Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

IBM DataPower Operations Dashboard considerations for GDPR readiness

...

For PID(s): IBM DataPower Operations Dashboard

  • 5725-T06 IBM DataPower Gateway

Notice:

This document is intended to help you in your preparations for GDPR readiness. It provides information about features of IBM DataPower Operations Dashboard that you can configure, and aspects of the product’s use, that you should consider to help your organization with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.

...

The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

...

Table of Contents

  1. GDPR
  2. Product Configuration for GDPR
  3. Data Life Cycle
  4. Data Storage
  5. Data Access
  6. Data Processing
  7. Data Deletion
  8. Data Monitoring
  9. Capability for restricting Use of Personal Data

Note: The links to the DataPower Gateway Knowledge Center in this document are for version 7.6. If you are using a different version, use the "Change version" option in IBM Knowledge Center to change to the appropriate version of the topic.

...

GDPR

General Data Protection Regulation (GDPR) has been adopted by the European Union (“EU”) and applies from May 25, 2018.

Why is GDPR important?

GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:

  • New and enhanced rights for individuals
  • Widened definition of personal data
  • New obligations for processors
  • Potential for significant financial penalties for non-compliance
  • Compulsory data breach notification

Read more about GDPR

EU GDPR Information Portal

ibm.com/GDPR website

...

Product Configuration for GDPR

How to configure our offering such that it could be used in a GDPR environment?

User configuration

After deployment and installation of DataPower Operations Dashboard you will need to become familiar with its role-based access control. By default, DataPower Operations Dashboard uses internal users and group registries to facilitate the user administration for nonproduction scenarios.

Restrict the creation of internal users by using a Lightweight Directory Access Protocol (LDAP) user registry. In the external registry, assign users to groups and assign groups to roles. When appropriately defined, the access policy controls which users in which roles can access which resources.

...

Review the product recommendations for post installation task that are recommended in hardening installation and to improve the product security such as replacing self-signed certificates, implement SSL Client Authentication with the gateway, and so forth. In each version, this list is updated. Review this documentation after an upgrade.

Management services configuration

After the installation of DataPower Operations Dashboard is complete, you will need to modify and enable the following:

  1. Replace self-signed certificates as they are used for the web console and the REST management service.
  2. Implement SSL Client Authentication with the Gateway Management services (SOAP/REST) to secure data.
  3. If you suspect that that the syslog payload data contains private information, encrypt your drives and file systems.
  4. If you plan to expose DataPower Operations Dashboard web console to API developers that are located on other network segments than your gateways, use the External Web console to avoid granting access through firewalls to the DataPower Gateway network segments.
  5. You should consider separating your DataPower Operations Dashboard installation into production and nonproduction environments and bind only the production gateways to the production DataPower Operations Dashboard installation to minimize access to personal data.
  6. You should consider using masked data in nonproduction environments in case you execute transactions based on data originated from production environments.
Transaction services configuration

After the installation of the DataPower Operations Dashboard is complete, you will need to configure each gateway (known as monitored device) from the DataPower Operations Dashboard web console. The configuration requires that you provide a privileged user to access and configure the gateway.

...

If you offload any data from DataPower Operations Dashboard, encrypt them as they might contains personal data.

...

Data Life Cycle

What is the end-to-end process through which personal data go through when using our offering?

User Accounts

DataPower Operations Dashboard provides access to the management of Users, Groups and Role-Based managed security mechanism via its Manage and Security options. This can be done when managing users using DataPower Operations Dashboard internal database registry. It is not available when LDAP is the selected option for managing those users.

Avoid using the local user registry, and use instead LDAP repositories to manage your users.

System Logs

Personal data, including IP addresses, session IDs, user IDs, webpage URLs, and cookie names, can exist in system logs. DataPower Operations Dashboard collects and logs IP addresses, user and system names, and other unstructured data.

...

The data will be stored in DataPower Operations Dashboard database until the database is full, while old entries are purged automatically.

...

Data Storage

How can the client control the storage of personal data?

Storage of account data

You can backup DataPower Operations Dashboard software, static configuration, and user configuration data in the DataPower Operations Dashboard database by using internal scripts. When you provide the destination for the backup file, you need to make sure that it is located in a protected area. For more information please refer to the documentation here.

...

Data Access

How can the client control access to personal data?

Security Roles

Security roles are used to provide a way for the administrator to filter the view that users have of the system. Administrators can use the roles to filter out data from user's view by devices, domains, services, client IP addresses, payload, and more. Filtering provides users with insights to only the parts of the system that they are allowed to access.

...

  • The web console that is controlled by DataPower Operations Dashboard access control.
  • Directly by the system administrator to files that should be controlled by the client by using proper policies of credential keeping, firewall access, and physical access to the offering servers. The administrator has the following access: readaccess, writeaccess, update_access.
Separation of duties

Separation of duties can be applied by using the security roles that are both built-in and custom.

Privileged Administrators

Administrator access can be filtered by IPs, but client should enforce network access management such as firewalls and network segment separation. Customers should pay attention to the ability to access the CLI level using SSH.

Activity logs

Access logs to the web console are generated by the offering. However, system admins with CLI access can delete these files.

...

Data Processing

How can the client control processing of personal data?

DataPower Operations Dashboard cannot anticipate which data is personal data and which data is generated from the processing of the transactions. If transactions contain personal data, the client must properly identify this type of data and to protect this data if transferred off of DataPower Operations Dashboard.

...

Data Deletion

How can the client control the deletion of personal data?

DataPower Operations Dashboard cannot anticipate which data is personal data and which data is generated from the processing of the transactions. If transactions contain personal data, the client must properly identify this type of data in order to delete it. Once the data has been identified, client should perform the following steps to ensure complete removal of the data from the DataPower Operations Dashboard:

  1. Locate and replace or delete system log files that contain information that is identified as personal data.
  2. Locate transactions that contain personal data using Raw Messages dashboard and delete all transactions with personal data.
  3. Delete all exported data such as Backups, Reports, and all other offloaded data that might contain personal data.
  4. Delete entire data according to its type (Syslogs, payloads etc.)

...

Data Monitoring

How could the client monitor the processing of personal data?

  • DataPower Operations Dashboard does not monitor log files.

...

DataPower Operations Dashboard cannot monitor the processing of personal data in specific beyond the overall health monitoring of the offering. DataPower Operations Dashboard contains internal health monitoring and alerts to monitor its component health. However, this monitoring does not monitor the DataPower Operations Dashboard system logs.

...

Capability for restricting Use of Personal Data

Will your customers be able to address Data Subject requests from their customers?

DataPower Operations Dashboard meets the following data subject rights: right to access, modify, forgotten, and portability.

...