Posts Tagged ‘General Data Protection Regulation (GDPR)’

IBM Preps Z World for GDPR

June 1, 2018

Remember Y2K?  That was when calendars rolled over from the 1999 to 2000. It was hyped as an event that would screw up computers worldwide. Sorry, planes did not fall out of the sky overnight (or at all), elevators didn’t plummet to the basement, and hospitals and banks did not cease functioning. DancingDinosaur did OK writing white papers on preparing for Y2K. Maybe nothing bad happened because companies read papers like those and worked on changing their date fields.

Starting May 25, 2018 GDPR became the new Y2K. GRDP, the EC’s (or EU) General Data Protection Regulation (GDPR), an overhaul of existing EC data protection rules, promises to strengthen and unify those laws for EC citizens and organizations anywhere collecting and exchanging data involving its citizens. That is probably most of the readers of DancingDinosaur. GDRP went into effect at the end of May and generated a firestorm of trade business press but nothing near what Y2K did.  The primary GDPR objectives are to give citizens control over their personal data and simplify the regulatory environment for international business.

According to Bob Yelland, author of How it Works: GDPR, a Little Bee Book above, 50% of global companies  say they will struggle to meet the rules set out by Europe unless they make significant changes to how they operate, and this may lead many companies to appoint a Data Protection Officer, which the rules recommend. Doesn’t it feel a little like Y2K again?

The Economist in April wrote: “After years of deliberation on how best to protect personal data, the EC is imposing a set of tough rules. These are designed to improve how data are stored and used by giving more control to individuals over their information and by obliging companies to handle what data they have more carefully. “

As you would expect, IBM created a GDPR framework with five phases to help organizations achieve readiness: Assess, Design, Transform, Operate, and Conform. The goal of the framework is to help organizations manage security and privacy effectively in order to reduce risks and therefore avoid incidents.

DancingDinosaur is not an expert on GDPR in any sense, but from reading GDPR documents, the Z with its pervasive encryption and automated secure key management should eliminate many concerns. The rest probably can be handled by following good Z data center policy and practices.

There is only one area of GDPR, however, that may be foreign to North American organizations—the parts about respecting and protecting the private data of individuals.

As The Economist wrote: GDPR obliges organizations to create an inventory of the personal data they hold. With digital storage becoming ever cheaper, companies often keep hundreds of databases, many of which are long forgotten. To comply with the new regulation, firms have to think harder about data hygiene. This is something North American companies probably have not thought enough about.

IBM recommends you start by assessing your current data privacy situation under all of the GDPR provisions. In particular, discover where protected information is located in your enterprise. Under GDPR, individuals have rights to consent to access, correct, delete, and transfer personal data. This will be new to most North American data centers, even the best managed Z data centers.

Then, IBM advises, assess the current state of your security practices, identify gaps, and design security controls to plug those gaps. In the process find and prioritize security vulnerabilities, as well as any personal data assets and affected systems. Again, you will want to design appropriate controls. If this starts sounding a little too complicated just turn it over to IBM or any of the handful of other vendors who are racing GDPR readiness services into the market. IBM offers Data Privacy Consulting Services along with a GDPR readiness assessment.

Of course, you can just outsource it to IBM or others. IBM also offers its GDPR framework with five phases. The goal of the framework is to help organizations subject to GDPR manage security and privacy with the goal of reducing risks and avoiding problems.

GDPR is not going to be fun, especially the obligation to comply with each individual’s rights regarding their data. DancingDinosaur suspects it could even get downright ugly.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

IBM Brings NVMe to Revamped Storage

February 23, 2018

The past year has been good for IBM storage and it’s not only that the company rang up four consecutive quarters of positive storage revenue. Over that period and starting somewhat earlier, the company embarked on a thorough revamping of its storage lineup, adding all the hot goodies from flash to software defined storage (Spectrum) to NVMe (Non-Volatile Memory express) in 2018. NVMe represents a culmination of sorts by allowing the revamped storage products to actually deliver on the low latency and parallelism promises of the latest technology.

Hyper-Scale Manager for IBM FlashSystem (Jared Lazarus/Feature Photo Service for IBM)

The revamp follows changes in the way organizations are deploying technology. They now are wrestling with exponential volumes of data growth and the need to quickly modernize their traditional IT infrastructures by taking advantage of multi-cloud, analytics, and cognitive/AI workloads going forward.

This is not just a revamp of existing products. IBM has added innovations and enhancements across the storage portfolio to expand the range of data types supported, deliver new function, and enable new technology deployment.

This week, IBM Storage — the #2 storage software vendor by revenue market share according to IDC—announced a wide-ranging set of innovations to its software-defined storage (SDS), data protection, and storage systems portfolio. Continuing IBM investments in enhancing its SDS (Spectrum), data protection, and storage systems capabilities, these announcements demonstrate its commitment to IBM storage solutions as the foundation for multi-cloud and cognitive/AI applications and workloads.

With these enhancements, IBM is aiming to transform on-premises infrastructure to meet these new business imperatives. Recent innovations and enhancements across the IBM Storage portfolio expand the range of data types supported, deliver new function, and enable new technology deployment. For example, IBM Spectrum NAS delivers enterprise capabilities and SDS simplicity with cost benefits for common file workloads, including support for Microsoft environments. Or, IBM Spectrum Protect still addresses data security concerns but just added General Data Protection Regulation (GDPR) and automated detection and alerting of ransomware.

Along the same lines, IBM Spectrum Storage Suite brings a complete solution for software-defined storage needs while gaining expanded range and value through the inclusion of IBM Spectrum Protect Plus at no additional charge. Similarly, IBM Spectrum Virtualize promises lower data storage costs through new and better performing data reduction technologies for the IBM Storwize family, IBM SVC, and IBM FlashSystem V9000, as well as for over 440 non-IBM vendor storage systems.

Finally, IBM Spectrum Connect simplifies management of complex server environments by providing a consistent experience when provisioning, monitoring, automating, and orchestrating IBM storage in containerized VMware and Microsoft PowerShell environments. Orchestration is critical in increasingly complex container environments.

The newest part of the IBM storage announcements is NVM Express (NVMe). This is an open logical device interface specification for accessing non-volatile storage media attached via a PCIe bus. The non-volatile memory referred to is flash memory, typically in the form of solid-state drives (SSDs). NVMe provides a logical device interface designed from the ground up to capitalize on the low latency and internal parallelism of flash-based storage devices, essentially mirroring the parallelism of modern CPUs, platforms and applications.

By its design, NVMe allows host hardware and software to fully exploit the levels of parallelism possible in modern SSDs. As a result, NVMe reduces I/O overhead and brings various performance improvements relative to previous logical-device interfaces, including multiple, long command queues, and reduced latency. (The previous interface protocols were developed for use with far slower hard disk drives (HDD) where a lengthy delay in response exists between a request and the corresponding data receipt due to much slower data speeds than RAM speeds could generate a fault.

NVMe devices exist both in the form of standard PCIe expansion card and as 2.5-inch form-factor devices that provide a four-lane PCIe interface through the U.2 connector (formerly known as SFF-8639) and SATA storage devices and the M.2 specification for internally mounted computer expansion cards also support NVMe as the logical device interface.

Maybe NVMe sounds like overkill now but it won’t the next time you upgrade your IT infrastructure. Don’t plan on buying more HDD or going back to IPv3. With IoT, cognitive computing, blockchain, and more your users will have no tolerance for a slow infrastructure.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Follow DancingDinosaur on Twitter, @mainframeblog. See more of his work at technologywriter.com and here.


%d bloggers like this: