IBM services and technology solutions for supporting GDPR program 1
IBM technology solutions as key enablers - Privacy GDPR Program Work-stream IBM software 2.1 Privacy Risk Assessment and Risk Treatment plan 2.2 Roles & Responsibilities 2. Privacy Enforcement 2.3 Personal Data Catalogue 2.3.1 Discovery on Non-Structured Data IBM StoredIQ 2.3.2 Discovery on Structured Data 2.3.3 Definition of Data Catalogue InfoSphere Information Server 2.3.4 Adding functional details 2.3.5 Adding technology details 2.4 Applications adequacy 2.4.1 Mapping of applications managing personal data 2.4.2 Assessment of compliance &gap analysis InfoSphere Information Server 2.4.3 Implementation of actions for compliance 2.5 Privacy documentation adequacy 2.6 Privacy processes review/design 2.7 Automation of privacy processes 2.7.1 Selection of processes 2.7.2 Selection of ICT solutions InfoSphere Information Server 2.7.3 Implementation of ICT solutions InfoSphere Master Data Management Case Manager Filenet Platform InfoSphere Optim 2.7.4.Reporting of facts and evidences 2.8 Data Management System Data quality 2.8.1 Define Life Cycle management requirements InfoSphere Information Server InfoSphere Master Data Management Case Manager InfoSphere Optim 2.8.2 Embed Data Privacy rules into processes &systems 2.8.3 Embed Data Privacy rules in Data Mgmt practice 2
IBM technology solutions as key enablers - Security GDPR Program Work-stream 3.1 Policy, Risk Analysis and Risk Treatment Plan IBM software 3. Security Enforcement 3.2 Preventive security measures 3.2.1 Asset Management & classification of personal data Guardium 3.2.2 Training 3.2.3 Data Security Guardium 3.2.4 Identity Governance & Management Identity Governance and Intelligence (Crossideas) 3.2.5 Access Management Information Security Access Management 3.2.6 Encryption & Pseudonymization Guardium 3.2.7 Server, End Point and Mobile Security Bigfix Carbon Black MaaS360 3.2.8 Data Loss Prevention 3.2.9 Vulnerability of DBs, Systems, Networks QRadar Vulnerability Manager Guardium 3.2.10 Vulnerability of applications Appscan 3.2.11 Secure coding & SW development 3.2.12 Network Security XGS 3.2.13 Back Up & Restore TSM 3.2.14 Monitoring processes 3.2.15 Audit processes Guardium 3.2.16 Suppliers & Third Party management 3.3 Detection & Response security measures 3.3.1 SIEM for Privacy Violation QRadar SIEM 3.3.2 Privacy Incident Management Process Resilient QRadar Incident Forensics 3.3.3 Notification of data breach to Authority Resilient 3.3.4 Communication of data breach to Individual 3.4 Continuity and Recovery security measures 3.4.1 Business Continuity Plan for personal data mgmt 3.4.2 Disaster Recovery Plan for personal data mgmt IBM Business Continuity and Resiliency Services 3
Focus on IBM Security software 4
PREVENTION DETECTION RESPONSE Help to continuously stop attacks and remediate vulnerabilities Identify the most important threats with advanced analytics and forensics Respond to incidents in integrated and organized fashion 5
Among the broad IBM Security portfolio, three SW are pivotal for compliance to the requirements PREVENTION DETECTION RESPONSE Purposes for GDPR Focus on Software Monitor and audit access to personal data, detection and alerting of noncompliant access Fine-grained control of data modification Other IBM prevention security software Early identification of attack and potential data breaches Monitor & audit of the overall infrastructure Fast incident response following a suspected or actual breach Orchestration of incident response processes including collection of forensic information, analysis, reporting and remediation 6
Security & Traceability Guardium for GDPR Fine grained data access control 1. Identify and Mitigate Security Vulnerabilities 2. Discover & Classify Personal Data 3. Encrypt/Obfuscate (Pseudonimize) Discover and classify data, assess vulnerabilities, report on entitlements Encrypt, mask, and redact sensitive data 4. Monitor and track data access and modification Monitor data and file activity 5. Enforce right to access, modify,.. data 6. Compliance Reporting Block, mask, alert, and quarantine dynamically Automate compliance and auditing ANALYTICS 7
1. Guardium Vulnerability Assessment Identify and mitigate security vulnerabilities in data stores Current Test Results Result History Prioritized Breakdown Filters and Sort Controls Detailed Test Results Detailed Remediation Suggestions 8
2. Guardium Data Activity Monitor Analyze and automatically discover sensitive data and uncover risks Automatically discover unregistered data repositories Automatically discover sensitive data in databases and file systems Classify sensitive data according to existing categories Add membership to controlled data groups or categories subject to security policies Comprehensive visibility, control and reporting Sensitive Data Finder Auto-discovery 9
3. Guardium Data Encryption Encrypt / Obfuscate (Pseudonimize) 10
4. Guardium Data Activity Monitor (DAM) for Databases Monitor and track data access and modification Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users to detect unauthorized or suspicious activity Behavior analysis to detect outliers and spot anomalies Real-time alerting to prevent Data Loss Compliance automation Prepackaged compliance reports for SOX, PCI, etc Does not rely on resident logs that can easily be erased by attackers, rogue insiders SOD enforcement for DBA access Non-invasive/disruptive, crossplatform architecture Dynamically scalable 11 Minimal performance impact
5. Guardium Data Activity Monitor (DAM) for Databases Enforce right to access, modify, delete data EmployeeTable SELECT 12
5. Guardium Data Activity Monitor (DAM) for Databases Enforce right to access, modify, delete data No database changes No application changes No network changes Without the performance or availability risks of an in-line database firewall 13 Session Terminated
4-5. Guardium Data Activity Monitor (DAM) for Files Monitor and track data access and modification Enforce right to access, modify, delete data Understand your sensitive data exposure Get a full picture of ownership and access for your files Control access to critical files through blocking and alerting Gain visibility into all file entitlements and activity through custom reports and advanced search Guardium introduces new file activity monitoring to identify normal and abnormal behavior and drill into the details File Activity Monitoring helps you manage access to your unstructured data containing critical and sensitive information. Provides complete visibility into activity by providing extensive compliance and audit capabilities. 14
Guardium GDPR Accelerator A pre-defined knowledge set mapped to GDPR obligations Guardium GDPR Accelerator Data Discovery and Classification for Personal Data Predefined Policies and Groups for GDPR Personal Data Auditing and Monitoring reports for GDPR Personal Data Support for GDPR Impact Assessment Compliance workflows and Audit Process Builder for notifications to auditors, controllers and DPO 15
Security & Traceability QRadar Sense Analytics Infrastructure control and advanced treath detection EXTENSIVE DATA SOURCES Security devices Servers & mainframes Network and virtual activity Data activity Application activity Configuration data Vulnerabilities and threats Users &identities Global threat intelligence IDENTIFICATION Data collection, storage, and analysis Real-time correlation and threat intelligence Automatic asset, service and user discovery and profiling Activity baselining and anomaly detection Embedded Intelligence Prioritized incidents REMEDIATION Incident forensics Around-the-clock management, monitoring and protection Incident response 16
Security & Traceability QRadar Sense Analytics One platform to drive security intelligence and analytics Advanced Threat Detection Insider Threat Detection Risk and Vulnerability Management Incident Forensics Incident Response Complianc e Reporting Securing Cloud Third-Party Usage 17
Guardium & QRadar integration Optimizing security while expanding monitoring scope for data sources Improve analytics performance by offloading data analysis Save on storage costs for duplicating data audit logs Save on network bandwidth for data audit logs File Big Data Data Warehouse Database Application Network Infrastructure Mainframe Identity Normalized audit logs Guardium Real-time analysis and preventive measures No need to turn audit logs on DB. Save on DB/App performance 18
Guardium & QRadar integration Real-time policy integration 19
Guardium & QRadar integration Guardium Classification, VA e QRadar Vulnerability Manager AppScan IBM Endpoint Manager Integrated vulnerability scanner Network discovery and asset information 3rd Party vulnerability solutions IBM Security Context! VA Database User Activity DB Tier (Oracle, SQL Server, DB2, Informix, Sybase, MySQL) OS Tier (Windows, Solaris, AIX, HP-UX, Linux) Tests Permissions Roles Configurations Versions Custom tests Configuration files Environment variables Registry settings Custom tests 20
Incident Management IBM Resilient How to handle and respond to security incidents PREVENTION DETECTION RESPONSE Help to continuously stop attacks and remediate vulnerabilities Identify the most important threats with advanced analytics and forensics Respond to incidents in integrated and organized fashion Unites Security Operations and Incident Response Resilient will extend IBM s offerings to create one of the industry s most complete solutions to prevent, detect, and respond to threats Delivers a Single Hub for Response Management Resilient will allow security teams to orchestrate response processes, and resolve incidents faster, more effectively, and more intelligently Integrates Seamlessly with IBM and 3 rd Party Solutions Resilient integrates with QRadar and other IBM and 3rd party solutions so organizations of various sizes can successfully resolve attacks 21
IBM Resilient s unique value Resilient has the largest knowledge base of regulations regarding Data Breach incidents! 22
IBM Resilient Incident Response Platform Security Module Industry standard workflows (NIST, SANS) Threat intelligence feeds Organizational SOPs Community best practices Action Module Automate processes Enrich incident details Gather forensics Enact mitigation Privacy Module Global breach regulations Contractual obligations Third-party requirements Organizational SOPs Privacy best practices 23
IBM Resilient: an example 24
IBM Resilient: an example Link to pre-define form Address to send Contact info 25