Complying with GDPR and the importance of protecting data with MQ Advanced

padlock

As a business, acquiring and keeping customers is crucial. You need to ensure that you are continually delighting them, ensuring you deliver the best value, and are easy to do business with. And one critical thing above all others is to ensure that the customer can trust your business.

 

Why is this important? A key reason is that the customer is trusting your business with their information, and you therefore have a responsibility to keep it safe. Because if a customer can’t trust you with their information, they won’t do business with you.

Screen Shot 2017-09-26 at 11.42.31

And it is not just a question of customer trust. There is more and more legislation around the world designed to ensure that businesses are taking the protection and security of 3rd party data seriously. The headlines recently around this have been driven by the deadline date for the EU’s GDPR. But honestly protecting your own data, as well as customer information should have been essential practice anyway.

 

Meeting the needs of GDPR, other legislation in this area, and also customer trust isn’t just about ticking a box and can’t be addressed through a single change or product. There needs to be a comprehensive approach to ensure there aren’t gaps in the security. One of the best ways to ensure that is the thought of ‘privacy by design’ as mentioned in GDPR. Instead of having to try to protect multiple aspects of security in every system, you can ensure security is applied much more widely so that individual areas of security and multiple connected systems are protected without additional effort or overview.

 

There are multiple reasons why a business might use IBM MQ’s messaging to move data within a business, or between businesses. Thousands of the world’s leading businesses have depended on it for reliable, scalable, secure and highly available messaging for 25 years. And while IBM MQ is a secure environment, today’s connected business systems, with the challenge of regulations like GDPR requiring demonstrable protection and records of who could have had access, and the need to show removal of data requires even more security. And this is available as a part of IBM MQ Advanced or IBM MQ Appliance with end-to-end encryption including encryption of data at rest.

 

Why is this important, and how would it help protect data, as well as help to comply with GDPR and other legislation? Consider a typical connected environment with messages flowing across many different connected systems. Maybe data originating from a customer will bounce across different business systems as a message: ordering, invoicing, manufacturing, shipping, loyalty programs. Some of these might be with the enterprise, and others might be 3rd party businesses who provide a service. As messages flow, they will get persisted to disk to ensure they don’t get lost in case of a failure. But how to ensure that every system and every disk is protecting these messages without having to be in control of all these systems and disks, which might be owned by other organizations?

Screen Shot 2018-07-11 at 11.13.48

The end to end encryption in MQ Advanced is policy-based and doesn’t require application updates. In fact, the applications themselves will be unaware that the messages will be encrypted between the sending and receiving applications. The messages being sent over MQ will have the MQ message contents encrypted, but the messaging header (properties) will remain in the clear. As each message is persisted to disk in a queue, the contents will remain encrypted. The messages will only be decrypted at the destination application as set in the policy. With this in place, it becomes irrelevant how many systems the message will travel through between source and destination, or even the security or ownership of each system. It can be demonstrated that the message will not be accessible except to the receiving application, therefore ensuring that there is a complete record of who has had access to every message, and therefore it is under complete control.

 

The enhancements to this end-to-end encryption in MQ Advanced V9.0 and most recently in MQ V9.1 (announced July 2018) not only provide this strong encryption that doesn’t require application changes, but also can be applied with virtually no performance impact either.

 

With your business under pressure from GDPR and other legislation, and the need to ensure your customers can trust you to look after their data and personal information, it has become essential to consider the move to MQ Advanced in order to take advantage of this cutting-edge data protection capability.

Update: For more information in detail about the security features of the IBM MQ family and how they might help as part of a GDPR approach, here is link to a presentation by Jamie Squibb on this topic, presented to Guide Share Europe earlier this year.

Get started today, by downloading the MQ Advanced trial, or MQ Advanced for developers or even simpler try out the new hosted IBM MQ on IBM Cloud .

Tags: , , , , , , , , , , , , ,

One Response to “Complying with GDPR and the importance of protecting data with MQ Advanced”

  1. MQGem Monthly (July 2018) | MQGem Software Says:

    […] Complying with GDPR and the importance of protecting data with MQ Advanced […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: