IBM App Connect Professional (software) Considerations for GDPR Readiness

Information about features of IBM® App Connect Professional that you can configure, and aspects of the product's use, that you should consider to help your organization with GDPR readiness.

Notice:

This document is intended to help you in your preparations for GDPR readiness. It provides information about features of IBM Integration Bus that you can configure, and aspects of the product's use, that you should consider to help your organization with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients' business and any actions the clients may need to take to comply with such laws and regulations.

The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.


Table of Contents

  1. GDPR
  2. Product Configuration for GDPR
  3. Data Life Cycle
  4. Data Collection
  5. Data Storage
  6. Data Access
  7. Data Processing
  8. Data Deletion
  9. Data Monitoring
  10. Capability for Restricting Use of Personal Data

GDPR

General Data Protection Regulation (GDPR) has been adopted by the European Union ("EU") and applies from May 25, 2018.

Why is GDPR important?

GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:

Read more about GDPR


Product Configuration for GDPR

The following sections provide considerations for configuring IBM App Connect Professional to help your organization with GDPR readiness.


Data Life Cycle

IBM App Connect Professional (ACP) is a general-purpose integration engine which enables users to route and transform data as it is passed between third-party applications. ACP supports a large range of protocols and data formats for the purpose of connecting to bespoke applications, and provides pre-built components that are capable of communicating with popular packaged applications. As such, ACP touches many forms of data, some of which could potentially be subject to GDPR. Most frequently, data passes through the ACP architecture in real time, with ACP making synchronous connections to online endpoints. However, ACP also interacts with persistent forms of data such as messaging systems (both traditional on-premises message systems such as IBM MQ , databases (relational databases and NoSQL databases), data held on local or remote file systems, email systems, and other CRM and ERP systems.

There are several third-party products with which ACP might exchange data. Some of these are IBM-owned, but many others are provided by other technology suppliers. For organizations considering a third-party product to support their GDPR readiness, consult that product's documentation.

ACP users control the way in which ACP interacts with data passing through it, by the definition of orchestrations (data flows). An orchestration is commonly constructed by a user acting in the role of "ACP developer", working with the ACP Studio. An orchestration is composed from a set of discrete building blocks (known as connectors) that are wired together in an ordered fashion by the ACP developer. Connectors are configured graphically.

What types of data flow through ACP?

As a general-purpose integration engine, there is no one definitive answer to this question because use cases vary from user to user. However, it is entirely possible, that customers of ACP use it to interact with data that relates to the following categories:

Personal data used for online contact with IBM

ACP clients can submit online comments/feedback/requests to contact IBM about ACP subjects in a variety of ways, primarily:

Typically, only the client name and email address are used, to enable personal replies for the subject of the contact, and the use of personal data conforms to the IBM Online Privacy Statement.


Data Collection

ACP can be used to collect personal data. When assessing your use of ACP and your needs to meet with the demands of GDPR, you should consider the types of personal data which in your circumstances are passing through ACP. You may wish to consider aspects such as:


Data Storage

When data travels through ACP orchestration as part of normal operation, ACP does not mandatorily persist that data directly to stateful media. However, users of ACP can configure "persistence=enabled" or "logging level=all", which can persist some sensitive data in the logs or persist on the databases. So, although ACP does not directly persist data to stateful stores, by association ACP users may want to consider securing data at rest that is written to logs or databases.

To mitigate the risk of non encrypting data at rest, the customer should in all cases not enable logging levels to INFO or FINEST; it should be set only to CRITICAL.

When designing orchestrations in App Connect Professional, customers can set the persistence setting to DISABLED in order not to allow storing of any in-flight data variables if a failure occurs that causes an orchestration job to stop. However, disabling persistence prevents the original job completing when the orchestration is restarted. Also, persistence is required by some activities in some use cases.

Read more:


Data Access

ACP-owned data can be accessed through the following defined set of product interfaces, some of which are designed for access through a remote connection, and others for access through a local connection.

The Web Management Console (WMC) is a browser-based application hosted by the Integration Appliance

The WMC can configure and monitor hardware, orchestration, and network status of an Integration Appliance, using a Web browser. System Administrators can use the WMC for the following monitoring tasks:

In addition to the WMC, you can also use the Command Line Interface (CLI) to perform many administrative and monitoring tasks. For more information on the CLI, see the Command Line Interface reference.

Read more:

Authentication:

The Web Management Console (WMC) is a web-based management tool that allows you to:

You can access the same Integration Appliance from multiple WMCs. However, each WMC can only monitor and manage one Integration Appliance at a time. The tasks you can complete in the WMC depend on the user account you log in with. The WMC has built-in groups, which you can use to further control access to the Integration Appliance. Alternatively, you can specify an LDAP server to manage user and group authentication and authorization.

Role mapping:

Please see the Authorization section for various roles that can be assigned to any user.

Authorization:

In ACP there are various authorization levels available for each tenant and environment. Each user of ACP should be assigned only the level of authorization that they require for each environment.

The following list defines the permissions granted to each of the built-in groups:

Users in this group can view all the environments in the tenant and have all the permissions of an environment administrator in each of the tenant environments.

Environment Administrators can also create and deploy project configurations for project that any environment publisher publishes, and view orchestration job details for any project configuration in the environment. With environment administrator group privileges you can edit permissions that publishers for the same environment set for their individual project configurations.

Even though members of the Environment Administrator group have Environment Publisher group and Environment User group privileges, the members of the Environment Administrator Group are not displayed in other groups in the same environment until you explicitly add the user.

The members of the Environment Publisher Group do not appear in the Environment User Group, until you explicitly add the user.

In a multi-environment tenant, users in this group only see the environment tab for environments of which they are a member. For example, a tenant has a Development, a Staging, and a Production environment. The tenant administrator or administrator of the Development environment adds a user to the User [Development] group. When the user logs in to the tenant, the user can only see the Development environment, even though the tenant has two other environments.

Read more:

Logging administration activity:

Administration activities are logged in the system logs.


Data Processing

Users of IBM App Connect Professional (ACP) can control the way in which ACP processes personal data, through the definition and configuration of the orchestrations that are deployed to the ACP runtime. Message flows begin processing when input data arrives into ACP through a starter activity, and they complete when data is sent out from an ACP end activity or request node. A large range of protocols are supported, some of which include provision for the data to be encrypted when it is passed into and sent out from ACP. Encryption provides a method by which the data is converted from a readable form to an encoded version that can only be decoded by another program if it has access to a decryption key.

Encryption:

App Connect Professional administrators have the authority to use any of the encryption activities supported to encrypt any data as needed. The admin owns the encryption key.

Read more:

To mitigate the risk of non encrypting data at rest, the customer should in all cases enable logging levels to INFO or FINEST; it should be set only to CRITICAL.

Read more:


Data Deletion

In App Connect Professional by default, an appliance purges orchestration monitoring logs older than 30 days when any of the following conditions occurs on the appliance:

Using the WMC, you can configure the job log purging parameters on the appliance that determine:

Any Business data is stored in Job Logs and Administrators have access to the purge the logs - https://www.ibm.com/support/knowledgecenter/en/SS3LC4_7.5.3/com.ibm.wci.appliance.doc/Working_with_Logs/purgingJobLogs.html


Data Monitoring

App Connect Professional provides its administrators sufficient tools like System logs, Job Logs, Orchestration logs to monitor access to the system and any changes applied to the system. Details about the usage of the various levels of logging can be found in Logging. For any instance if they administrator do not want to log any Business data into the logs, they need to set the logging level to Fatal and not INFO/ALL.

App Connect Professional provides a feature to enable Data Monitoring in Job logs to debug any failed executions. If a customer does not want to enable business data in Job logs, they need to specify logging level to Fatal.

Read more:


Capability for Restricting Use of Personal Data

App Connect Professional provides its administrators with access to purge logs based on any specific criteria like a schedule, trigger conditions, to remove specific information stored in the job logs as requested by their end customers - https://www.ibm.com/support/knowledgecenter/en/SS3LC4_7.5.3/com.ibm.wci.appliance.doc/Working_with_Logs/purgingJobLogs.html

Using the facilities summarized in this document, App Connect Professional enables an end-user to restrict usage of their personal data. Under GDPR, users have rights to Access, Modify and Restrict Processing. Refer to other sections of this document to control the following: