WebSphere eXtreme Scale considerations for GDPR readiness
Consider information about WebSphere® eXtreme Scale features that you can configure and aspects of product use so that you can prepare your organization for General Data Protection Regulation (GDPR) readiness.
For PID: 5724-X67
Notice:
This document is intended to help you in your preparations for GDPR readiness. It provides information about features of WebSphere eXtreme Scale that you can configure, and aspects of the product's use, that you should consider to help your organization with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients may need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Table of Contents
GDPR Overview
General Data Protection Regulation. The GDPR has been adopted by the European Union ("EU") and applies from May 25, 2018.
Why is GDPR important?
GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:
- New and enhanced rights for individuals
- Widened definition of personal data
- New obligations for companies and organizations handling personal data
- Potential for significant financial penalties for non-compliance
- Compulsory data breach notification
Read more about GDPR:
Product Configuration - Considerations for GDPR Readiness
The following sections provide considerations for configuring WebSphere eXtreme Scale to help your organization with GDPR readiness.
Configuration to support data handling requirements
In order to prevent unauthorized access of data, WebSphere eXtreme Scale must be configured to enable grid authorization and transport layer security (TLS).
Configuring secure transport types:
Disk overflow can be used to persist data to disk. If disk overflow is configured, the data should be encrypted by the application and/or disk encryption should be enabled. Additionally, proper system access control should be used to prevent unauthorized access to data at the filesystem level.
Configuration to support Data Privacy
WebSphere eXtreme Scale does not process user data and, therefore, does not disseminate it.
Configuration to support Data Security
Please refer to previous information about data handling.
Data Life Cycle
There are two types of users who access a WebSphere eXtreme Scale environment: administrators who manage WebSphere eXtreme Scale data grids, and users of applications who access WebSphere eXtreme Scale data grids. Administrators generally are configured to login with their business, not personal accounts. Data collected from administrators may include user ID, password, and audit trail of administration actions that may include IP addresses, and administrative interfaces, parameters, and results. Data may be persisted in logs files, and audit logs, and are generally required for security audit and forensic analysis.
Users who access WebSphere eXtreme Scale data grids may be configured to login with their own personal accounts. Personal data collected by applications are defined by the application, and it is the responsibility of the application to comply with GDPR. However, during the normal course of running the application, personal data may be captured by the WebSphere eXtreme Scale infrastructure, and additional configurations may be needed to ensure compliance with GDPR. For example:
- WebSphere eXtreme Scale logs and traces may capture personal data as a side effect of writing logs for diagnostic purposes.
- Java memory dumps may contain personal data stored in memory.
- Security audit logs may contain IDs and IP addresses of users.
- User data stored in a data grid can be configured to overflow to disk.
Applications may collect and store user data in a data grid. It is up to the application to manage the data lifecycle. Techniques for managing the life cycle of data stored in a data grid include:
- Configuring eviction
- Using client APIs for manual deletion
Personal data used for online contact with IBM
WebSphere eXtreme Scale clients can submit online comments/feedback/requests to contact IBM about WebSphere eXtreme Scale subjects in a variety of ways, primarily:
- Public comments area on pages in the WebSphere eXtreme Scale community on IBM Developer
- Public comments area on pages of WebSphere eXtreme Scale documentation in IBM Knowledge Center
- Public comments in the WebSphere eXtreme Scale space of dWAnswers
- Feedback forms in the WebSphere eXtreme Scale community
Typically, only the client name and email address are used, to enable personal replies for the subject of the contact, and the use of personal data conforms to the IBM Online Privacy Statement.
Data Collection
WebSphere eXtreme Scale collects operational logs and trace for service purposes which are persisted to disk as described in the #xc10_gdpr__datalifecycle section. Java memory dumps can also collect operational state and information about customer applications and WebSphere eXtreme Scale itself.
Considerations for managing this data are given in the following sections.
Data Storage
When using the WebSphere eXtreme Scale XSLD feature, user identity data may be stored in an integrated database. Standalone WebSphere eXtreme Scale can be configured to use a JAAS login module which is read only.
To protect access to this information, consider the following actions:
- Prefer an external user registry that enforces password and auditing policies such as LDAP.
- Do not use a personal account when configuring access to external resources.
- Do not create administrative or operational accounts where personal information is stored. Use business accounts that do not contain personal information.
Data may be persisted in logs files, and audit logs, and are generally required for security audit and forensic analysis.
- WebSphere eXtreme Scale logs and traces may capture personal data as a side effect of writing logs for diagnostic purposes.
- Java memory dumps may contain personal data stored in memory.
- Security audit logs may contain IDs and IP addresses of users.
In general, it is recommended that data that may be captured as a side effect of using the WebSphere eXtreme Scale infrastructure be kept with a retention period just long enough for the business purpose of capturing such data, such as problem diagnosis, or security audit. When the data is no longer required it should be purged from the system. A maximum number of 10 rotating logs with a log file size of 20M are retained per JVM (200M when using XSLD). These log files can be manually deleted.
Additional efforts may also be undertaken to reduce the access to personal information by:
- Encrypting log files: file system level, per-file level, or upon archival. (This capability would be provided by the underlying system resources, not by WebSphere eXtreme Scale.)
- Sanitizing captured logs and audit records before they are archived, or sent to WebSphere eXtreme Scale support.
- Protecting Java artifacts such as memory dumps.
Protection
Disk overflow can be used to persist data to disk. If disk overflow is configured, the data should be encrypted by the application and/or disk encryption should be enabled. Additionally, proper system access control should be used to prevent unauthorized access to data at the filesystem level.
Data Access
WebSphere eXtreme Scale operational data might contain some personal information such as user IDs or network addresses. WebSphere eXtreme Scale operational data can be accessed through a defined set of product interfaces, some of which are designed for access through a remote connection, and others for access through a local connection. Access can also be obtained by direct access to the system resources on which WebSphere eXtreme Scale is running.
The interfaces can be secured, such that a user must first be authenticated and then checked for authorized roles before obtaining access to data.
Network communication for remote connections can be encrypted by using TLS.
Operational logs and trace might be read by product support personnel.
Consider the roles of operational and support staff. Limit their access to data so they do not have wider access than their roles require.
If transmitting log and trace files to IBM or other product supporters, consider sanitizing them for sensitive data prior to transmission.
Customer applications might write data into WebSphere eXtreme Scale logs. If this is the case, protect the logs as appropriate for the type of data being written.
At the operating system level, consider restricting access to the system and permissions to WebSphere eXtreme Scale files. Consider using operating system level logging and auditing capabilities to track security events that occur on the operating system, because WebSphere eXtreme Scale logs and data can be accessed directly from the operating system.
Data Processing
It is the responsibility of applications using WebSphere eXtreme Scale to provide the ability for clients to control how their personal data is processed. In addition to application capabilities, consider use of encryption and access controls to protect personal data in motion and at rest.
Encryption in motion
- Encrypted communication protocols (HTTPS) can be used to encrypt communication between WebSphere and support staff or end users.
- Access to private encryption keys should be tightly controlled.
- Configuring secure transport types
Encryption at rest
- Log and trace files can be kept on an encrypted volume or directory. (This capability would be provided by the underlying system resources, not by WebSphere eXtreme Scale.)
- Applications that store personal data can encrypt it before sending it to a data grid.
- Access to private encryption keys should be tightly controlled.
Data Deletion
WebSphere eXtreme Scale is used by customer applications. The data these applications collect and how that data is deleted is determined by the applications themselves.
Applications can make use of WebSphere eXtreme Scale eviction capabilities to control data retention.
Data may also be removed through manual deletion via programming APIs.
Some personal data might be recorded in the operational logs produced by WebSphere eXtreme Scale, as well as any memory dumps. Limit retention of such data to just long enough for the business purpose of capturing such data, such as problem diagnosis, or security audit, such that data is automatically purged beyond the retention period.
Right to erasure
Article 17 of the GDPR states that data subjects have the right to have their personal data removed from the systems of controllers and processors - without undue delay - under a set of circumstances.
Data Monitoring
WebSphere eXtreme Scale is used by customer applications. The data these applications collect and how data is monitored are the responsibility of the applications.
Responding to Data Subject Rights
Will your customers be able to address Data Subject requests from their customers?
The following rights should be considered when developing applications that use WebSphere eXtreme Scale. It is recommended that the user IDs used to administer WebSphere eXtreme Scale be business IDs not containing any personal information.
Customers should consider the following data access rights: