IBM Tivoli Netcool/OMNIbus Considerations for GDPR Readiness

For PID(s): 5724-S44

Note: This document is intended to help you in your preparations for GDPR readiness. It provides information about features of IBM Tivoli Netcool/OMNIbus that you can configure, and aspects of the product’s use, that you should consider to help your organization with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.

The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

1. GDPR

2. Product Configuration - Considerations for GDPR readiness

6. Data Access

10. Responding to Data Subject Rights

GDPR

General Data Protection Regulation (GDPR) has been adopted by the European Union (“EU”) and applies from May 25, 2018.

Why is GDPR important?

GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:

New and enhanced rights for individuals
Widened definition of personal data
New obligations for processors
Potential for significant financial penalties for non-compliance
Compulsory data breach notification

Product Configuration - Considerations for GDPR readiness

Offering Configuration

The following sections provide considerations for configuring IBM Tivoli Netcool/OMNIbus to help your organization with GDPR readiness.

IBM Tivoli Netcool/OMNIbus is a service level management (SLM) system that delivers real-time, centralized monitoring of complex networks and IT domains. The information collected and processed by Tivoli Netcool/OMNIbus is primarily event data relating to the current state of the environment being managed by the Tivoli Netcool/OMNIbus deployment.

Event data is collected by Tivoli Netcool/OMNIbus and can be handled according to the needs of your organization. For example, the event data can be passed to helpdesk systems, logged in databases, replicated on remote systems, and used to trigger automatic responses to certain events.

As part of your event management workflow, the received events will more than likely be worked on by one or more users of the solution. As part of this activity, events will typically be assigned to an individual user or group to indicate ownership of the event. Further, events may have actions/tools executed on them by users or automated processing provided by Tivoli Netcool/OMNIbus or related solutions in the Netcool family. These actions are often recorded as a journal entry associated with the event record.

Once the underlying cause of an event has been resolved, events are typically cleared and/or archived to a RDBMS for a variety of purposes such as historical reporting, root-cause reviews and audit requirements.

Data Life Cycle

What is the end-to-end process, through which personal data goes through, when using our offering?

Netcool/OMNIbus processes the following types of personal data.

Authentication credentials (such as username and passwords)
Basic personal information (such as contact names to record event assignment to an owner)
Technically identifiable personal information (such as device IDs, usage-based identifiers, IP address, etc. that can be linked to an individual)

This offering is not designed to process any special categories of personal data. Where the event schema (alerts.status) has been extended to add custom fields, these fields should also be reviewed for potential inclusion of personal data.

The processing activities, with regard to personal data within this offering, include the following activities.

Receipt of data from data subjects and/or third parties
Computer processing of data, including data transmission, data retrieval, data access, and network access to allow data transfer if required
Storage and associated deletion of data

This offering may integrate with the following IBM offerings, which may process personal data content.

IBM Tivoli Netcool/Impact
IBM Tivoli Network Manager
IBM Tivoli Netcool Configuration Manager
IBM Websphere Application Server
IBM Db2

This offering may integrate with the following third-party products, which may process personal data content.

Service desk / trouble ticketing solutions
RDBMS such as Oracle & Microsoft SQL Server

Personal data used for online contact with IBM.

IBM Tivoli Netcool/OMNIbus clients can submit online comments/feedback/requests to contact IBM about IBM Tivoli Netcool/OMNIbus subjects in a variety of methods. The following methods are some primary examples.

Public comments area on pages in the IBM Tivoli Netcool/OMNIbus community on IBM developerWorks
Public comments area on pages of IBM Tivoli Netcool/OMNIbus documentation in IBM Documentation
Public comments in the IBM Tivoli Netcool/OMNIbus space of dWAnswers
Feedback forms in the IBM Tivoli Netcool/OMNIbus community

Typically, only the client name and email address are used, to enable personal replies for the subject of the contact, and the use of personal data conforms to the IBM Online Privacy Statement. More information: https://www.ibm.com/privacy/us/en/

Data Collection

Types of Data Collected.

This offering collects the following types of personal data.

Authentication credentials (such as username and password)
Contact name (only when using the ObjectServer or the file-based repository for authentication). NOTE: For user management, the best practice is to use an external repository, such as LDAP.

Data Storage

Storage of account data.
User names and passwords can be managed in a number of ways with Tivoli Netcool/OMNIbus. Users can be authenticated against an ObjectServer, an external repository, such as an LDAP directory or a file-based repository (maintained by Websphere Application Server). For ease of user administration, it is recommended that users are centrally managed using the organizations central directory service. For more information about how to configure Netcool/OMNIbus to use an external directory service as an authentication source, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/webtop/wip/task/web_con_userregistry.html
Storage of client data.
The primary data processed by Tivoli Netcool/OMNIbus relates to event data which, depending on the deployment environment, could be data that belongs to you or originates from your end client’s environment. Tivoli Netcool/OMNIbus provides role and group based access controls as well as restriction filters for controlling access to the live event data. For more information about this function, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/admin/task/omn_adm_managingauthorizatn.html
Storage in backups.
The ObjectServer supports data persistence by using checkpoints and logs to copy the data in memory to disk. This function enables you to recover the data after a planned or unexpected shutdown occurs. These files are written to the local filesystem and maintained automatically by Tivoli Netcool/OMNIbus.

In addition, the ObjectServer is provided with a set of default triggers to automatically backup the ObjectServer to a defined location on a user defined period and to maintain a user specified number of backups before overwriting. To configure these triggers, use the automatic_backup_system trigger group. For more information about this function, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/admin/reference/omn_adm_sql_changingdefaultcurrentsett.html#omn_adm_sql_changingdefaultcurrentsett__backup

As the backups are writing to a filesystem (either local or network mounted) access control to the backed up data is controlled by the permissions configured on the filesystem.
Storage in archives.
Events that have been cleared may be configured to be sent to a historical event archive. For this data, access controls will depend on the RDBMS to which the data is archived and to any reporting solution connected to the database for later processing of the historical event data.

Data Access

Roles and access rights.
Tivoli Netcool/OMNIbus provides a number of roles for controlling access to the application and its data. The roles enable differentiation between normal users and those with extra privileges.
- For more information about the ObjectServer stored data, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/install/concept/omn_con_sec_defaultroles.html
- For more information about Web GUI user access, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/webtop/wip/concept/web_adm_webtoproles.html
Separation of duties.
While Tivoli Netcool/OMNIbus provides the ability to implement separation of duties through its authorization model, it does not enforce this policy. The customer is responsible for ensuring that policy is properly implemented and maintained. Administrators have the ability to reconfigure the product and grant/revoke permissions for other users, so administrative privileges should be granted as sparingly as possible.
Activity logs.
Logging is maintained for diagnostic and support purposes. Details of the default logs and how to configure them can be found in the following locations.
- ObjectServer: Logs for the core OMNIbus processes are typically stored in the directory $NCHOME/omnibus/log/. Additionally, there is an audit logging capability in the ObjectServer for recording actions performed by specified groups of users (for example, administrators). These logs should be reviewed regularly as part of your overall security process. For more information about the audit log capability, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/install/reference/omn_con_sec_definingaudittrail.html
- Web GUI: For information about the logs produced by the Web GUI component, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/tip/ctip_trouble.html. Additionally, it is possible to configure the underlying Websphere Application Server to audit the usage of objects in Web GUI, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/webtop/wip/task/web_adm_auditobjectusage.html

Data Processing

Encryption in motion.
Tivoli Netcool/OMNIbus can be configured to use SSL communications for data transferred between components. For more information about this function, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/install/concept/omn_con_ssl_usingssl.html

For user access at the Web GUI component by default the HTTPS protocol is used for browser requests. For more information about this function, see https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/webtop/wip/task/web_con_encryption.html
Encryption at rest.
System passwords used for interprocess authentication can be encrypted. For further details, review the following documentation.

Encrypting Web GUI Password

https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/webtop/wip/task/web_con_encryptingpasswordsusingaes.html

Running the ObjectServer in Secure Mode

https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/admin/reference/omn_adm_runningobjservsecuremode.html

Encrypting Passwords in UNIX nco_sql scripts

https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/admin/task/omn_adm_sql_encryptingpasswrdsunix.html

The ObjectServer database checkpoint and rollback logs are not encrypted. If required, filesystem level encryption should be considered.

The (optional) ObjectServer database backups via automatic_backup_system trigger group is not encrypted. If required, filesystem level encryption should be considered for the location to which the backup is written.

Data Deletion

Client Data deletion.
Removal of users from either the ObjectServer, file-based repository or external directory service will prevent the user from logging into Tivoli Netcool/OMNIbus. It will not remove the users’ data (for example, name) from active or historical events because there is an ongoing need from an operational or audit perspective to maintain this data. However, as part of your deployment you should review the period for which data is archived, backups are stored and logs are maintained to determine if they are reasonable based on your operational needs.
Account Data deletion.
Where Tivoli Netcool/OMNIbus is being used in a managed service environment and a single deployment is being used to manage events from multiple end customers (tenants), consideration should be given to the processes for onboarding and off-boarding. Also, consider what mechanisms need to be in place to remove a tenant’s data. For example, use of distinct event archive databases per tenant.

Data Monitoring

Personal data in Tivoli Netcool/OMNIbus is limited to basic personal information (for example, user-names for authentication) and technical personal information (for example, IP addresses/host-names from systems that are used by the user to access the solution and potentially captured in debug/trace logs). Where events are assigned between users this will typically be recorded in the journal record for the event. Tivoli Netcool/OMNIbus can be configured to audit access to specific objects or actions performed by specific groups of users in audit logs, as previously mentioned.

Log files are not encrypted. If log files need to be archived for operational/audit requirements, then consideration should be given to encrypting any archived logs.

Responding to Data Subject Rights

The personal data that is stored and processed by Tivoli Netcool/OMNIbus is divided into the following categories.

Basic personal data (for example, user-names & passwords used for authentication and Name/ID to show ownership of an event).
Technically identifiable personal information (such as IP addresses and host-names to which user activity could potentially be linked). This data is intrinsic to the operation of an effective event management workflow. Removal of data, modification of historical data and sharing of this data is likely to be counter to your enterprises policies.

However, consideration may need to be given to the following scenarios.

Data is only retained for a reasonable period based on operational, compliance and industry audit requirements.
Data is secured appropriately when in archive format.
When Tivoli Netcool/OMNIbus is used in a managed services context with multiple tenants in a single instance, having mechanisms in place to clearly identify the data belonging to a specific tenant.
When Tivoli Netcool/OMNIbus is used for managing your enterprises own IT/network environment and the users of the solution are employees/contractually engaged staff, that the contract terms are considered.
When the event schemas have been customized to augment the defaults with additional data sourced from other data sources available in your environment. Consider do these customizations add personal data and what implications are there from a GDPR compliance perspective.