Riding the Big Data Wave Securely
The rising tide of big data requires a holistic approach to data governance
Organizations awash in the tidal wave that is big data find themselves challenged in managing enormous repositories of a variety of data types that have become a rich source of self-generating business insight. Moreover, many organizations are nearly at the point of potentially drowning in these oceans of data, especially if the data is not properly stored, processed, and governed. Given the sensitive nature of much of this data, organizations need to protect these ever-growing volumes and their wide range of different data types against insider attacks, hackers, and other nefarious outside influences. Collecting and protecting this data comes at a cost. Incidents occur continually that put data and organizations at risk, not only from security vulnerabilities but the potentially high cost that may be required to remedy these situations.
Security that falls short
Mainframe computing has long been known for its resilience and security. But the reality of today’s highly connected world means organizations are deriving increased value from data that is coming in from an ever-increasing variety of sources including web, cloud, and mobile applications—some of which can be from untrusted sources.
In an active database environment, monitoring everything is nearly impossible, and hardly cost-effective. For some organizations, SQL activity represents billions of statements per day. And with audit reports potentially generating thousands of pages of output, few organizations have the workforce to gain any real security insight from the SQL statements that are collected. So while the IBM® System z® platform is clearly a solid foundation, using only the security that comes with it just isn’t enough in this era of big data.
Robust security implementation
One approach that can provide simple, yet robust, security for the System z platform is IBM InfoSphere® Guardium® data protection. It offers a software-based and a hardware-based component that work in tandem to provide real-time database security and monitoring. In addition, it facilitates fine-grained database auditing, automated compliance reporting, data-level access control, database vulnerability management, and auto-discovery of sensitive data.
The scalable, enterprise-wide InfoSphere Guardium solution is designed to provide security to high-value data sources such as databases, data warehouses, file shares, enterprise applications, and open source software framework environments such as Apache Hadoop. Though Guardium has many features to protect data, its three key elements are data encryption for IBM DB2® data management and IBM Information Management System (IMS™) Database software as a first layer of information protection.
InfoSphere Guardium Data Encryption for DB2 and IMS Databases exploit the latest System z encryption capabilities available in the Crypto Express4S (CEX4C) cryptographic coprocessors and Level 5 encryption. They help assure transparent, rapid implementation, centralized key and policy management, and compliance-ready capabilities to help safeguard structured and unstructured data with minimal performance impact. IBM Security Key Lifecycle Manager offers an additional layer of transparent, high-performance encryption key lifecycle management for self-encrypting removable storage media such as tape and disk, which are subject to stringent compliance regulations.
InfoSphere Guardium Vulnerability Assessment enables organizations to assess database infrastructure vulnerabilities and take the necessary remedial actions. It identifies where data is and uncovers any exposures the data may have such as missing patches, weak passwords, unauthorized changes, misconfigured privileges, sensitivity, and more. In addition, it can provide suggestions to help address these kinds of vulnerabilities.
InfoSphere Guardium Data Activity Monitor is designed to deliver continuous, real-time monitoring and auditing regardless of database vendor and platform, and it now includes support for Hadoop environments. Monitoring prevents a privileged user from interfering with the collection of audit data or contaminating its source. It maintains separation of duties to help ensure the integrity of audit data. By collecting data in real time using a special software probe, Data Activity Monitor prevents the latency associated with log- or trace-based event collection. This feature enables auditing a real-time actionable process with immediate, alert exception processing that can initiate blocking of unusual behavior.
Complementing the InfoSphere Guardium solution, the IBM Security zSecure™ Audit mainframe tool offers advanced integration of analysis that passes results to InfoSphere Guardium Vulnerability Assessment for comprehensive capabilities. This information also can be shared with the IBM Security QRadar® security information and event management (SIEM) offering that consolidates mainframe data events with distributed system security events for enterprise-wide security analysis, management, and reporting.
Organizations that deploy the InfoSphere Guardium platform can gain a holistic, integrated approach to security through a 360-degree lockdown of important data. It provides a comprehensive solution for protecting sensitive data during its lifecycle, while enabling secure access and constantly validating regulatory compliance.
The high tide of big data is compelling many organizations to take a closer look at their mainframe security to determine how they can ensure their vital information is protected. The resourcefulness and intelligence behind finding new ways to hack into servers mean that organizations need to be highly vigilant in their approaches to data protection. Successful implementation of a comprehensive security solution can offer organizations peace of mind that their big data sources and repositories are protected.
Mainframe Software for IBM System z security and privacy solutions