Standing in the Middle of the Seesaw: Simultaneously Protecting and Sharing Sensitive Information
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  ibm security infosphere redaction data guardium
0 Comments | 1,992 Visits
It seems that we can’t go more than a day or two without hearing another story about data loss. Whether it is the result of an insider threat or an external attacker, being able to protect your data has never been more important. However, this has also got to be a balancing act. We can’t respond to these events by just hardening all of our security controls to the point where we are introducing ridiculous operational inefficiencies. Yes, we need to have embedded the proper security controls, but we also need to make sure that these controls are designed with the end user in mind. Great security should enable people to move faster without having to look over their shoulder every two seconds. When we talk about being able to innovate with confidence, that’s what we’re talking about.
The protection of data and information is one of the core components of the IBM Security Framework, and IBM Infosphere Guardium was recently recognized as the world leader when it comes to database auditing and real-time threat detection. InfoSphere Guardium also offers security solutions beyond just structured data (database protection), and today, we are thrilled to announce some important enhancements to the IBM Infosphere Guardium Data Redaction product line, a solution that automatically redacts, or blacks out, text or information from unstructured data (PDF, TIFF, and Microsoft Word).
The importance of being able to redact sensitive information from documents is pretty obvious. Think about healthcare for just a second. Doctors probably don’t need to see all of your financial information and the finance department probably has no business knowing why you’re in the doctors office to begin with. As such, you need to be able to control who has access to what and when.
However, data redaction has some interesting challenges associated with it. Because of compliance regulations, often times the original, unaltered records, need to remain in the database untouched. However, different pieces of the record need to be viewed by different roles. For example billing staff, doctors, and account representatives each need to see different pieces of information. Coming up with redacted views for each role is difficult.
Some organizations have approached redaction manually, going through documents one-by-one with a handy permanent marker. I don't really think I really need to say much about the reliability or scalability of this approach. Other automated solutions will just drop a black box over information and create a multi-layered document. However, this isn't a properly designed redaction solution. Curious users can get around this by copying the blacked out text to any text editor. Yes, that actually works in some cases. The advantage that IBM Infosphere Guardium Data Redaction boasts is that it's automated/scalable, it's accurate, and it creates single layer documents to make it impossible to grab the original text.
Ok, but back to where we started. Back to security enabling people. Back to today’s announcement. The reality is that data redaction is a total pain. Well, I should say, WAS, a total pain. That is until today’s announcement of Secure Viewer. Secure Viewer is an addition to IBM Infosphere Guardium Data Redaction that, in real-time, allows privileged users to gain access to the information they need to do their job.
It’s probably easiest to explain the product’s benefit if I take you through a quick scenario. Let’s say we have a physician working with a pharmaceutical company to identify candidates for a new drug. Due to security and privacy concerns, the names of the patients in the documents the physician and pharmaceutical company are viewing and discussing have been redacted. However, the physician has been given the privileges to view patient names should he need to. Lets say the physician finds a perfect candidate and wants to begin treatment immediately.
Let’s go through the process he had to go through yesterday:
1) Physician calls records management department to request a new view of the document showing the patient’s name
2) Physician experiences a delay while he waits for records management department to respond
3) Physician explains which records are required and which data are needed
4) Records management team validates physician’s credentials
5) Newly redacted document is finally sent to the physician
6) Records management staff must manually add report to audit log detailing who, what, when and how redacted data was used
7) Physician attends to patient
Let’s walk through the new process the physician would go through today with secure viewer:
1) In the redacted document right click to view redacted data, provide justification, audit trail updated in real time
2) Physician attends to patient
If you listen closely, you can hear doctors all over the world cheering.
What we are announcing today is not just the successful balancing of security/privacy with ease of use in one our products. It’s a continuation of how IBM Security Solutions views this space. We believe in security that enables you to be better at your job, security that helps you innovate.
For more information about IBM Infosphere Guardium Data Redactor visit us online here.
To learn how Avia UK Health used Infosphere Guardium to achieve PCI and data privacy compliance, click here.