Advanced Security in an Insecure Data World

By Rich Hughes,

“Customer data may be at risk” is an all too familiar corporate acknowledgement these days, a communication event no enterprise wants to face.  Target lost personal information from at least 40,000,000 customers, stolen by thieves in late 2013.  This was followed and exceeded by Home Depot’s announcement last month that 56,000,000 customer bank cards used at the retailer’s 1,900 stores had been compromised.  Yes, Virginia, even your recent ice cream treat transaction at Dairy Queen has found its way into hacker’s hands. Most importantly, data breaches like these disrupt the trusted bond between a retailer and their customer, and as a consequence, top and bottom line numbers are negatively impacted.

Addressing security concerns for data warehouses, the IBM® PureData™ System for Analytics N3001 was announced for General Availability on October 17, 2014.   The N3001 appliance family brings advanced security to your data in this insecure world. Building on the appliance simplicity model, all data is stored on self encrypting  disk (SED) drives, providing security while not impacting performance. The protection provided by the SED implementation supports the industries requiring the strictest security compliance — health care, government, and the financial sectors.  This system utilizes strong authentication preventing threats due to unauthorized access, based on industry standard Kerberos protocol.

The N3001 Self Encrypting Drive protects your data-at-rest.  Both temporary data and user data tables are encrypted, and then this security level is bolstered by a key management scheme.

How does this work?  The SED disk drives are unlocked when the IBM® PureData™ System for Analytics N3001 ships to your data center.  And while the SED disk encryption is the first security level, an Advanced Encryption Standard (AES) compliant,  256 bit key needs to be created to cover all N3001 disks—both on the host and at the Snippet Processing Unit compartments.  This second security tier, the AES 256 bit key, can be initialized at any point after your data is loaded into the appliance.

The key management utility allows flexibility to update and rotate keys depending on the frequency of change dictated by your security policies.  This keyed approach is analogous to a password one uses to protect the disk data on a personal computer.  The Kerberos authentication, SED drives, and AES key management come as standard issue with the IBM® PureData™ System for Analytics N3001.

IBM’s InfoSphere Data Privacy for Security for Data Warehousing is a separately priced option that organizations should consider when dealing with compliance challenges.  This package will enforce separation of duties, and will report incidents covering user behavior tracked by an audit trail.  Additionally, a business glossary provides the organization with the ability to define and document sensitive data, along with the agreed upon access levels for the appropriate groups.  Data masking and making data fields autonomous, yet viewable by privileged user groups is also important functionality which comes with the InfoSphere Data Privacy for Security for Data Warehousing package.

The IBM® PureData™ System for Analytics N3001 features advanced security based on hardware and software improvements.  When coupled with IBM’s InfoSphere Data Privacy for Security for Data Warehousing (which monitors data going in and out of your data warehouse), you can rest assured your corporation’s sensitive information is protected from unwanted intruders.

More information on the IBM® PureData™ System for Analytics N3001 family can be viewed at this LINK.  There are numerous sessions at the upcoming IBM Insights 2014 Conference (October 26-30) which highlight the speed, simplicity, and security message as seen in many successful data warehouses powered by Netezza technology.  The IBM® PureData™ System for Analytics N3001 is again changing the game for data warehouse appliances.

About Rich Hughes,

Rich Hughes is an IBM Marketing Program Manager for Data Warehousing.  Hughes has worked in a variety of Information Technology, Data Warehousing, and Big Data jobs, and has been with IBM since 2004.  Hughes earned a Bachelor’s degree from Kansas University, and a Master’s degree in Computer Science from Kansas State University.  Writing about the original Dream Team, Hughes authored a book on the 1936 US Olympic basketball team, a squad composed of oil refinery laborers and film industry stage hands. You can follow him on @rhughes134


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s