Data Privacy Passports is a new IBM capability that can help businesses maintain data privacy and protection when sensitive data leaves a trusted system of record. It works by encrypting data into trusted data objects (TDOs) and controlling access to the encrypted data through a central Passport Controller. This allows businesses to enforce access policies, revoke access remotely, and more easily audit who has accessed data. The document discusses how Data Privacy Passports addresses key data privacy concerns and provides benefits like reduced risk, lower administrative costs, and an estimated 300% return on investment over five years.
Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably
encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly
about protection from hackers and insiders. In the cloud, however—public, community, hybrid, and sometimes even
private-- they are also affected by where data resides and the impact of local, regional, and national regulations on
the privacy of that data--an issue known as data sovereignty.
This Blue Paper was prepared as a result of a roundtable discussion organised by the Takshashila Institution on 4 September 2017, based on the Discussion Document, Beyond Consent: A New Paradigm for Data Protection.
The discussion document brings forth a rights-based model (Rights Model) to help secure the interests of a data subject sharing his data with data controllers. This Rights Model assures to every individual, an inalienable right over his personal data. Any data collector that wishes to access a data subject's personal data must ensure that they do so in a manner that does not violate this inherent data right.
The Blue Paper highlights the recommendations of the all participants at the roundtable discussion, which was chaired by Rahul Matthan.
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably
encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly
about protection from hackers and insiders. In the cloud, however—public, community, hybrid, and sometimes even
private-- they are also affected by where data resides and the impact of local, regional, and national regulations on
the privacy of that data--an issue known as data sovereignty.
This Blue Paper was prepared as a result of a roundtable discussion organised by the Takshashila Institution on 4 September 2017, based on the Discussion Document, Beyond Consent: A New Paradigm for Data Protection.
The discussion document brings forth a rights-based model (Rights Model) to help secure the interests of a data subject sharing his data with data controllers. This Rights Model assures to every individual, an inalienable right over his personal data. Any data collector that wishes to access a data subject's personal data must ensure that they do so in a manner that does not violate this inherent data right.
The Blue Paper highlights the recommendations of the all participants at the roundtable discussion, which was chaired by Rahul Matthan.
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
Malicious or accidental disclosure of confidential information by trusted insiders is a threat to any organization. Insiders include employees, contractors, consultants and business partners that have access to your sensitive information. Since relationships don't last forever, a trusted person today may be a competitor tomorrow. See how Fasoo customers protect sensitive information by controlling access and use at the data level through continuous encryption and persistent security policies.
IRM will address information security needs for all types of enterprises.IRM is a set of policies and technologies that help enterprises control the usage of information contained in shared documents.
Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.
Global Security Certification for GovernmentsCloudMask inc.
Government endeavors to expand and make available the range of services to the largest possible numbers of users. At the same time, the public sector also works hard to improve its own internal operations and use the best possible talent it can get. Increasingly, there is also a need to improve the collaboration between different sectors of the government while ensuring that data privacy and security are not affected
Data is an important assets for an enterprise. Data must be protected against loss and destruction. In IT field huge data is being exchanged among multiple people at every moment. During sharing of the data, there are huge chances of data vulnerability, leakage or alteration. So, to prevent these problems, a survey on data leakage detection system has been done. This paper talks about the concept, causes and techniques to detect the data leakage. Businesses processes facts and figures to turn raw data into useful information. This information is used by businesses to generate and improve revenue at every mile stone. Thus, along with data availability and accessibility data security is also very important.
Where in the world is your PII and other sensitive data? by @druva incDruva
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
Several companies may be well on the way to define how to handle GDPR compliance for structured data. But many companies still haven't come up with a good way to handle GDPR compliance for unstructured data..
This whitepaper provides the main information about unstructured data and the Xenit solution to manage documents under the regulation.
Database Auditing Essentials... or... Who did what to which data when and how?
The combination of increasing government regulation and the need for securing corporate data has driven up the need to track who is accessing data in our corporate databases. This presentation discusses these drivers as well as presenting the requirements for auditing data access in corporate databases.
The goal of this presentation is to review the regulations impacting the need to audit, and then to discuss in detail the kinds of things that may need to be audited, along with the several ways of accomplishing this.
It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.
Malicious or accidental disclosure of confidential information by trusted insiders is a threat to any organization. Insiders include employees, contractors, consultants and business partners that have access to your sensitive information. Since relationships don't last forever, a trusted person today may be a competitor tomorrow. See how Fasoo customers protect sensitive information by controlling access and use at the data level through continuous encryption and persistent security policies.
IRM will address information security needs for all types of enterprises.IRM is a set of policies and technologies that help enterprises control the usage of information contained in shared documents.
Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.
Global Security Certification for GovernmentsCloudMask inc.
Government endeavors to expand and make available the range of services to the largest possible numbers of users. At the same time, the public sector also works hard to improve its own internal operations and use the best possible talent it can get. Increasingly, there is also a need to improve the collaboration between different sectors of the government while ensuring that data privacy and security are not affected
Data is an important assets for an enterprise. Data must be protected against loss and destruction. In IT field huge data is being exchanged among multiple people at every moment. During sharing of the data, there are huge chances of data vulnerability, leakage or alteration. So, to prevent these problems, a survey on data leakage detection system has been done. This paper talks about the concept, causes and techniques to detect the data leakage. Businesses processes facts and figures to turn raw data into useful information. This information is used by businesses to generate and improve revenue at every mile stone. Thus, along with data availability and accessibility data security is also very important.
Where in the world is your PII and other sensitive data? by @druva incDruva
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
Several companies may be well on the way to define how to handle GDPR compliance for structured data. But many companies still haven't come up with a good way to handle GDPR compliance for unstructured data..
This whitepaper provides the main information about unstructured data and the Xenit solution to manage documents under the regulation.
Database Auditing Essentials... or... Who did what to which data when and how?
The combination of increasing government regulation and the need for securing corporate data has driven up the need to track who is accessing data in our corporate databases. This presentation discusses these drivers as well as presenting the requirements for auditing data access in corporate databases.
The goal of this presentation is to review the regulations impacting the need to audit, and then to discuss in detail the kinds of things that may need to be audited, along with the several ways of accomplishing this.
It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
Module 02 Performance Risk-based Analytics
With all the advancements in technology and encryption levels, some methods are faster or slower than others. In most cases a cybersecurity professional must weigh cost, performance, and security. Risk is a powerful tool used by all cybersecurity professionals to assist in making these decisions, and in influencing appropriate stakeholders by providing appropriate information with regard to these three elements.
Risk analysis or risk base analytics helps determine the level of risk to an organization. The first step in this process is to determine the sensitivity of the data being processed. The example below is a common data classification for many organizations; however, depending on how the data will be used, these data fields may vary due to classification levels.
· Public: Data available to the general public and approved for distribution outside the organization.
· Examples: press releases, directory information (not subject to a government regulations or blocks), product catalogs, application and request forms, and other general information that is openly shared. The type of information an organization would choose to post on its website offers a good example of Public data.
· Internal: Data necessary for the operation of the business and generally available to all internal users, users of that particular customer, and potentially interested third-parties if appropriate and when authorized.
· Examples: Some memos, correspondence, and meeting minutes; contact lists that contain information that is not publicly available; and procedural documentation that should remain internal.
· Confidential: Data generally not made available outside the organization and the unauthorized access, use, disclosure, duplication, modification, or destruction of which could adversely impact the organization and/or customers. All confidential information is sensitive in nature and must be restricted to those with a legitimate business need to know.
· Examples:
· Information covered by the Family Educational Rights and Privacy Act (FERPA), which requires protection of records for current and former students. This includes pictures of students kept for official purposes.
· Personally identifiable information entrusted to the organization’s care that is not restricted use data, such as information regarding applicants, donors, potential donors, or competitive marketing research data.
· Information covered by the Gramm-Leach-Bliley Act (GLB), which requires protection of certain financial records.
· Individual employment information, including salary, benefits and performance appraisals for current, former, and prospective employees.
· Legally privileged information.
· Information that is the subject of a confidentiality agreement.
· Restricted: Data that MUST be specifically protected via various access, confidentiality, integrity and/or non-repudiation controls in order to comply with legislative, regulatory, con ...
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
BBA 3551, Information Systems Management 1
Course Learning Outcomes for Unit VIII
Upon completion of this unit, students should be able to:
3. Examine the importance of mobile systems and securing information and knowledge.
Reading Assignment
Chapter 12:
Information Security Management
Unit Lesson
In the last unit, we discussed outsourcing, the functions and organization of the IS department, and user
rights and responsibilities. In this final unit, we will focus on security threats to information systems.
PRIDE and System Security
PRIDE processes privacy settings on the server and returns a code that indicates which of the four privacy
levels defined for PRIDE govern a particular individual with a particular report/data requestor. By processing
settings on the server, those settings are not exposed to the Internet. The return code is, however, and the
operational system should probably use https for both the code and to return the report. This was not done in
the prototype, though.
The relationship between patients and PRIDE participants is N:M. One patient has potentially many
organizations, and an organization has potentially many patients. What this means is that a patient has a
relationship, potentially, to many participants of a given type: many doctors, many health clubs, many
insurance companies, and even many employers. In addition, a patient has a relationship to, potentially, many
types of participants.
Given the N:M relationships, a natural place to put privacy settings is in the intersection table. That table
serves, intuitively, as an opacity filter between a given patient and a given doctor (or other
person/organization).
The tension in the dialog between Maggie and Ajit at the beginning of Chapter 12 regarding what terminology
to use with Dr. Flores is intended to set up a discussion from both perspectives. It is a common problem for
techies when talking with business professionals: How much technical language should I use? It is important
to use enough to demonstrate competency, but not so much as to drown the businessperson in terminology.
Using the Ethics Guide: Securing Privacy
In this chapter, we discuss three categories of criteria for evaluating business actions and employee
behaviors:
legal
ethical (categorical imperative or utilitarianism)
good business practice
UNIT VIII STUDY GUIDE
Information Security Management
BBA 3551, Information Systems Management 2
We can clearly see the differences in these criteria with regard to data security. A doctor’s office that does not
create systems to comply with HIPAA is violating the law. An e-commerce business that collects customer
data and sells it to spammers is behaving unethically (by either ethical perspective). An e-commerce business
that is lackadaisical about securing its customers data is engaging in poor business practices.
Even still, business professionals today need t ...
The user requirements of a new system for Railway reservation system may include:
1.Easy-to-use Interface: The new system should have a simple and intuitive user interface that allows users to quickly and easily access the web application and service providers to efficiently respond to requests.
2.Comprehensive Coverage: The new system should have an extensive coverage area that ensures drivers in all locations have access to timely and reliable assistance.
3.Integration with Modern Technologies: The new system should be fully integrated with modern communication channels and technologies, such as mobile devices and GPS, to allow for efficient and accurate communication between drivers and service providers.
4.Fast Response Times: The new system should ensure that service providers can quickly and efficiently respond to service requests, minimizing wait times for drivers in need of assistance.
5.Reliable Service: The new system should provide drivers with access to reliable and trustworthy service providers, ensuring that they receive high-quality service and repairs.
6.24/7 Availability: The new system should be available 24/7, ensuring that drivers can request assistance at any time of the day or night.
7.Transparent Pricing: The new system should provide transparent and fair pricing for all services, ensuring that drivers know what to expect and are not subject to unexpected or unreasonable charges.
|
By meeting these user requirements, a new system for On Road Vehicle Breakdown Assistance can provide drivers with a reliable, efficient, and easy-to-use platform for accessing assistance and ensuring their safety on the road.
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
Your master data is essential to the smooth operation of your business. But it is also valuable to others. Master data is vulnerable to both internal and external attacks. As the future of business and data is increasingly cloud-based, we explore five fundamentals to ensure the security of your data.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
Today organization now has to protect the data from unauthorized access not only from external users but also from internal users as the criticality of the data may be high. Seclore's Data-Centric platform offers all one advanced data protection.
Securing sensitive data for the health care industryCloudMask inc.
Both 1) the growing adoption of Electronic Health Records (EHR) and personal health records and 2) technologies that ensure better patient safety, improved care and inputs for clinical decision-making are being made possible by the adoption of cloud technology in health care. It has become critical to ensure that complete medical data is made available to health care providers irrespective of where the patient or clinician is located
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
Sample Data Security Policies
This document provides three example data security policies
that cover key areas of concern. They should not be considered
an exhaustive list but rather each organization should identify
any additional areas that require policy in accordance with their
users, data, regulatory environment and other relevant factors.
The three policies cover:
1. Data security policy: Employee requirements
2. Data security policy: Data Leakage Prevention – Data in Motion
3. Data security policy: Workstation Full Disk Encryption
Comments to assist in the use of these policies have been added in red.
Sample Data Security Policies
1
Data security policy: Employee requirements
Using this policy
This example policy outlines behaviors expected of employees when dealing with data and provides a classification of the types of
data with which they should be concerned. This should link to your AUP (acceptable use policy), security training and information
security policy to provide users with guidance on the required behaviors.
1.0 Purpose
<Company X> must protect restricted, confidential or sensitive data from loss to avoid reputation damage and to avoid adversely
impacting our customers. The protection of data in scope is a critical business requirement, yet flexibility to access data and work
effectively is also critical.
It is not anticipated that this technology control can effectively deal with the malicious theft scenario, or that it will reliably detect
all data. It’s primary objective is user awareness and to avoid accidental loss scenarios. This policy outlines the requirements for
data leakage prevention, a focus for the policy and a rationale.
2.0 Scope
1. Any employee, contractor or individual with access to <Company X> systems or data.
2. Definition of data to be protected (you should identify the types of data and give examples so that your users can identify it
when they encounter it)
� PII
� Financial
� Restricted/Sensitive
� Confidential
� IP
3.0 Policy – Employee requirements
1. You need to complete <Company X>’s security awareness training and agree to uphold the acceptable use policy.
2. If you identify an unknown, un-escorted or otherwise unauthorized individual in <Company X> you need to immediately notify
<complete as appropriate>.
3. Visitors to <Company X> must be escorted by an authorized employee at all times. If you are responsible for escorting
visitors you must restrict them appropriate areas.
4. You are required not to reference the subject or content of sensitive or confidential data publically, or via systems or
communication channels not controlled by <Company X>. For example, the use of external e-mail systems not hosted by
<Company X> to distribute data is not allowed.
5. Please keep a clean desk. To maintain information security you need to ensure that all printed in scope data is not left
unattended at your workstation.
Sample Data Security Policies
2.
Similar to Protecting Data Privacy Beyond the Trusted System of Record (20)
The Total Economic Impact Of IBM Multivendor Support Services (MVS) Cost Savi...Cor Ranzijn
A Forrester Total Economic Impact Study , January 2019
The Total Economic Impact Of IBM Multivendor Support Services (MVS) Cost Savings And Business Benefits Enabled By IBM MVS
Elevate your enterprise cfo role reportCor Ranzijn
Companies in virtually every industry are undergoing a secular change to new, platform- based businesses. To thrive, organizations need to digitally reinvent their enterprise business
and operating models. CFO"s continue to be instrumental in providing the analytical insights to help the enterprise invest capital into new opportunities. Essential to this process is a highly collaborative, in-synch C-suite. The CFO’s newest mandate – to help steer the strategic direction
of the enterprise and do so iteratively – requires changes to their finance organizations. Startlingly, nearly half of CFOs report their own finance organizations fall short of what’s required.
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...John Andrews
SlideShare Description for "Chatty Kathy - UNC Bootcamp Final Project Presentation"
Title: Chatty Kathy: Enhancing Physical Activity Among Older Adults
Description:
Discover how Chatty Kathy, an innovative project developed at the UNC Bootcamp, aims to tackle the challenge of low physical activity among older adults. Our AI-driven solution uses peer interaction to boost and sustain exercise levels, significantly improving health outcomes. This presentation covers our problem statement, the rationale behind Chatty Kathy, synthetic data and persona creation, model performance metrics, a visual demonstration of the project, and potential future developments. Join us for an insightful Q&A session to explore the potential of this groundbreaking project.
Project Team: Jay Requarth, Jana Avery, John Andrews, Dr. Dick Davis II, Nee Buntoum, Nam Yeongjin & Mat Nicholas
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
4. 2 Protecting Data Privacy Beyond the Trusted System of Record
Data privacy and protection impact business
Data drives business. The most valuable data (that is, the data that enables business to
anticipate needs, predict buying patterns, and better serve customers) often includes
personal data. As more personal data is collected and shared, governments and industry
regulatory bodies are creating ever more stringent rules for data protection and acceptable
data use, with fines for violating those rules. However, this does not represent the greatest
financial risk. If data is lost or misused, loss of trust, reputation, and the resulting loss of
business are the greatest threats.
There are two broad categories of data risk:
Data loss
Data is stolen or improperly exposed. Probably, most imagine hackers breaking into
servers to steal data; however, most data breaches are insider jobs, and many are
unintentional. Though a study conducted by the Ponemon Institute, which explored
financial impacts and security measures that can help organizations mitigate costs,
estimates the chances of any organization experiencing a data loss in the next two years
at just under 30%1
.
Privacy violation
In this case, data is not lost, but misused. If a customer provides consent for a business to
use their data but not share it with third parties, accidental sharing could be a violation of
that customer’s permitted use. Even within a business, sharing data with staff that are not
permitted to use it may represent a violation. Complicating matters, customers may
provide consent and later withdraw it.
The annual Cost of a Data Breach Report, which is published by the Ponemon Institute and
sponsored by IBM Security, goes on to tell us that the worldwide average cost per record that
is lost is approximately US $150 and the average size of a breach is more than 30,000
records (costing US $4.5 M). The cost is expected to vary by region and industry with the
highest cost per record estimated at US $429 for a healthcare record in the United States.
Those estimated costs do not include loss of business.
As businesses look to minimize the risk and impact, they must also find ways to provide
end-to-end, data-level protection and privacy. This effort includes not only encrypting data,
but granting and revoking access to it, and maintaining and proving control of it, even as it
moves off the system of record.
With the launch of pervasive encryption on IBM Z, IBM announced that its hardware can
encrypt data at-rest and in-flight while incurring a percentage increase in CPU utilization in
the low single digits. With faster encryption and on-chip compression in subsequent
generations of IBM Z, that number is even lower2
.
Pervasive encryption helps reduce the number “non-functional” roles as potential threats of
data loss. Non-functional roles are those roles that are not involved in the primary function of
workloads that are running on the system. A storage administrator is such a role. The storage
administrator needs to be able to move a database from one storage device to another but
does not need access to the data that is inside the database. If the database is encrypted and
the administrator cannot access the encryption key, that administrator cannot access the
data.
1
See “How much would a data breach cost your business?”, published by the Ponemon Institute and sponsored by
IBM Security.
2
See “Compression and Pervasive Encryption: z15™ Offers the Best of Both Worlds”, published by the IBM IT
Economics team.
5. 3
With this in mind, an information security officer may sleep soundly having implemented
pervasive encryption on IBM Z, thus helping to protect their data from loss. However, data
must sometimes leave the Z environment.
After the data leaves the demarcations of that trusted system of record, privacy breaches
become a possibility as control of the shared data is no longer guaranteed.
Data privacy considerations include functional roles and the minimum amount of data they
require to perform their function, and what consent a data subject3 provided to use their data.
With a system of record, interaction with data is constrained by trusted applications. But,
outside of that experience, data interaction is less structured. For example, if a data scientist
is trying to gain insight from credit card purchases, do they need to see the card number? In
short, what does the functional role need to know to get the job done?
It is also important to keep in mind that these questions are answered at a particular time and
place, and for a particular role. Rules change. Perhaps today it is permissible to display a full
credit card number to a customer service agent, but tomorrow a new regulation requires that
it cannot be shown.
Also, data moves. Credit card transactions are collected in an application that is running on
IBM Z, but then sent elsewhere in an Extract, Transform, Load (ETL) cycle for analysis by
data scientists, for example. Data must be protected wherever it goes and only what is
required for a specific role should be exposed given the most recent set of rules available.
In a typical data center, establishing and maintaining rules may require changing code in
various applications, altering storage procedures, or even scrubbing over-exposed data and
altering the ETL cycle. If the data was sent to a third party, the problems are compounded.
Data Privacy Passports can support the data protection and privacy requirements of
businesses, starting by placing data in an encrypted bundle called a Trusted Data Object
(TDO). Data is protected in the TDO as it moves from system to system within an enterprise;
for example, from a transactional system to a data lake.
Access to the data is governed by policy that determines not only who has access to the data,
but what form the data takes for their role. A data scientist may see only a “masked value” of a
bit of sensitive data.
When a TDO is opened, a Passport Controller is used to perform that operation. The identity
of the person and the data they are accessing are matched to a policy that determines
whether they can access the data and in what form.
Information that was masked could be made available in the clear to the data scientist within
the organization. In this case, a new policy can be set in the Passport Controller that is used
with subsequent queries. If the data was not transformed as the TDO was created, the data
does not need to be reloaded in the data lake, as might be the case with a typical ETL tool.
