IBM has introduced a new tool called the IBM Cloud Security Compliance Center Data Security Broker, which aims to simplify the encryption of personally identifiable information (PII) in distributed multicloud environments. This tool is designed to help enterprise security teams navigate the complex landscape of risk and compliance requirements.
The upgraded IBM Cloud Security Compliance Center offers format-preserving encryption (FPE) to protect PII at both the database field and file levels. The technology used in this data security broker was licensed from Baffle, a database encryption company. Baffle’s data security broker is described as cloud-native software that supports various encryption methods, including AES-256, FPE, tokenization, masking, de-identification, and role-based access control.
One of the key advantages of Baffle’s software is that it provides file and database field security without requiring any changes to the code of existing applications. This is important because making code changes can be a major barrier to migrating from on-premises data stores to multicloud environments. Nataraj Nagaratnam, an IBM Fellow and CTO of IBM Cloud Security, explains that with the data security broker, applications no longer need to make code changes. The broker handles the encryption, decryption, and tokenization processes automatically, ensuring data protection without disrupting existing systems.
The IBM Cloud Security and Compliance Center is embedded within the IBM Cloud management platform, making it easily accessible for users. This integration streamlines the process of implementing advanced data encryption in distributed cloud environments.
According to a recent Harris Poll commissioned by IBM, 77% of IT and business leaders are adopting hybrid cloud technology for their digital transformation initiatives. However, many organizations face compliance challenges due to increasing regulations. In fact, 53% of respondents reported that these regulations have added to their compliance burdens, while nearly one-third stated that regulations have posed significant barriers to migrating workloads to hybrid environments.
To address the need for data encryption in multicloud environments, there are alternative solutions available, such as key management systems and hardware security modules from providers like Thales, Entrust, and HashiCorp. Intel’s Software Guard Extensions (SGX) is another option that enables confidential computing on servers running its Xeon Scalable Processors. However, these alternatives often require significant infrastructure changes or resource-intensive application development.
IBM’s partnership with Baffle brings a unique solution to the table. By leveraging Baffle’s data security broker, the IBM Cloud Security Compliance Center allows customers to have complete control over how their sensitive data is encrypted and who has access to encryption keys. This control helps organizations address compliance requirements and gain confidence in their data management practices.
Baffle’s tool also makes use of IBM’s Bring Your Own Key (BYOK) and Keep Your Own Key (KYOK) capabilities. This means that customers retain cryptographic control over their data, ensuring that IBM administrators cannot access the encrypted data stored in the virtual private cloud.
Baffle’s data security broker currently supports open-source databases like PostgreSQL and MySQL, as well as cloud data services like Snowflake and Amazon Redshift. The IBM Cloud Security and Compliance Center will continue to expand its support for other databases and object stores in the future.
Frank Dickson, IDC group VP for security and trust, commends IBM for addressing the increasing complexity of data privacy, sovereignty, and compliance standards. Compliance with different legal frameworks across countries can be challenging for multinational enterprises, especially as they handle sensitive data across various environments. Dickson believes that the expansion of the IBM Cloud Security and Compliance Center provides valuable tools to address these challenges.
In conclusion, IBM’s collaboration with Baffle brings a powerful tool, the IBM Cloud Security Compliance Center Data Security Broker, to the market. This tool simplifies the encryption of personally identifiable information in distributed multicloud environments, helping organizations meet their compliance requirements and protect sensitive data. With the ability to encrypt data at the field and file levels without requiring any code changes, this solution offers a scalable and efficient approach to data security in the cloud.