Data Fabric and Z Series- Part 1: Protecting sensitive data while providing self-service on Db2 for z/OS
Today, most of large organizations continue to rely on System Z to run their business critical systems because System Z offers extraordinary performance, reliability and security. Thus, there is a vast amount of data including application data and operational data generated on System Z every day. However, majority of these data sitting on Z stay unused and haven’t yield important insights as “new” data from Cloud.
Can data on System Z, historic and current be made available in the same way or better combined with data from cloud? Can business users derive values from System Z directly without compromising data privacy and security? With IBM’s Data Fabric platform — IBM Cloud Pak for Data you can have it all. Building on top of IBM Cloud Pak for Data, the solution contains several steps, as depicted in the following diagram:
Personal Information Protection
In order to be compliant with data privacy laws like GDPR or CCPA, data protection rules need to be put in place at first. In Cloud Pak for Data 4.0, users can define data classification for personal information and data protection rules for protection protocols.
Administrators can define personally identifiable information as classification.
Administrators can define data protection rules with a few simple clicks. Redact or obfuscated data when the corresponding conditions are triggered. Please see examples as below.
Discover and classify data on Db2 for z/OS
With data protection protocols being defined, administrators can define a connection to Db2 for z/OS and run discovery jobs to automatically classify the data. If any column is recognized as personal information, the data will be protected as defined in the data protection rules when users access to it.
The administrator can create a connection to a Db2 for z/OS system.
Administrators decide what tables in Db2 for z/OS systems to be chosen and start discovery jobs.
After the discovery job completes, the data assets are published to the catalog and the columns are tagged with corresponding classifications. As you can see in the screenshot below. The column “ADDRESS” is recognized as US Street Name. In the next section, you will see when users besides the data owner preview the assets, the rule is automatically enforced.
Shop for Z Data
Now business users can access the catalog and search the data assets that fit their purpose. In this example, log on Cloud Pak for Data as test-user and search “User” table in the catalog. CREDITUSERS is shown as below.
When the user click “Asset”, the protection rules are applied as shown below.
When data masking completes, Person, Address and Zip code are all masked by predefined rules. Then, users can add data asset to a target project for further analysis.
Users can visualize the data to find relevant information to answer questions like — at what age people choose to retire? Will they change their buying behaviors or investment preference? which states pay highest salaries? Which financial product should be recommended based on their location?
Conclusion
We are now living in an era of data explosion. Every business possesses a huge amount of data. Whether or not enterprise can derive value from these data becomes a key factor in the longevity and competitiveness of every business. Hence, that surges the demand for data democratization, which means everyone has access to data for better decision making and improved operational efficiency. However, it requires Enterprise to pay even more attention to governance and security.
I hope this post has given you some ideas on how you can get more to access the most valuable data on System Z while also keeping it safe and make sure it is used in an appropriate way.