In addition, access to data can be revoked altogether by revoking access to the key that
encrypts it. Or, data may be rendered inaccessible remotely by simply destroying the key that
is required to decrypt it.
With Data Privacy Passports, audits can be made easier because there is only one place to
go to verify data security policies.
3
According to the European Union General Data Protection Regulation (GDPR), a Data Subject is “an identifiable
natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural person.”
6. 4 Protecting Data Privacy Beyond the Trusted System of Record
The administrative costs of maintaining policies in multiple places can be reduced. In a
business value assessment of Data Privacy Passports4
, the IBM IT Economics team
estimates by reducing the cost of securing data and lowering the risk of a data or privacy
breach, Data Privacy Passports is projected to deliver a five-year return on investment (ROI)
of approximately 300%.5
This business value assessment accounts for cost of ownership in the form of required
hardware, software licensing, and labor. This is balanced against the benefits of reduced risk
of fines and lost business, improved efficiency in implementing and auditing policy, and
avoiding costs that are associated with in-house implementation of similar measures. Of
course, individual circumstances vary.
Data governance benefits
There are many benefits that Data Privacy Passports can bring forth as enhancements to a
company’s data governance. Data governance is the overall management of data availability,
relevancy, usability, integrity, and security in an enterprise. It helps businesses answer
questions, such as: “Where did this data come from?”, “Does this data adhere to company
policies and rules, such as separation of duties?”, and “Who has access to this data?”.
Data Privacy Passports provides end-to-end encryption and can enhance data governance
through a method of data handling that can be demonstrated easily to an outside entity. Data
governance with Data Privacy Passports includes demonstrating compliance of internal
policies, enforcing data subject requests, and regulating access to personal information.
Demonstrating compliance of internal policies
Complying with data access and use policies, and demonstrating that compliance to auditors
can be a consuming task. Using Data Privacy Passports can assist in data tracking down to
the field-level for personal information. This level of demonstrable granularity should allow
audits to proceed smoothly.
Enforcing data subject requests
The Passport Controller is a component of Data Privacy Passports that enforces restrictions
or access to personal information and provides application owners or business process
owners more confidence they can demonstrate compliance with the data subject’s requests.
This applies to data access within private and public cloud implementations.
Regulating access to personal information
When a data subject enters a business relationship, Data Privacy Passports can assist in
providing more governance to allow your data to be included in your cloud data lake that can
also be used for analytics to enhance the customer experience. However, with Data Privacy
Passports, you can regulate the access to personal information in the TDO in the cloud. This
includes specific rows and columns in the table, for example.
4
See “IBM z15™ Data Privacy Passports: Protecting data wherever it goes and generating a projected 300% ROI”,
published by the IBM IT Economics team
5
See “Disclaimer for business value assessment” on page 18.
7. 5
As shown in Figure 1, the data is transformed into a single copy of trusted data objects
(TDOs) and enforced data that is shared in the enterprise. This single copy of data can then
be accessed by multiple roles or personas, each with a different need to know, for example:
Data owner
The data owner has complete access to the data. This persona can resolve TDOs in this
protected table. All fields are unencrypted and returned as clear values.
Data scientist
The data scientist requires certain fields from the protected table. This persona can
resolve TDOs in this protected table. All fields are unencrypted. The s_num field is
returned as default mask values. The phone and zip_code fields are returned as clear
values.
Regulator
The regulator requires only certain fields from the protected table. This persona can
resolve TDOs in this protected table. All fields are unencrypted and default mask values
are returned.
Data administrator
The administrator has permission to create policies and provision data only, but has no
need to know any of the data. This persona cannot resolve TDOs. All protected fields are
returned as TDOs.
Figure 1 Consuming protected data by different personas
Data revocation - enforcing policies
Data may be transformed into either state as it leaves a system of record. For example, if a
full national identification number may never be accessible outside of the system of record, a
policy is enforced so that it is masked as it leaves the system.
A great advantage of the Data Privacy Passports approach in safeguarding data is that a
policy may be altered after data is circulated. Because data passes through a Passport
Controller at the time of consumption, policy may be dynamic. A credit card number that was
presented as four digits today may be masked tomorrow on the next access through the
Passport Controller. Access to data can be revoked altogether, when required.
8. 6 Protecting Data Privacy Beyond the Trusted System of Record
Providing a single point of authority
By providing a single point of authority, Data Privacy Passports removes many points of
potential failure; that is, separate Extract Transform and Load (ETL) transformations, access
control lists, various native encryption options. It replaces them with one point of control and
one point to audit.
Its single point of authority also enables Data Privacy Passports, which are facilitated by the
Passport Controller, to help manage data privacy audits. Data Privacy Passports could lower
the time spent auditing each database. This leaves individuals more time to focus on tasks
that create value for a company.
Sharing infrastructure without duplication
Most businesses use the method of ETL to provide data in a format for other uses. Multiple
batch jobs that are based on security needs could be used to provide access to data for
reports, analytics, or to include within a data lake. This ETL process is costly in terms of
system resources.
By using the TDO that is provided by the Data Privacy Passports, one extraction can be done,
and different views presented to the user or application based on policy definitions through
the Passport Controller.
How does Data Privacy Passports work
Data Privacy Passports provides a new data-centric security model for the protection of
eligible data6 across the enterprise. It is the next logical step from the IBM Z pervasive
encryption strategy, extending security to the database level, and protection to data that is
resident on IBM Z and also as it moves throughout the enterprise and beyond. Data Privacy
Passports does not require IBM Z pervasive encryption to be enabled, although that makes
the most sense as it provides end-to-end protection of all data.
Data-centric audit and protection
The idea of data-centric audit and protection (DCAP) is a transition from the current model to
which most enterprises are accustom. The way that data is protected today is that each time
the data lands, it is secured through a mechanism that is specific to that system. There is little
enterprise-wide ability to guarantee a base level of protection, or a centralized way to monitor
and audit the access to that data.
In the DCAP model, before the data is moved around the enterprise, it is repackaged into a
secure object. In the case of Data Privacy Passports, this is the TDO. Data Privacy Passports
does this protection at a field-level, which means that there is a level of granularity to this
protection that cannot be obtained from more broad protection techniques.
6
Data Privacy Passports supports data sources that can be accessed through a JDBC connection.
9. 7
As shown in Figure 2, after the field is wrapped in a TDO, it is the TDO that moves throughout
the enterprise to its endpoint.
Figure 2 Protecting copies of copies of copies
When any of the original or copies of a TDO need to be opened, that must come back to the
Data Privacy Passports infrastructure. At this point, a policy-based view of the clear data can
be provided (for example, masking the data) and the access to the data can be audited. A
required a trip back to the Data Privacy Passports infrastructure provides a single location for
performing data revocation as well.
This changes the requirement from monitoring every location data is stored. Instead, you can
focus on the data usage and monitoring when, where, and who accessed the data.
Protected and enforced modes
There are two ways to get the data into a policy specified view:
Protected mode
A TDO is created and stored along with the data in a protected table in a target database
management system (DBMS). This data can be accessed through ad hoc queries or as a
utility process through the Data Privacy Passports infrastructure.
A different enforced view, as shown in Figure 3, is returned to the data consumer based on
the credentials of that user and the need-to-know that is defined in the data policy.
Figure 3 Enforced views that are generated from the protected table
10. 8 Protecting Data Privacy Beyond the Trusted System of Record
Enforced mode
The protected phase is skipped and policy enforced views of data from the clear source
are created. In this case, there are no TDOs (protected tables) created, as shown in
Figure 4.
Figure 4 Enforce views that are generated from the source table
Enforced mode is required for applications that cannot support changing of the table
schema. A format preserved view needs to be used and can be generated directly from
the clear data.
Deployment
Figure 5 shows that Data Privacy Passports uses the IBM Hyper Protect Virtual Servers
support for deployment, which is built on the IBM Secure Service Container framework. This
allows trusted application, such as Data Privacy Passports, to be deployed in the IBM Z
environment with the utmost protection.
Figure 5 Data Privacy Passports deployment on IBM Z7
Data Privacy Passports components
Next, we examine the different components that are inside of the Data Privacy Passports
solution.
7
Requires an IBM z15 or later generation.
11. 9
Passport Controller
As shown in Figure 6, Data Privacy Passports consists of a single component that is known
as the Passport Controller. This provides all the protection, enforcement, policy, and key
management for the solution.
Figure 6 Passport Controller components
Internal key storage
The encryption that is performed by Data Privacy Passports is symmetric encryption using
the Advanced Encryption Standard (AES) with a key length of 256 bits (AES 256). The keys
are stored internally and managed by the Passports Controller.
Data policy
A policy describes how the Passport Controller should operate. There is specific means for
mapping users and groups to personas such that a need to know for data can be established.
Think about these elements as the following types:
Groups: Provides connections of Enterprise LDAP users to personas.
Data Elements: Rules that govern the need to know for specific fields.
Users: Defined in Enterprise LDAP.
Personas: Also known as a functional role, provides information that is required for
personas to work with TDOs and used for specific enforcement in Data Elements.
Trust Zones: Virtual data perimeters, scoped to the Passport Controller.
12. 10 Protecting Data Privacy Beyond the Trusted System of Record
These different policy elements fit together to form a complete view of how data is accessed
and processed. Figure 7 shows these policy elements.
Figure 7 Visual representation of policy elements
Administrator and user interactions
The programming interface for interacting with Data Privacy Passports is through a REST API
or a Java Database Connectivity (JDBC) connection for issuing the SQL SELECT statement.
As shown in Figure 8, the administrator interacts with the Passport Controller using REST
APIs. Some example administrative tasks are uploading policies, activating policies, and
performing data provisioning activities.
There are two ways for a user to interact with the Passport Controller. To perform ad hoc SQL
queries, send the SQL statements via JDBC requests directly to the Passport Controller. The
user can also use REST APIs to perform functions, such as provisioning views of data.
Figure 8 Administrator and user interactions with the Passport Controller
13. 11
Using Data Privacy Passports
There are several architectural patterns that can be deployed that service a set of use cases,
including the following examples:
Data segmentation and brokering
Embedded data retention and revocation policies
Single data source for multiple views
Data segmentation and brokering
Privacy legislation is being enacted globally, with far-reaching effects on businesses that
collect personal data. Solutions solving geographic segmentation of data can be highly useful
in global companies that operate in multiple countries. How can data be shared while
respecting the data residency and privacy requirements of various countries?
Business problem
A large multi-national corporation has disjointed human resource systems in each of its
geographic locations and wants to allow for new analytics on employee retention, motivation,
and job satisfaction across the entire global workforce. The corporation must adhere to the
data privacy requirements of each employee’s country. How can they federate their corporate
data systems and maintain confidentiality of their employees’ personal data?
Solution
Data Privacy Passports allows the organization to define Trust Zones, which can access open
a subset of TDOs. This allows a group of users to continue to access the data, while other
users see only the protected TDO. For example, only authorized members of the Trust Zone
can open the PII portions of HR records of employees in their specific country. A data scientist
can analyze the records from all countries to gain new insights while being restricted from
viewing individual record fields.
As shown in Figure 9, a user who is authenticated with Passport Controller 1 can access data
only in Protected Database 1, based on the need-to-know definition in its policy. To access
data in Protected Database 2, the user must first authenticate with Passport Controller 2.
Figure 9 Data segmentation and brokering
14. 12 Protecting Data Privacy Beyond the Trusted System of Record
Embedded data retention and revocation policies
Each industry has its own regulations and best practices for data retention. Data owners
today must request erasure of data to anyone who could have a copy, and may be limited in
their ability to audit compliance. How can access control to all copies of the data be put back
in the hands of the owner?
Business problem
A company provided their customer historical data to multiple departments during a
company-sponsored internal 30-day hackathon, which focused on “go to market” innovation.
Solution
Data Privacy Passports provides cryptographic erasure of data in all copies of the database
that may have been taken by a department. With the key deleted and the source data
rekeyed, Passport Controller no longer opens any TDOs with the old key, which ensures that
any copies of data that are held by any department is rendered unusable.
Figure 10 shows one example of data revocation. Copies of protected data that contain TDOs
exist throughout the enterprise. All TDOs are encrypted by using a specific key (or set of
keys). When source data is updated, the old data can be invalidated by deleting the key. With
validation, the old copies cannot be opened ever again. New protected data can then be
provisioned and a new set of keys is used to encrypt the TDOs.
Figure 10 Data revocation example
Single data source for multiple views
To perform effective analysis, data is often copied and massaged to fit into the parameters
that are required by the data scientist. The security team is tasked with making sure that the
data is properly safeguarded in all of these various environments without knowledge about
who should have what type of access. This results in broad data protection mandates that are
forced to be one size fits all. How can data control remain in the hands of the data owner or
custodian who is most knowledgeable about who should have what types of access?
Business problem
An insurance company needs to share details about their customers to a data scientist, the
customer themselves via a web portal, and a regulator. The customer should always be able
to view all of their data. The data scientist does not need exact values, but needs tokens that
are consistent representations of the actual data. The regulator needs to see certain data, but
is a third party to the company.
15. 13
Solution
IBM Data Privacy Passports can create a single protected table of data from policies that
allow multiple views of data varying by needs.
As shown in Figure 11, source databases are replicated and protected with TDOs to a target
DBMS. There are two ways a data consumer can access the protected data. First, by
accessing the protected data directly. This means that no enforcement is done8
, which
returns TDOs for protected elements to the user. The second method is to use REST APIs to
access the protected data via the Passport Controller. The user sees an enforced view of the
protected elements based on their need to know.
Figure 11 Single data source for multiple views
Line-of-business use case
An example of this use case could be a collaboration between two line-of-business
departments within a company. The marketing department is working to enhance their client
experience and has asked their IT department to provide them with a copy of the company’s
customer data. Their goal is to use analytics to target new offerings to drive incremental
sales.
In many cases, the IT department could have many levels of security approvals from the Chief
Security Officer (CSO), and multiple query iterations on the source data could impact
production processing.
Using Data Privacy Passports for this case, the IT department can create a protected table
where sensitive information is wrapped with TDOs. Different views can be defined in a data
policy based on functional roles and need-to-know. For example:
The user testing in the marketing department would allow a customer to access their
account with full access
The data scientist in the marketing department performing analytics to provide insights for
new offerings to clients can access enforced data that is format that is preserved and
stable for analysis.
The IT department and Chief Security Officer can monitor or audit as needed. The
IT department can also provide access to regulators to ensure auditability of the data
outside of their production systems.
With this solution, the IT department can ensure that access that is based on their security
guidelines are consistent, even when the data moved outside the walls of the production
system, which they manage.
8
No other enforcement is needed because the data elements were encrypted or masked.
16. 14 Protecting Data Privacy Beyond the Trusted System of Record
Finally, after a successful completion of the line-of-business effort, the IT department can
revoke future access to the protected table or individual data elements through one of several
ways:
Policy changes
Policy activations are dynamically supported in Data Privacy Passports. This provides the
ability to change the enforcement for specific fields for specific users that are defined in
the policy at any time for any future accesses.
Identify management changes
The user assignments in the enterprise identify management system, such as LDAP, can
be changed to remove users from groups and alter how the Data Privacy Passports policy
applies to that user.
Cryptographic erasure
The data encryption key that is used to create a TDO are all internally stored inside of the
Data Privacy Passports infrastructure. When a TDO is presented to a Passport Controller,
that data encryption key material is found, using the key label that is provided in the TDO,
and then that key material is used to perform the decryption operation. If that key is
deleted, any TDOs that are created by using that data encryption key no longer can be
opened, which provides a means to revoke any future access to those TDOs.
What’s next: How IBM can help
Protecting data, ensuring policy compliance, and maintaining control of the data are crucial to
the success of any business. Data Privacy Passports simplifies the process of demonstrating
regulatory or business process compliance through the policies you implement.
