August 1, 2018 | Written by: Leif Davidsen, Program Director, IBM Messaging Offering Management
Share this post:
“Privacy by design” is a way to make complying with GDPR regulations simpler.
Instead of having to try to protect multiple aspects of security in every system, you can ensure security is applied much more widely, so that individual areas of security and multiple connected systems are protected without additional effort or overview.
Keeping customer trust and data secure
In the age of high-profile data breaches and multi-million-dollar lawsuits, customers must be able to trust organizations with their sensitive personal information, whether that’s something as simple as their addresses or as complex as their credit card information and social security numbers.
Customers trust businesses with their information. Businesses, therefore, have a responsibility to keep customer information safe. Lost trust is lost business.
And it is not just a question of customer trust. There is more and more legislation around the world designed to ensure that businesses are taking the protection and security of third-party data seriously. The headlines recently around this have been driven by the deadline date for the European Union’s General Data Protection Regulation (GDPR). Protecting your own data, as well as customer information, should be an essential practice anyway, even if you are certain that all your customers are from the US.
Understanding and incorporating privacy by design
Meeting the requirements of legislation and customer trust isn’t just about ticking a box. It can’t be addressed through a single change or product. There needs to be a comprehensive approach to ensure there aren’t gaps in the security. One of the best ways to ensure that is through the concept of “privacy by design” as defined in GDPR.
This concept relieves businesses of some of the most thorny aspects of ensuring infrastructure is GDPR-ready. While organizations still must follow all aspects of the regulations, from informing customers what data they’re holding to giving customers explicit opt-out options and more, you can breathe a little easier knowing that your enterprise architecture incorporates privacy by design. One place to start is your enterprise messaging.
Consider a typical connected environment with messages flowing across many different connected systems. Maybe data originating from a customer will bounce across different business systems as a message: ordering, invoicing, manufacturing, shipping and loyalty programs, for example. Some of these might be with the enterprise, and others might be third-party businesses that provide a service. As messages flow, they will get saved to disk as a backup in case of a system failure. How can one ensure that every system and every disk is adequately protecting these messages without being in control of all these systems and disks, which might be owned by other organizations?
Securing data with message encryption
The end-to-end messaging encryption in IBM MQ Advanced is policy based and doesn’t require application updates. The applications themselves will be unaware that the messages will be encrypted between the sending and receiving applications. The messages being sent over MQ will have the MQ message contents encrypted, but the messaging header (properties) will remain in the clear. As each message is saved to disk in a queue, the contents remain encrypted. The messages will only be decrypted at the destination application as set in the policy.
With this in place, it becomes irrelevant how many systems the message will travel through between source and destination, or even the security or ownership of each system. You can demonstrate that the message will not be accessible except to the receiving application, therefore ensuring that there is a complete record of who has had access to every message. Therefore, it is under complete control.
This is the power of privacy by design. With businesses under pressure from GDPR and other legislation to ensure customers can trust them to look after their data and personal information, it has become essential to consider the move to tools like MQ Advanced to take advantage of cutting-edge data protection capabilities.
Source link https://www.ibm.com/blogs/cloud-computing/2018/08/01/privacy-design-era-gdpr/