Security solutions

To support your IT objectives

Adopt a unified, holistic approach to a

broad range of data security challenges
with IBM Data Security Services.

Highlights
Balance effective security
with optimized data access to
increase collaboration and ensure
appropriate use

Deploy and manage a

comprehensive data security
solution by leveraging IBM
information security expertise and
proven services methodologies

Enforce data access controls

and encryption requirements at
endpoints, where data is accessed
and used

Take a holistic approach to

preventing data loss with both
network-level and endpoint-level
controls

Monitor and report on security

events throughout the enterprise
to facilitate compliance efforts
and protect against database and
application vulnerabilities

Protecting the valuable data throughout

It is tempting to lock away the orga-

your enterprise is critical. You want to

nizations critical data to keep it safe.

retain the confidence of organizations

But that stifles the ability of employees

and individuals that trust you to protect

to collaborate and innovate. Your

their sensitive data. You want to make

employees need to be able to collabo-

sure that your intellectual property

rate and access data more, not less.

doesnt fall into the hands of someone

Using information you already own in

who isnt authorized to have it. Plus,

different ways helps drive innovations

you need to be able to demonstrate the

that can differentiate your business and

effectiveness of your controls to meet

generate new revenues. Todays busi-

diverse compliance requirements related

ness climate requires a data security

to your industry, country and region, as

solution that encourages collaboration

well as your company policies.

while mitigating the risks associated

with data access.

Many data security policies are

driven by compliance mandates
such as the following:

IBM Data Security Services enable orga-

data in all the places where it resides

nizations to protect data throughout its

throughout your organization. Control

life cycle while in use, in motion and

the perimeter, the thinking goes, and

at rest. IBM offers a full range of data

you control security.

EU Data Protection Directive

security services to help an organization

Health Insurance Portability and

design effective data protection solu-

In todays business environments,

tions and support compliance efforts,

this should not be the only approach.

including access to IBM information

First, effective collaboration includes

Accountability Act (HIPAA)

Personal Information Protection and
Electronic Documents Act (PIPEDA)

security expertise and proven services

data-driven interaction with people and

Gramm-Leach-Bliley Act (GLBA)

methodologies. IBM Data Security

organizations outside your own perim-

Basel II Framework

Services is one of the many entry

eter, which exposes your organization

Sarbanes-Oxley (SOX)

points into IBM security solutions, which

to necessary but increased risk. Lock

Japans Financial Instruments and

help customers establish effective risk

down the perimeter, and you make it

management strategies to manage and

difficult or impossible to collaborate

secure business information and tech-

with business partners or interact with

nology assets, anticipate vulnerabilities

customers in all the ways that drive your

International Organization for

and risk, and maintain timely access to

business forward.

Standardization/International

information. IBM security solutions help

Electrotechnical Commission (ISO/IEC)

organizations align technology with busi-

Beyond the need to readdress the

17799

ness priorities redirecting resources

perimeter, insider threats represent

Breach notification laws

that might otherwise be dedicated to

a major vulnerability that perimeter-

Company-specific mandates

resolving security problems toward inno-

focused protection does not fully

vative initiatives that deliver substantial

address. Although malicious attacks by

value to the business.

insiders are important to prevent, even

Exchange Law (J-SOX)

Payment Card Industry Data Security
Standard (PCI DSS)

unintentional harm caused by careMove beyond perimeter-centric,

less employees or by privileged users

inbound threat protection to point-of-use

overeager about job responsibilities

and outbound data loss prevention

can be substantial.

The traditional view of security thinks

of threats as flowing inward from

Plus, valuable data is not always locked

the perimeter toward your valuable

away in centralized repositories that

can only be accessed by controlled

Use endpoint data protection

To enforce endpoint data loss

remote clients. With the portability of

to control information where it is

prevention controls, IBM helps you

laptops and other mobile devices, data

most commonly accessed

automatically discover and classify data

can quickly and easily travel all over

Because valuable data is increasingly

on the endpoint using the criteria you

the enterprise and beyond.

hosted and used on endpoint devices,

choose. Based on this classification, the

organizations often concentrate their

solutions enforce the data protection

These risks require a different way of

initial data security investments on

policy you establish, whether it is to:

thinking. When you concentrate on

endpoint protection. IBM data secu-

protecting against the outward leakage of

rity solutions leverage encryption

Permit the action.

sensitive data as it flows throughout and

technology and data loss prevention

Block access.

away from your organization, you can:

controls to help protect sensitive data

Encrypt the data.

stored on endpoints, when devices are

Mask sensitive data on view at an applications

Prevent data leakage at its origins the places

where data is accessed and used.
Enable collaboration by allowing for appropriate
use of data.
Facilitate compliance efforts by understanding

powered down or in use. These solutions also help you secure data stored
on external attached storage media
(such as USB storage devices) and
data that are transmitted by e-mail.

end-user interface.
Require users to validate the business reasons
for their data requests.
Notify users of potential risks or policy
violations.

data flows and data use.

IBM offers multiple flavors of encryption

Because data is analyzed as it is

Rather than attacking each problem

that individually and in conjunction with

accessed by applications or users

separately, you can turn to IBM service

each other support a holistic data secu-

your policies account for the context in

professionals to help you establish a

rity approach. Full-disk encryption allows

which data is accessed. For instance,

data security framework and deploy the

you to protect data even when the

you could allow a user to view a file but

solutions your environment requires.

device it is stored on has been lost or

not copy or alter it, based on the files

IBM Data Security Services address the

stolen. Encryption of files, folders, virtual

content, classification, metadata, dispo-

challenges associated with deploying

disks, removable media and shared

sition and other contextual factors.

a comprehensive solution by managing

media helps you protect data while it is

cost and scope, accelerating speed of

being accessed or used on an endpoint.

IBM services for endpoint data protec-

implementation, leveraging IBM informa-

E-mail and instant message encryption,

tion also assist with your efforts to

tion security expertise and eliminating

which extend to attachments, help you

centralize policy and compliance

the need for additional headcount.

prevent against data leakage in case of

management. By enforcing data protec-

message interception.

tion policies on endpoints, managing

IT staff can receive timely alerts if any

and through integration with existing

deviations or tampering are detected

network-centric devices. Even protected

on any endpoint. They can take

information that is passing through

appropriate actions to mitigate the

as an attachment or that has been

risks without disrupting necessary

encrypted can be logged or prevented

business activities. Furthermore, IBM

from going outside your organization,

services for endpoint data loss preven-

in accordance with your data security

tion monitor and record all user access

policy. As necessary, the technology

so that you can build an audit trail.

can identify suspicious activity to your

administrators, empowering them

IBM Data Security Services for

or IBM on your behalf to take the

endpoint data protection leverage

appropriate actions.

encryption technology from PGP

Corporation and data loss prevention

IBM can help you translate and enforce

technology from Verdasys, Inc.

your corporate data management policies. Enterprise content protection

Approach enterprise content

technologies include key policies that

protection holistically

help track common types of protected

For organizations that want to take a

information and support efforts to comply

more comprehensive approach to data

with various regulatory requirements.

loss prevention, IBM can help establish

Policy-description language can be

an enterprise content protection frame-

used to look for individual data identi-

work. To support the solution, IBM can

fiers, such as credit card data, that may

also deploy the appropriate combination

violate regulations, including PCI and

of network and endpoint data leakage

other privacy regulations. IBM enterprise

solutions for the environment, using a

content protection solutions also help you

proven implementation methodology.

prevent design information, source code

and other types of intellectual property

Before outbound data passes through

from going outside your network.

the network perimeter, the networkfocused solutions analyze network traffic

Certain types of network behavior, such

on the wire (in-band or out-of-band)

as peer-to-peer networking, expose

Rely on IBM services to support

your data security needs
Every organization has its own security priorities, its own preferences about what kinds of
security it will take on itself and which kinds
it prefers to outsource, and its own business
processes and environments that need to be
integrated with security solutions. That is why
IBM services are designed not only to address
every phase of developing and maintaining
data security solutions, but also to meet your
particular requirements and priorities.
IBM security services integrate risk assessment, design, planning, deployment,
documentation, technology, education and
managed services. They assist you in blending
market-leading services, technologies and
security intelligence into a single solution that
can be used when, where and how you need
it. You choose how you want the technology
managed outsourced, in house or a
combination of both. As a result, you can align
security technology to address evolving business requirements more strategically.

organizations to unnecessary secu-

IBM provides a comprehensive set of

Employees who are granted authority

rity risks. Consequently, IBM services

services to address key compliance

to handle business-critical information

are designed to spot use of these

requirements, including managed data-

to perform their core job responsibilities

dangerous protocols and control

base scanning, log management and

represent a significant threat. To support

them by blocking the traffic, throttling

user activity monitoring. Customized

compliance initiatives, privileged users

the bandwidth that these technologies

solutions use established, regulation-

activities must be tracked so you

consume or alerting administrators

specific policy templates to help

know if they decide to act maliciously

about them, so that they can take

customers improve visibility into each

or unintentionally mishandle data.

appropriate actions.

area of potential exposure within their

enterprises.

IBM solutions help your organization

IBM Data Security Services for enterprise

properly balance the need to let privi-

content protection leverage technology

Meeting compliance requirements

leged users perform their jobs and the

from Fidelis Security Systems, Inc.

particularly when you face multiple

need to have visibility into their actions,

for network data loss prevention and

audit types can require a significant

including alerts when those actions

Verdasys, Inc. for endpoint data loss

manual effort to collect and protect

violate your data security policies. IBM

prevention. The technologies together

information across heterogeneous

services enable you to set up policies

deliver integrated network and endpoint

resources. IBM services help you

to identify when potential violations

data loss prevention.

improve your compliance posture by

occur and alert administrators about

regularly assessing the security of

noncompliant activities, which allows

Monitor and report on activity compliance

your databases. As a complement,

them to perform further investigation.

The pressures of regulatory compliance

IBM provides an automated monitoring

are pushing organizations toward more

solution for collection of user activity

To get started with database vulner-

established and accountable security

and events from databases, operating

ability management, leading security

measures. As a result, it is becoming

systems, applications, mainframes,

experts from IBM can help you assess

increasingly clear how important

security devices and network devices.

which databases need to be covered,

it is to implement a best-practices

Using this centralized and normal-

how often they should be checked and

methodology for managing database

ized information, the solutions offer

under what circumstances you should

vulnerabilities and monitoring the activi-

direct visibility to database security

ask users to remediate their own activi-

ties of privileged users.

posture and user activity for forensic

ties or when administrators should

investigation. Supporting reports are

be alerted to take appropriate action.

preformatted to meet many major

regulations and auditor requests.

IBM Data Security Services for activity

your organization contact your IBM

compliance monitoring and reporting

representative or IBM Business Partner,

leverage IBM Tivoli Compliance

or visit ibm.com/itsolutions/security

Insight Manager to provide visibility

into your organizations security compli-

About IBM solutions for enabling IT

ance posture through automated,

governance and risk management

enterprise-wide user activity monitoring.

IBM enables IT organizations to support

Additionally, these services use database

governance and risk management

vulnerability management technology

by aligning IT policies, processes

from Application Security, Inc.

and projects with business goals.

Organizations can leverage IBM

For more information

services, software and hardware to

IBM provides a full range of solutions

plan, execute and manage initiatives

to help you address your data security

for IT service management, business

requirements. Whether you need to

resilience and security across the

implement endpoint data protection,

enterprise. Organizations of every

enterprise content protection, or activity

size can benefit from flexible, modular

compliance and monitoring, IBM can

IBM offerings that span business

help. When you want to adopt a stra-

management, IT development and

tegic model for data security that not

IT operations and draw on extensive

only protects information but also helps

customer experience, best practices

you extend its value through collabora-

and open standardsbased tech-

tion, turn to IBM.

nology. IBM helps clients implement

Copyright IBM Corporation 2007

IBM Corporation
Route 100
Somers, NY 10589
U.S.A.
Produced in the United States of America
December 2007
All Rights Reserved
IBM, the IBM logo and Tivoli are trademarks of
International Business Machines Corporation in the
United States, other countries or both.
Other company, product and service names may
be trademarks or service marks of others.
Disclaimer: The customer is responsible for
ensuring compliance with legal requirements.
It is the customers sole responsibility to obtain
advice of competent legal counsel as to the
identification and interpretation of any relevant laws
and regulatory requirements that may affect the
customers business and any actions the reader
may have to take to comply with such laws. IBM
does not provide legal advice or represent or
warrant that its services or products will ensure
that the customer is in compliance with any law
or regulation.

the right IT solutions to achieve rapid

To learn more about how your organiza-

business results and become a stra-

tion can use IBM security solutions for

tegic partner in business growth.

data security or to find the IBM secu-

For more information about IBM

rity solutions entry point that is right for

Governance and Risk Management,

visit ibm.com/itsolutions/governance

GMS14003-USEN-00