: Currently Hyper Protect DBaaS supports only the MongoDB EE (Enterprise Edition) database

How Does DBaaS Counter Insider Threats?

Since Hyper Protect DBaaS is hosted on an SSC LPAR, only the right person (the DBA, but no other system administrators) has access to the data. A designated set of REST APIs is available to enable the DBA to manage the clusters and databases. The DBA can also access database-specific logs using the IBM Monitoring and Logging Service. These logs are encrypted both in transit and at rest.

What Makes DBaaS Easy for Developers?

IBM Cloud offers an excellent development environment, from programming run times to consumable services like Hyper Protect DBaaS. If you are a programmer who wants try sample apps in IBM Cloud, you can just log in and start using them with our service offerings.

Technical Specs

Hyper Protect DBaaS currently supports MongoDB EE Version 3.4, with a default resource allocation of 3GiB of memory, two cores and 10 GiB of storage with three replicas.

Questions on This Topic?

If you have questions on this topic, just send an email to gargya@de.ibm.com/ pradeep@de.ibm.com, and the Hyper Protect DBaaS development team will get back to you with answers.

Let’s secure your data together with IBM Cloud and IBM Z!

Pradeep Parameshwaran is a security architect for Hyper Protect DBaaS. He began his career with IBM Research and Development, Germany, as a component function tester for z/VM and later moved to a z/VM IO development role. He also gives guest lectures on virtualization-related topics at the State University of Stuttgart (DHBW). In his current role, he is responsible for designing and integrating core security features for Hyper Protect DBaaS.



Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.


comments powered by Disqus

Advertisement

Advertisement

2018 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters