Monday, April 11, 2016

Data Protection, Privacy, Security and the Cloud

Protecting your bits

(This is the first post in a planned series on data protection, security, and privacy related to DB2/dashDB in the cloud and IBM Bluemix)

As a data/database guy from Germany, security and data protection and privacy have been high on my list of interests for many, many years. As a banking customer I would hate it when someone not authorized would access my data. I also don't like to go through the hassle of replacing credit cards, changing passwords, take up a new name (user name only :), or more because a system my data is or was on had been hacked. With more and more data being processed "in the cloud" it is great to know how much effort has been put into designing secure cloud computing platforms, into operating them according to highest security standards, and how international and local data protection standards and laws are followed for legal compliance.

When I still was active as developer for DB2, my team and I had to follow internal standard processes. IBM has a secure engineering practices and you can read about them in this IBM Secure Engineering portal and in this IBM RedGuide on the IBM Secure Engineering Framework. There is even a reference to the Integrity Statement of 1973 (more than 40 years back!) on how IBM would try all and everything to protect your data, systems, transactions and more from accidental and malicious modifications. On the linked portal you will also find a link to the IBM Product Security Incident Reponse Team (PSIRT), its processes and its blog with current product security warnings including the IBM Cloud Platform. It is interesting to know that IBM is not only developing secure products, IBM actually is a leading company in security research, security products, and security services. No wonder that IBM also has been on the forefront of security and data protection. It was the first global company to appoint a Chief Privacy Officer, this was in the year 2000. Interesting to see that since 2012 with Christina Peters a German is in this position, leading the teams and policies to address data privacy and data security.

I want to close today's blog entry with three privacy-related links:
With this as a more high-level overview and introduction to data protection and data privacy, I promise that my next blog entry on this topic will be technical again.