Defend Your Data with IBM Access Management

Data is the collected knowledge and operational lifeblood of organizations—the central resource required to fulfill virtually all services, suggest and develop all strategies and evaluate business success or failure. Data must therefore be protected from the complete range of threats as comprehensively as possible, and at every stage of its lifecycle.

Many complexities, however, combine to make that goal difficult to achieve. Among others, consider:

• The total volume of data is rapidly increasing. Studies suggest, in fact, that at many organizations data volume doubles every 18 to 24 months.
• Data is distributed in more ways, across an increasingly complex infrastructure, than ever before.
• Data increasingly is delivered through new services extended via the Web to clients and customers—but is also, as a result, exposed to more potential threats.
• Policies that govern data access rights are becoming more numerous, more complex and more costly to manage.
• Government regulations increasingly specify how sensitive client data should be managed.

Leveraging data for best business value requires organizations to solve these and other related problems. And for most organizations, the ideal strategy would be to solve them by extending an existing security infrastructure in new directions, rather than increase overall complexity by implementing separate security domains, processes, and solutions.

Fortunately, the IBM Tivoli access management portfolio can help accomplish exactly that. These solutions are modular, and can be combined to create a customized security architecture designed to fulfill an organization's specific needs.

The result? Organizations can secure their data more comprehensively and proactively than ever before, substantially diminishing the risks that it will be accessed by unauthorized individuals, copied or modified inappropriately or illegally. And that means, instead, that data can safely be utilized to create value in new ways—ultimately strengthening the business bottom line.

Provide data access based on business contexts

In today's complex organizations, which utilize data for an ever-increasing range of functions, access management can imply an extraordinarily wide range of different contexts.

A healthcare organization, for example, will often divide its total data volume into logical domains, based on business functions, and then apply access management in a different way within each one. The data it shares with insurance companies (such as invoices and transaction records) will differ from the data it receives from healthcare providers and partners (such as medical records), which will in turn differ from the data it shares with government agencies (concerning compliance with health-related regulations such as HIPAA). Clearly, each area requires different access policies, multiplying overall complexity.

IBM Tivoli access management solutions can simplify the challenge of creating and enforcing access rights in such a situation in two basic ways. The first, data entitlement management, gives organizations exceptionally fine control over the policies used to determine who can access what, how, and to what extent. The second, federated access control, extends access control beyond organizational walls to facilitate secure and appropriate access by different users to information contained in multiple security domains.

Using IBM Tivoli security solutions, organizations can create a scalable, extensible and centralized access management platform they can apply in different ways to meet the demands of the business—no matter how many logical clusters of data they may have.

Lock down the data center

As the heart of enterprise IT operations, data centers are also a central repository of data. And today, that data is more diverse in nature, stored in more ways across more systems, and besieged by more threats than ever. Both external threats such as malware and internal threats such as abuse by privileged insiders must be fended off, if that data is shielded comprehensively.

IBM Tivoli access management solutions can help. Among other important capabilities, for instance, consider centralized management of the keys used to encrypt data. By centrally and securely storing and managing these keys across the full span of their lifecycles, organizations can make it much harder for attackers to compromise data—even if they can get the data, they can't read it.

Privileged user access control can substantially reduce the possibility that trusted insiders can take advantage of the high-level access that comes with their job duties. Database activity monitoring and enforcement can automatically and continually watch database transactions, using predefined policies to detect suspicious activity and then prevent it from creating a business impact. And network intrusion prevention delivers similar value for the infrastructure as a whole, as applied against external threats such as profit-motivated hackers.

Secure all data, at every phase of the lifecycle

One of the best ways to maximize data security is to create a closed loop of improvement, in which a repeating cycle of events ensures that data security becomes increasingly optimized over time. And to deliver best value, it's also important for that cycle to address all three classes of data: data in current use, data in motion over the network and data at rest in storage.

IBM security solutions can be orchestrated to create just such a closed loop. They do so by addressing and enhancing all five phases of the data lifecycle:

• Discovery and classification: Data is discovered in the infrastructure and classified based on business context.
• Model and define policies: Security policies are created to safeguard the data in appropriate ways.
• Issue and manage user rights: As users come onboard, or their roles change, their access rights are specified correspondingly.
• Protect and enforce access: The policies and rights previously defined are enforced in daily operations.
• Monitor, audit and report: The success or failure of the security implementation is evaluated in specific ways, with respect to both internal security protocols and external regulations. Improvements are suggested as a result, and the cycle begins again.

Modular tools for a customized security solution

IBM's full-featured, best-in-class suite of access management and general security solutions can be combined modularly to create a tailored access management architecture capable of achieving these and other goals.

IBM Tivoli Data and Application Security. Get end-to-end protection of data via fine-grained management of user privileges at the application level, centralized entitlement for data-level access control, real-time user monitoring and audit reporting, centralized encryption key management and many other features.

IBM Tivoli Security Policy Manager. This solution enhances an organization’s data security posture by enabling data access only on a need-to-know basis. It allows organizations to create and manage policies centrally, even when they span different solutions and operational domains, thus generating a faster, more consistent response to changing conditions and improving overall security.

IBM Guardium (link resides outside of ibm.com). Database security is the focus of these offerings, which monitor databases for suspicious activity in real time, enforce change control policies, block unauthorized modifications and generate customizable compliance reports.

IBM Security Network Intrusion Prevention System. Organizations can utilize this to continually scan the infrastructure looking for breaches, then block them swiftly and effectively—or even prevent them from occurring in the first place. A wide variety of different attack vectors are addressed, including malware, scripting attacks and protocol tunneling.

• IBM Security Overview
• IBM Tivoli Data and Application Security
• IBM Tivoli Security Policy Manager
• Guardium
• IBM Security Network Intrusion Prevention System

Recent Articles

• Proactively Protect Your Infrastructure with IBM Security Network IPS

  Jun 15

• IBM Delivers Smarter Security for a Smarter Planet

  Jun 08

• Provide Secure Access for Web Applications and Portals with IBM

  Jun 01

• Innovate 2010: Jump-Start Service Design and Delivery

  May 25

• IBM Fulfills the Promise of Long Term Evolution

  May 18

• Make Your Buildings Smarter with IBM Asset Management

  May 11

• Orchestrate and Simplify Workloads for IBM System z

  May 04

• Provision Your Way to Better Service Management with IBM

  Apr 27

• Lock Down Mainframe Services with IBM Security

  Apr 13

• IBM Empowers Service Providers with Customer-Aware Service Desks

  Apr 06

• Browse full Tivoli Beat archive

Attend sessions, breakouts and demos and find Pulse assets full of hints and tips, user experiences and key technical content that you can't get anywhere else.

Register today!

Protect data and applicatons via auditable access controls, fine-grained entitlements and encryption key management

View the demo

Leverage and contribute to the collective wisdom around Tivoli

Engage the community