Store and share data safely with IBM Data Privacy Passports for developers
New data privacy and security solution provides data-centric and policy-based protection
IBM Data Privacy Passports is a new data privacy and security solution that brings protection to the data itself. With its data-centric and policy-based protection, Data Privacy Passports builds on top of pervasive encryption by giving users a way to control how data is stored and shared. At any time, eligible data is protected and future access can be revoked using Data Privacy Passports — for data that originates on z15, as well as data from hybrid cloud environments.
Securing data can be complicated when data moves from platform to platform. As data travels it needs to be on secure networks with secure protocols, and when that data reaches its destination it needs to be secured again by that system. If data is moving across multiple networks to multiple destinations, each network and destination need to be configured for consistent security. When a policy change requires that privileges be altered, each system needs to be adjusted individually. If each system is responsible for securing the data but one system fails to do so, that one system can compromise the entire chain. Data Privacy Passports is designed to solve this complex challenge.
With Data Privacy Passports, the individual fields of eligible data are protected, and this is done with the introduction of the Trusted Data Object (TDO). A TDO is encrypted and must be read through Data Privacy Passports (the current version only supports SQL structured data sources accessed via JDBC) in order to be decrypted into a usable format. Therefore, when data is protected as a TDO and moves between environments, the protection moves with it. This prevents complete reliance on the security of individual systems. With policies that are configurable at the user and group level, Data Privacy Passports provides the control to show different users different views of the same data based on that user’s need to know. Because of this, developers can write code using real data and data administrators can manage data warehouses, without seeing the same data. This allows for the integration of Data Privacy Passports into existing applications.
Figure 1 gives a visual representation of where Data Privacy Passports fits into a data flow. From their own workstations, developers and data scientists can access Jupyter notebooks hosted on their private cloud to communicate with Data Privacy Passports in order to access backend data sources. This exemplifies how a data flow can be configured so that all data must pass through Data Privacy Passports, therefore securing it while still allowing developers the ease and convenience of utilizing their chosen tools to access data.
Figure 1. Data flow with Data Privacy Passports
One of the key factors contributing to the strength of Data Privacy Passports is its implementation of role-based field masking. This functionality allows administrators to create a policy file for Data Privacy Passports, and within this policy, administrators can define personas and specify what data those personas are allowed to access. These personas can be configured to directly map to LDAP groups. The level of granularity of this access control enables Data Privacy Passports administrators to control how users will see data at the field level — meaning two users may view the same column of a table in a database but see two different values.
An administrator can also choose whether data is protected with encryption or transformed with enforcement. Enforcement can occur dynamically, is irreversible, and means that data will be masked for certain users. For example, an administrator could enforce protection on a column of a certain table that holds customer ID numbers and is normally an integer value like “123456.” Enforcement can be configured in such a way that users only see a masked value of
******. On the other hand, protection is a bit more stringent in some ways. Protection causes data to be stored in TDO format — meaning that if there is an attempt to access data outside of Data Privacy Passports channels, users will receive the actual TDO string in place of real data. However, this action is reversible and when the data is accessed via the proper channels, the data will be masked appropriately based on the user. An example might be that the administrator creates TDOs on the ID column such that end users cannot see the field. This example could maintain referential integrity by using matching data encryption keys, which would allow users like data scientists to analyze the data via queries while still protecting sensitive fields.
A key takeaway here is that a user’s ability to access and view data is based on two things: the policy and the connection to Data Privacy Passports. Since the policy defines and controls how a user sees the data, this can be changed at any time to modify how a user sees sensitive data. Should a business rule on who can view data from this point forward change, all that would be required is a policy change or LDAP group assignment change in order to modify the future accesses to the data. Furthermore, the connection to Data Privacy Passports acts as the gateway for accessing data. This is powerful in two ways:
- Future access could be completely shut off by changing the JDBC and not alerting users.
- Current applications utilizing a JDBC connection need only change this connection to point to Data Privacy Passports in order to start working with protected data.
As businesses work to improve data security, roles such as application developer or data scientist are often impacted. Data Privacy Passports is designed to provide data-centric protection with minimal impact on existing applications and workflows. Use of existing toolsets, such as Jupyter notebooks, JDBC, Java, and Python, gives developers the ability to work the way that is best for them without compromising strict access to sensitive data. IBM Data Privacy Passports is a consolidated data-centric audit and protection technology that can easily fit into a variety of existing workflows, and provides centralized control for accessing, using, and sharing sensitive data.