IBM Data Privacy Passports

Data privacy is critical to you, but it has never been more challenging to maintain. Applications are spread across on-premises and cloud platforms, including sensitive data that needs to be protected everywhere. How can you protect your data after it leaves the system of record?

– Your sensitive data might already be protected with encryption on a trusted system of record, such as the IBM® Z. However, as soon as that data leaves the confines of the trusted system of record, several questions immediately come to mind:
– Can data privacy and protection be maintained and enforced?
– Your system of record is trusted to maintain data privacy and protection. When shared, sensitive data that was encrypted is decrypted, copied, and may or may not be reencrypted before it is stored. After it is taken from that system, data protections must remain intact. Adequate controls to retain end-to-end data privacy and protection must be available.
– Can access to data be revoked?
– Your sensitive data must always be protected, compliance must be guaranteed, and consent must be respected. If conditions that are related to your sensitive data change, such as access or use, the ability to respond and comply must be possible.
– Is data privacy and protection provable?
– Information about data access, use, and policies must be readily available for auditing purposes. In addition, time that is spent by your security staff, auditors, and developers to administer and prove proper data privacy and protection is in place, should be minimized.
– To help you safeguard your sensitive data and provide ease of auditability and control, IBM introduced a new capability for IBM Z® called IBM Data Privacy Passports. It can help minimize the risk and impact of data loss and privacy breaches when collecting and storing sensitive data. Data Privacy Passports can manage how data is shared securely through a central control of user access.
– Data Privacy Passports can protect data wherever it goes. Security policies are kept and honored whenever the data is accessed. Future data access may be revoked remotely via Data Privacy Passports, long after data leaves the system of record, and sensitive data may even be made unusable simply by destroying its encryption key.
– Data Privacy Passports is designed to help reduce the time that is spent by staff to protect data and ensure privacy throughout its lifecycle via a central point of control.

– IBM Data Privacy Passports extends your data security in several ways. This includes protecting sensitive data, even when it is shared over diverse environments, preventing unauthorized access, and enhancing data privacy within a trusted environment.

• This course will demonstrate how Data Privacy Passports will provide privacy protection to your environment and assist with your security strength in depth strategy.

• In this course you will learn how leveraging the Data Centric Audit and Protection (DCAP) capabilities of IBM Data Privacy Passports can help safeguard all sensitive data to comply with data privacy regulations, minimize the amount of sensitive data needlessly shared within the organization and to 3rd parties, ease the burden of manual and cumbersome audits, revoke access to sensitive data, and ultimately have full control over the protection of your data wherever it goes.

Important
This course consists of several independent modules. The modules, including the lab exercises, stand on their own and do not depend on any other content.

Exercises and recorded demos reinforce the concepts and technologies being covered in the lectures.

Objetivos

After completing this course, you should be able to:

Describe the DPP architecture: Policy, protection and enforcement
You will be able to Design a DPP solution to protect data moving through the enterprise
You will be able to explain the difference between Protected data versus Enforced data
You will be able to describe the components Data Privacy Passports (DPP)
Policy
TDO
Trust Authority
Passport Controller
You will be able to plan the resources required to setup DPP
You will be able to configure and implement a DPP instance inside an HPVS LPAR
You will be able to manage a DPP instance:
Start and connect to your DPP instance
Access your DPP controller and issue commands
Manage keys
Revoke Data Access
Define and start a DPP policy
Use DPP Programming interfaces: JDBC SQL REST APIs
Work with TDOs: Source and Target DBMS

Ciberseguridad

Disponible en formato e-learning

Disponible en formato presencial

Disponible en formato a distancia

Subvención disponible
A través de Fundae, cumpliendo requisitos.

Duración
10 horas

  • Dificultad 50% 50%
  • Nivel alcanzado 80% 80%

Dirigido a

This class is intended for z/OS & Linux on z system programmers and IT specialists in charge of configuring, implementing and deploying DPP under z15.

Conocimientos requeridos

General z15 and/or LinuxONE III architecture knowledge
Basic knowledge of linux or linux on z
Basic knowledge of linux command line interface (CLI)

Temario

Unit 1. Introduction to DPP and Data Privacy

IBM Data Privacy Passports: The solution to Data Privacy
Data Privacy
Data Privacy Challenges
Data Security and Data Privacy
Data Centric Protection
IBM z15: Data protection and privacy
IBM Z: Pervasive Encryption
Data Privacy Passports: Introduction
IBM Z Data Privacy Passports Offering
IBM Hyper Protect Virtual Servers
Protecting data moving through the enterprise
Protected data versus Enforced data
What are the flows for enforcement on data
Data Access Revocation
DPP architecture: Policy, protection and enforcement
Components of DPP
Key components of IBM Data Privacy Passports
Policy
TDO
Trust Authority
Passport Controller
Key Management
Data Privacy Passports Use cases
Data Privacy Passports: Designing your solution
Useful Links and Resources
Data Privacy Passports Resources
Unit 2. Installing and deploying DPP

Planning for DPP
DPP Deployment via HPVS
Installation Prerequisites
Data Privacy Passports Product Roadmap
Configuring the HPVS LPAR
Main Architecture overview and requirements
Configuring the client
package manager machine
Package Manager Setup
IBM Hyper Protect Virtual Servers download image
Deploying the IBM Data Privacy Passports appliance in the HPVS Appliance.
logon to the SSC Container web-UI
configure network and disk storage
DPP Appliance Deployment
Create the DPP containers and quota groups
Policy upload
Testing that IBM Data Privacy Passports is successfully deployed
TLS and LDAP configuration
Configuring and using IBM Data Privacy Passports.
use DPP REST APIs
register and invoke an API
Key creation
Upload a policy
Sign a policy
Start a policy
Manage keys
Unit 3. IBM Data Privacy Passport: Policy and Interfaces

The DPP Policy
Design your sample policy
Users and groups
Policy Elements – Data Elements
Data Elements – Protection
Cryptographic Keys
Data Elements – Enforcement
Functional Roles & Groups
General Configuration Options
Defining Database Connections
Policy Management
Data Privacy Passports: Programming interfaces
JDBC
SQL
REST APIs
REST API – Usage Patterns
Unit 4. IBM Data Privacy Passport: Data protection & Data enforcement

Trusted Data Objects
Structure of Trusted Data Objects
Working with TDOs: Source and Target DBMS
Using Protected Tables
Static Enforcement
Dynamic Enforcement
Revocation of Protected Data
Recovery of Protected Data
DPP policy: an example

Solicita información del curso