Skip to main content

Confidently Secure Your Data With Hyper Protect DBaaS in IBM Cloud on IBM Z

To counter insider threats and to ensure secured data access, IBM Cloud has introduced Hyper Protect DBaaS, an off-premise, database-as-a-service offering hosted on IBM Z.

A grid of security locks

In the present cognitive computing world, data is everything. By the year 2020, enterprises will have accumulated 44 ZB (zettabytes) of data. Much of that data includes highly valuable information about an enterprise itself or the individuals associated with the enterprise—for example, the Personally Identifiable Information (PII) of employees or customers. To protect such data, an enterprise must have a secured infrastructure and databases.

According to estimates, approximately 80 percent of the threats to a typical enterprise’s data are posed by insiders such as system administrators or former employees. To counter these types of insider threats and to ensure secured data access, IBM Cloud has introduced Hyper Protect DBaaS, an off-premise, database-as-a-service offering hosted on IBM Z.

Why “Hyper Protect”?

As the name “Hyper Protect” implies, this solution offers a highly secure and highly available platform for hosting enterprise data. Hyper Protect DBaaS incorporates the unique value of Secure Service Containers (SSC) hosted on IBM Z. Tamper-proof and highly secure, SSC allows administrators to interact with the systems only via standard REST APIs (there is no SSH available).

Figure 1 shows how Hyper Protect DBaaS is hosted in an SSC logical partition (LPAR) in IBM Z.
Figure_1.jpg

Figure 1
How Is DBaaS End-User Friendly?

An end user can login into IBM Cloud to create an instance of the Hyper Protect DBaaS offering. This provides the user with access to three clusters of the selected database instance (thus ensuring high availability). These clusters can only be accessed with the user name and password specified by the user at the time of the service creation in IBM Cloud. IBM does not have access to the customer data or instances.

The management dashboard of IBM Hyper Protect DBaaS provides a rich set of features for managing database instances created by the user. The Manage Clusters Dashboard, shown in Figure 2, is the one stop place for the Database Administrator (DBA) to perform these tasks:

  • Create new databases and manage existing databases
  • Manage the database instances (start/stop/restart)
  • Create new users and manage existing users


Figure_2.jpgFigure 2

Note: Currently Hyper Protect DBaaS supports only the MongoDB EE (Enterprise Edition) database

How Does DBaaS Counter Insider Threats?

Since Hyper Protect DBaaS is hosted on an SSC LPAR, only the right person (the DBA, but no other system administrators) has access to the data. A designated set of REST APIs is available to enable the DBA to manage the clusters and databases. The DBA can also access database-specific logs using the IBM Monitoring and Logging Service. These logs are encrypted both in transit and at rest.

What Makes DBaaS Easy for Developers?

IBM Cloud offers an excellent development environment, from programming run times to consumable services like Hyper Protect DBaaS. If you are a programmer who wants try sample apps in IBM Cloud, you can just log in and start using them with our service offerings.

Technical Specs

Hyper Protect DBaaS currently supports MongoDB EE Version 3.4, with a default resource allocation of 3GiB of memory, two cores and 10 GiB of storage with three replicas.

Questions on This Topic?

If you have questions on this topic, just send an email to gargya@de.ibm.com / pradeep@de.ibm.com, and the Hyper Protect DBaaS development team will get back to you with answers.

Let’s secure your data together with IBM Cloud and IBM Z!

IBM Systems Webinar Icon

View upcoming and on-demand (IBM Z, IBM i, AIX, Power Systems) webinars.
Register now →