Skip to main content
close search
site logo
Dive Brief

How IBM is using Latin flowers to help companies comply with GDPR

Published May 16, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr user Moosealope

Dive Brief:

  • IBM is helping increase preparation for GDPR with a hybrid-like approach to encryption and anonymization, according to Michael Osborne, manager for Privacy and Security at IBM's Zurich Research Lab, in an interview with CIO Dive. The offering is called the IBM High Assurance Desensitization Engine and uses pseudonymization in lieu of completely anonymizing data, which could lead to potentially "breaking" the data, he said.

  • Unlike full anonymization, the engine doesn't change the data to protect it, instead it is "replacing pieces so you remove the identity, but you still have the utility and analytics of the data," Osborne said. The offering works like a service but it's not "fixed in a cloud" and can be put in a mainframe or behind middleware, he said. It works as a "floating software" using container technology.

  • Rabobank, a Dutch banking and financial services company, uses the technology to assign the names of Latin flowers for customers' pseudonyms, according to a company blog post. The bank's DevOps team uses pseudonymization to test real personal data while piloting apps and services. The ability to experiment with real data will be against GDPR restrictions come May 25. The engine converts names, birthdays, addresses and other types of personally identifiable information into a series of random identifiers.

Dive Insight:

Security experts largely agree that a data breach is not a matter of "if," but "when." GDPR is meant to create a sense of transparency between organizations and their consumers and also assure the protection of data. 

Most organizations are focussing on the processes and consulting aspects of GDPR before the May 25 deadline. But when policies alone aren't enough, technology may be the next best solution. Many companies looking to comply with GDPR and, predicting a similar shift in American data protection laws, are looking to technology for help.

Technologies like Big Blue's pseudonymization will not only help confuse an attacker but also avoid any fines associated with a breach, according to Osborne. The tool not only protects the data itself, but those handling it.

Developers can work in good conscious by using pseudonymised data that "looks and feels real" during the experimental phases of a project. IBM's engine takes a "name or identifier in one context and changes it in another context" effectively "de-identifying" the data, granting a new identity in a new context, said Osborne.

But there are some companies that are still just struggling with policies alone. Only half of companies that expect to comply with the standards are fully or somewhat ready for GDPR.

There are also companies that choose not to comply with GDPR and opt out altogether by cutting ties with their EU customers. Enforcers of the regulation are struggling to lock down the funds and laws to perform their duties to full capacity.

Recommended Reading

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell