IBM DataPower Operations Dashboard considerations for GDPR readiness
For PID(s): IBM DataPower Operations Dashboard
- 5725-T06 IBM DataPower Gateway
Notice:
This document is intended to help you in your preparations for GDPR readiness. It provides information about features of IBM DataPower Operations Dashboard that you can configure, and aspects of the product’s use, that you should consider to help your organization with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Table of Contents
- GDPR
- Product Configuration for GDPR
- Data Life Cycle
- Data Storage
- Data Access
- Data Processing
- Data Deletion
- Data Monitoring
- Capability for restricting Use of Personal Data
Note: The links to the DataPower Gateway Knowledge Center in this document are for version 7.6. If you are using a different version, use the "Change version" option in IBM Knowledge Center to change to the appropriate version of the topic.
GDPR
General Data Protection Regulation (GDPR) has been adopted by the European Union (“EU”) and applies from May 25, 2018.
Why is GDPR important?
GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:
- New and enhanced rights for individuals
- Widened definition of personal data
- New obligations for processors
- Potential for significant financial penalties for non-compliance
- Compulsory data breach notification
Read more about GDPR
Product Configuration for GDPR
How to configure our offering such that it could be used in a GDPR environment?
User configuration
After deployment and installation of DataPower Operations Dashboard you will need to become familiar with its role-based access control. By default, DataPower Operations Dashboard uses internal users and group registries to facilitate the user administration for nonproduction scenarios.
Restrict the creation of internal users by using a Lightweight Directory Access Protocol (LDAP) user registry. In the external registry, assign users to groups and assign groups to roles. When appropriately defined, the access policy controls which users in which roles can access which resources.
Starting with DataPower Operations Dashboard v1.0.8, the management of local users is disabled as it is not supported in production environments because it is a less secured practice.
Restrict the admin
group to the specific IP addresses in product configuration and firewalls and protect its credentials.
Review the product recommendations for post installation task that are recommended in hardening installation and to improve the product security such as replacing self-signed certificates, implement SSL Client Authentication with the gateway, and so forth. In each version, this list is updated. Review this documentation after an upgrade.
Management services configuration
After the installation of DataPower Operations Dashboard is complete, you will need to modify and enable the following:
- Replace self-signed certificates as they are used for the web console and the REST management service.
- Implement SSL Client Authentication with the Gateway Management services (SOAP/REST) to secure data.
- If you suspect that that the syslog payload data contains private information, encrypt your drives and file systems.
- If you plan to expose DataPower Operations Dashboard web console to API developers that are located on other network segments than your gateways, use the External Web console to avoid granting access through firewalls to the DataPower Gateway network segments.
- You should consider separating your DataPower Operations Dashboard installation into production and nonproduction environments and bind only the production gateways to the production DataPower Operations Dashboard installation to minimize access to personal data.
- You should consider using masked data in nonproduction environments in case you execute transactions based on data originated from production environments.
Transaction services configuration
After the installation of the DataPower Operations Dashboard is complete, you will need to configure each gateway (known as monitored device) from the DataPower Operations Dashboard web console. The configuration requires that you provide a privileged user to access and configure the gateway.
Create a dedicated user and grant only the privileges that you want DataPower Operations Dashboard to perform.
After a gateway is added to the DataPower Operations Dashboard management list, all transaction information starts to be pushed to DataPower Operations Dashboard. By default, DataPower Operations Dashboard does not configure the syslog log targets on the DataPower Gateway to push data over a secured connection. You must configure these required steps manually.
Payload capture is disabled by default. Do not enable this feature in the DataPower Gateway, and do not configure the WS-Management Agent on a monitored device level in the DataPower Gateway. If a DataPower Operations Dashboard administrator configures the capture of payloads, this data is pushed to DataPower Operations Dashboard over an unsecured transport, and it is not encrypted at rest in DataPower Operations Dashboard.
If you still want to capture payload data for limited time for debug purposes ensure the following setup:
- Your disks and file system are encrypted.
- Enable specific domain in your DataPower Gateway to be able to capture payload.
- Create a capture subscription for a limited time (for example 5-10 minutes) and for a specific DataPower Gateway domain.
- Review and adjust DataPower Operations Dashboard user's custom role to grant only those required to see payloads.
- Keep payload for the shortest time possible in order to minimize risks.
- Enable auto-delete of payloads and and set a threshold of a few minutes.
- Delete all payload data after you finish your troubleshooting.
If you offload any data from DataPower Operations Dashboard, encrypt them as they might contains personal data.
Data Life Cycle
What is the end-to-end process through which personal data go through when using our offering?
User Accounts
DataPower Operations Dashboard provides access to the management of Users, Groups and Role-Based managed security mechanism via its Manage and Security options. This can be done when managing users using DataPower Operations Dashboard internal database registry. It is not available when LDAP is the selected option for managing those users.
Avoid using the local user registry , and use instead LDAP repositories to manage your users.
System Logs
Personal data, including IP addresses, session IDs, user IDs, webpage URLs, and cookie names, can exist in system logs. DataPower Operations Dashboard collects and logs IP addresses, user and system names, and other unstructured data.
Messages in log files are captured automatically as part of the offering but can be controlled by the client. Log files are retained on disk. Log files cannot be modified but can be deleted. Log files are readily available for your review and monitoring.
Information about system logs and error reports is documented in the DataPower Gateway Knowledge Center. * For additional details about log files, see Log files.
- For additional details about error reports, see Error reports.
Data is collected from the DataPower Gateway as it is captured through the different interfaces (XML management, syslog log target, WS-Management Agent) and processed by DataPower Operations Dashboard. DataPower Operations Dashboard can divide the data in unstructured and structured data.
- Structured data is the IP addresses and potential user names that identified the transactions.
- Unstructured data is the payload associated with that logging information.
After the transactions are processed, they are stored in DataPower Operations Dashboard databases for analysis. This data is accessible depending on the DataPower Operations Dashboard user roles
The data will be stored in DataPower Operations Dashboard database until the database is full, while old entries are purged automatically.
Data Storage
How can the client control the storage of personal data?
Storage of account data
You can backup DataPower Operations Dashboard software, static configuration, and user configuration data in the DataPower Operations Dashboard database by using internal scripts. When you provide the destination for the backup file, you need to make sure that it is located in a protected area. For more information please refer to the documentation here.
Data Access
How can the client control access to personal data?
Security Roles
Security roles are used to provide a way for the administrator to filter the view that users have of the system. Administrators can use the roles to filter out data from user's view by devices, domains, services, client IP addresses, payload, and more. Filtering provides users with insights to only the parts of the system that they are allowed to access.
There are two types of security roles available with DataPower Operations Dashboard.
- Built-in roles that DataPower Operations Dashboard itself uses. These roles cannot be added, deleted, or modified.
- Custom roles that are defined by the DataPower Operations Dashboard administrator. These roles can be added, deleted, or modified by a DataPower Operations Dashboard administrator.
Data can be accessed in two main ways.
- The web console that is controlled by DataPower Operations Dashboard access control.
- Directly by the system administrator to files that should be controlled by the client by using proper policies of credential keeping, firewall access, and physical access to the offering servers. The administrator has the following access: readaccess, writeaccess, update_access.
Separation of duties
Separation of duties can be applied by using the security roles that are both built-in and custom.
Privileged Administrators
Administrator access can be filtered by IPs, but client should enforce network access management such as firewalls and network segment separation. Customers should pay attention to the ability to access the CLI level using SSH.
Activity logs
Access logs to the web console are generated by the offering. However, system admins with CLI access can delete these files.
Data Processing
How can the client control processing of personal data?
DataPower Operations Dashboard cannot anticipate which data is personal data and which data is generated from the processing of the transactions. If transactions contain personal data, the client must properly identify this type of data and to protect this data if transferred off of DataPower Operations Dashboard.
Data Deletion
How can the client control the deletion of personal data?
DataPower Operations Dashboard cannot anticipate which data is personal data and which data is generated from the processing of the transactions. If transactions contain personal data, the client must properly identify this type of data in order to delete it. Once the data has been identified, client should perform the following steps to ensure complete removal of the data from the DataPower Operations Dashboard:
- Locate and replace or delete system log files that contain information that is identified as personal data.
- Locate transactions that contain personal data using Raw Messages dashboard and delete all transactions with personal data.
- Delete all exported data such as Backups, Reports, and all other offloaded data that might contain personal data.
- Delete entire data according to its type (Syslogs, payloads etc.)
Data Monitoring
How could the client monitor the processing of personal data?
- DataPower Operations Dashboard does not monitor log files.
DataPower Operations Dashboard provides many dashboards to explore and search the information that is being captured. However, this offering primarily gathers unclassified data, for there is no way to anticipate whether the log data contains personal data.
DataPower Operations Dashboard cannot monitor the processing of personal data in specific beyond the overall health monitoring of the offering. DataPower Operations Dashboard contains internal health monitoring and alerts to monitor its component health. However, this monitoring does not monitor the DataPower Operations Dashboard system logs.
Capability for restricting Use of Personal Data
Will your customers be able to address Data Subject requests from their customers?
DataPower Operations Dashboard meets the following data subject rights: right to access, modify, forgotten, and portability.
- For additional information about managing local user accounts, user groups, and access rights, see here.
The customer is responsible for meeting data subject rights through their database application logic and business processes.