Data Privacy Passports is a data-centric audit and protection (DCAP) solution that enables
data to play an active role in its own protection and ensures that data remains encrypted or
masked, even if it leaves the enterprise.
With Data Privacy Passports, data protection through IBM Z allows you to take advantage of
privacy control policies to help ensure that your data is always protected.
To learn more about Data Privacy Passports or how to get started, IBM offers the following
resources:
IBM Marketplace provides more information about Data Privacy Passports, its uses and
how it can help your business. For more information, see this web page.
IBM Systems Lab Services offers services for Data Privacy Passports, these include:
– A planning workshop, which consists of training and a readiness assessment. The
readiness assessment shows any deficiencies in your environment that are related to
the deployment and use of Data Privacy Passports.
– A jump-start, which focuses on building, verifying, and using a Data Privacy Passports
test environment. This can be extended further with a production deployment.
For more information, email ibmsls@us.ibm.com.
IBM Z Content Solutions provides a comprehensive set of information to help you
understand, implement, and use Data Privacy Passports. For more information, see this
web page.
17. 15
Authors
This guide was produced by a team of specialists working with IBM Redbooks.
Bill White is an IBM Redbooks® Project Leader and Senior IT Infrastructure Specialist at
IBM Redbooks, Poughkeepsie Center.
Mark Moore is a software architect in the IBM IT Economics Consulting and Research team,
focusing on IBM Z pervasive encryption, Data Privacy Passports, and IBM LinuxONE. He has
also performed extensive research comparing IBM social and mobile solutions to major
competitors. Before joining the CPO, Mark was a technical and management consultant. He
has spent 30 years in the software industry working on operating systems, compilers, public
key infrastructure, e-commerce, portals, and database publishing.
Phillip Wilson is a Client Technical Specialist with IBM North America. He has 10 years of
experience with IBM Z. He has worked at IBM for 34 years. His areas of expertise include
Linux, MicroSoft Windows, Nodejs, and system architectures.
Eva Yan is an Executive I/T Specialist at IBM where she leads a global team in creating
technical collateral to help drive IBM Z and LinuxONE adoptions. In this role, her primary
focus is hardware and solution offerings including IBM z15, IBM Hyper Protect Virtual
Servers, IBM Data Privacy Passports, Red Hat OpenShift, and Cloud Paks. Before her
current position, Eva was the chief architect for the IBM LinuxONE Community Cloud, which
provides no-charge, open access to the public for skills building and innovations.
Thanks to the following people for their contributions to this project:
Jessica Doherty
Barbara Sannerud
Anthony Sofia
IBM Poughkeepsie
Now you can become a published author, too!
Here’s an opportunity to spotlight your skills, grow your career, and become a published
author—all at the same time! Join an IBM Redbooks residency project and help write a book
in your area of expertise, while honing your experience using leading-edge technologies. Your
efforts will help to increase product acceptance and customer satisfaction, as you expand
your network of technical contacts and relationships. Residencies run from two to six weeks
in length, and you can participate either in person or as a remote resident working from your
home base.
Find out more about the residency program, browse the residency index, and apply online at:
ibm.com/redbooks/residencies.html
18. 16 Protecting Data Privacy Beyond the Trusted System of Record
Stay connected to IBM Redbooks
Find us on Facebook:
http://www.facebook.com/IBMRedbooks
Follow us on Twitter:
http://twitter.com/ibmredbooks
Look for us on LinkedIn:
http://www.linkedin.com/groups?home=&gid=2130806
Explore new publications, residencies, and workshops with the IBM Redbooks weekly
newsletter:
https://www.redbooks.ibm.com/Redbooks.nsf/subscribe?OpenForm
Stay current on recent Redbooks publications with RSS Feeds:
http://www.redbooks.ibm.com/rss.html
20. 18 Protecting Data Privacy Beyond the Trusted System of Record
Disclaimer for business value assessment
Analysis based on a hypothetical ROI projection for IBM Data Privacy Passports, including the reduced risk of a data
privacy breach, reduced risk of industry fines and regulatory penalties, policy enforcement efficiency and audit labor
reduction, and the cost avoidance of an in-house equivalent implementation.
Data breach risk is taken from the IBM-sponsored Ponemon report, “2019 Cost of a Data Breach”. Potential industry fine
or regulatory penalty data is based on a blended combination of penalties across several recent GDPR, HIPAA, and PCI
DSS publicly disclosed violations. Costs associated with labor savings in policy enforcement, audit, and in-house
implementation and maintenance of a comparable solution are derived from IBM IT Economics data aggregated from
client engagements.
A range of values for risk reduction, industry and regulatory fines, and efficiency were considered, producing an ROI
between 284% and 332%. Actual ROI will vary by geography, industry, and individual client circumstance.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines
Corporation, registered in many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright
and trademark information” at http://www.ibm.com/legal/copytrade.shtml
The following terms are trademarks or registered trademarks of International Business Machines Corporation,
and might also be trademarks or registered trademarks in other countries.
IBM®
IBM Z®
IBM z15™
Redbooks®
Redbooks (logo) ®
z15™
The following terms are trademarks of other companies:
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive
licensee of Linus Torvalds, owner of the mark on a worldwide basis.
Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other
countries, or both.
Java, and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its
affiliates.
OpenShift, Red Hat, are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United
States and other countries.
Other company, product, or service names may be trademarks or service marks of others.