Announcements
Cloud
March 6, 2023 By jason-mcalpin 3 min read

Introducing IBM Cloud Data Security Broker.

The global average cost of a data breach in 2022 was USD 9.44 million, not to mention the reputational impact that these breaches could cause. To protect consumers’ privacy, regulatory requirements around the world are significantly evolving around data security (e.g., Schrems II in Europe, State-level Privacy Acts in the US). Given such a risk and compliance landscape, sensitive data protection has become a business imperative for organizations looking to modernize their applications to cloud.

Enterprises use encryption to protect data at rest—at the operating system, file system and even database. But they are still struggling to answer questions like: How can they encrypt personally identifiable information (PII) like a social security number? Or mask personal health information (PHI)? Or de-identify such data when using analytics and AI? And how can they do that at scale so that not every application accessing this encrypted data requires change, and not every application developer becomes a security expert?

What is IBM Cloud Data Security Broker?

Clearly, a modern cloud solution is required that addresses these needs – where businesses can encrypt, mask, de-identify or tokenize sensitive data (without changing application code). This is why we are introducing IBM Cloud Data Security Broker.

IBM Cloud Data Security Broker is a cloud security solution that can be used to achieve field-level encryption, masking and tokenization. It is based on innovative architecture where a ‘broker’ sits in between an application and data store to achieve data security seamlessly. It provides a data-centric protection layer allowing customers to tokenize, encrypt and mask data at the column or row level. This is achieved without any application code modifications while supporting customer-managed encryption keys—either a Bring Your Own Key (BYOK) or Keep Your Own Key (KYOK) model.

Security teams can centrally define the granular application encryption policies and manage keys. Developers can seamlessly integrate applications with data stores, even if those sensitive fields are encrypted. It allows IT teams to deploy these application architectures on hybrid multicloud; on IBM Cloud or in any other cloud provider through an IBM Cloud Satellite deployment pattern. It also enables data and analytics teams to access data without compromising privacy:

Data Security Broker consists of two major components:

  • Data Security Broker Manager: Centralized administrative console for configuration and management of data protection policies.
  • Data Security Broker Shield: A reverse proxy technology that is in the customer’s control and performs encryption, decryption, tokenization, masking and access control functions for each data source.

The primary benefits include the following:

  • On-the-fly encryption, de-identification, masking or tokenization of data in the cloud
  • “No-code” deployment that does not require application changes
  • Fast, scalable and unintrusive to data throughput
  • Role-based data access control to dynamically enforce who can see what data
  • A consolidated suite of data protection capabilities like encryption, tokenization, dynamic data masking, Format Preserving Encryption (FPE), field and record level encryption, file and object encryption and secure data sharing
  • Customers can manage and control their encryption keys with Bring Your Own Key (BYOK) and Keep Your Own Key (KYOK) models
  • Automated cloud deployment patterns

Get started

IBM Cloud Data Security Broker is now available as Beta in IBM Cloud with support for PostgreSQL databases. It integrates with IBM Cloud Hyper Protect Crypto Services and Key Protect for customer-managed keys. This innovative and elegant solution is made possible in close collaboration with Baffle’s proven technology.

jason-mcalpin

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters