© Copyright International Business Machines Corporation 2021

Securing IBM Netezza Performance Server

(NPS) in

an Enterprise Ecosystem

For On-premises deployments with CPDS v1.x

By

Prasada Reddy Puttur, CISSP Rajesh Naicken

Security Architect Netezza Performance Server Persistent Systems Inc

Security Programme Lead & Senior Architect Net Netezza Performance Server IBM

© Copyright International Business Machines Corporation 2021

Table of Contents

1. INTRODUCTION ....................................................................................................................................... 3

2. PHYSICAL SECURITY ................................................................................................................................. 3

3. SECURITY ASSESSMENT AND VULNERABILITY MANAGEMENT ................................................................... 3

4. DATA-AT-REST PROTECTION .................................................................................................................... 4

4.1. ENCRYPTING AND LOCKING THE DATA STORAGE .................................................................................................... 4 4.2. DATABASE FIELD LEVEL ENCRYPTION .................................................................................................................... 5 4.3. ENCRYPTING LOCAL USER PASSWORDS .......................................................................................................... 5 4.4. STORAGE BACKUP MANAGEMENT ....................................................................................................................... 5

4.4.1. Encryption during nzbackup ................................................................................................................... 5 4.4.2. Encryption during TSM backup .............................................................................................................. 5

4.5. ENCRYPTING LOCAL USER PASSWORDS .......................................................................................................... 6

5. DATA-IN TRANSIT PROTECTION................................................................................................................ 6

5.1. SECURED USER AUTHENTICATION ....................................................................................................................... 6 5.2. SECURED DATABASE CONNECTIONS ..................................................................................................................... 6

6. SECURE INSTALLATION ............................................................................................................................ 7

6.1. THE SECURE SOFTWARE REPO MANAGEMENT....................................................................................................... 7 6.2. THIRD PARTY SOFTWARE INSTALLATION ................................................................................................................ 7

7. AUTHENTICATION AND AUTHORIZATION ................................................................................................. 7

7.1. ROLES AND ACCESS RIGHTS ................................................................................................................................ 7 7.2. SEPARATION OF DUTIES ..................................................................................................................................... 8 7.3. DATABASE ADMINISTRATORS ............................................................................................................................. 8 7.4. PRIVILEGED ADMINISTRATORS ............................................................................................................................ 8 7.5. USER MANAGEMENT VIA EXTERNAL ENTERPRISE MICROSOFT WINDOWS ACTIVE DIRECTORY / LDAP SERVER ................... 8 7.6. NETEZZA PERFORMANCE SERVER ACCESS .............................................................................................................. 8 7.7. LOCAL USER PASSWORD POLICY ......................................................................................................................... 9

8. NETWORK ACCESS CONTROL ................................................................................................................... 9

8.1. NETEZZA CLIENTS AUTHENTICATION .................................................................................................................... 9 8.2. NETWORK SETUP AND DNS UPDATE .................................................................................................................... 9

9. SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) SUPPORT .................................................. 10

9.1. ACTIVITY LOGS ............................................................................................................................................... 10 9.2. PRIVACY AND COMPLIANCE MANAGEMENT ......................................................................................................... 10

9.2.1. GDPR..................................................................................................................................................... 11 9.2.2. DISA-STIG .............................................................................................................................................. 11

10. REFERENCES .......................................................................................................................................... 11

11. NOTICES ................................................................................................................................................ 12

© Copyright International Business Machines Corporation 2021

1. Introduction In today’s digital world, ‘data’ is a critical component for success of any business. With

emerging trends and wider usage of technology it is very important to secure the data. The

enterprise data is typically managed using some form of data warehousing technologies. Hence it

is critical and compulsory to protect the data warehousing solutions from internal and external

security threats.

IBM Netezza Performance Server (NPS) is an Enterprise grade Data warehousing solution from

IBM, which is deployed on IBM Cloud Pak for Data System (1) . . IBM Cloud Pak® for Data

System is a complete hybrid cloud on-premises platform-in-a-box.

This white paper highlights various security aspects of NPS and describes the security best

practices which can be applied to secure NPS in an enterprise ecosystem.

2. Physical Security • Restrict access to data warehouse appliance by appropriate access control to data center

by using smart card based, biometric base access.

• Define security policy rules and ensure they are being followed in the physical lab

premises.

• Deployment layout should not be exposed to unauthorized parties.

• The Hardware and storage replacement components should follow authorized

replacement and disposal mechanism as per NIST standards (3).

3. Security Assessment and Vulnerability

Management It is essential to assess the security of data warehousing solution using industry specific security

scanners. NPS supports Nessus scanning for vulnerability assessment of Software and

Networking environment. Vulnerability management is a proactive approach to find

vulnerabilities in systems and applications, so that they can be fixed before exploited by

attackers. Vulnerability scanning and assessment is done in a continuous periodic cycle. The

product is scanned with Nessus Enterprise scanner during development and recommend updates

to the customer for addressing the discovered vulnerabilities.

Cloud Pak for Data System platform on which the NPS database runs, includes the OSCAP tool.

Using the tool, you can scan the system periodically to identify any known vulnerabilities.

© Copyright International Business Machines Corporation 2021

IBM periodically releases critical security patches for the Cloud Pak for Data System platform. It

is critical to apply patches for software packages detected during vulnerability scanning to ensure

pre-emptive protection.

4. Data-at-Rest Protection Data stored in the persistent storage, inside and/or external, needs to be protected against

accidental removal or theft of the storage media. NPS provides the following functionalities to

protect the storage media:

• Encrypting and locking the storage disks

• Protecting the database backup

4.1. Encrypting and Locking the Data Storage

NPS uses SSD disks as the main storage medium. These disk drives are self-encrypting drives

(SED), which provides improved security and protection of the data stored on the system.

Self-encrypting drives encrypt data as it is written to the disk. Each disk has a disk encryption

key (DEK) that is set at the factory and stored on the disk. The disk uses the DEK to encrypt data

as it writes, and then to decrypt the data as it is read from disk. The operation of the disk, and its

encryption and decryption, is transparent to the users who are reading and writing data.

For the optimal security of the data stored on the disks, SEDs have a mode referred to as auto-

lock mode. In auto-lock mode, the disk uses an authentication encryption key (AEK) to protect

its DEK. When powered off, the disks are automatically locked. When the disk is powered on,

the SED requires a valid AEK to read the DEK and unlock the disk to proceed with read and

write operations. If the SED does not receive a valid authentication key, the data on the disk

cannot be read. The auto-lock mode helps to protect the data when disks are accidentally or

intentionally removed from the system.

In auto-lock mode, the authentication encryption (AEK) can be stored locally on control nodes

storage area. For better security, you can also store it on a remote key management tool like IBM

Software Key Life Cycle Manager (ISKLM).

There are a set of utilities and services provided in the NPS for the life cycle management of

authentication encryption key (AEK).

By default, auto-lock mode is not enabled in the NPS.

© Copyright International Business Machines Corporation 2021

4.2. Database Field level encryption

Netezza supports the field level encryption in the database table. The necessary software

functionality is provided to encrypt and decrypt at granular level of application specific data. The

encryption and decryption are managed by using a key generated by application, which secures

confidentiality and integrity of the application data.

The encryption supports industry standard security algorithms such as RC4, AES-128/192/256.

The Dynamic data masking can be implemented using encryption and decryption functions to

prevent unauthorized access to sensitive data in database objects.

4.3. Encrypting Local User passwords

When you create local NPS database users, the account passwords are stored in the database in

encrypted form. The NPS system has a default encryption process. For more security, you can

create and specify a host key for encrypting passwords.

4.4. Storage Backup Management

NPS has the capability to back up the data externally and secure that backup using standard

encryption process.

4.4.1. Encryption during nzbackup

The backup process stores an encrypted host key by using the default encryption process, or you

can use the nzbackup -secret option to encrypt the host key by using a user-supplied string. To

restore that backup set, an administrator must specify the same string in the nzrestore -secret

option. To protect the string, it is not captured in the backup and restore log files.

When you back up the local user and group information, the backup set saves information about

the password encryption. If you use a custom host key, the host key is included in the backup set

to process the account passwords during a restore.

4.4.2. Encryption during TSM backup

If you are using Tivoli Storage Manager (TSM) encrypted backup support, you can configure the

NPS backups to use encrypted backups. To configure encrypted backups, you must specify some

settings to the TSM configuration files in the backup archive and API clients. For each TSM

server in your environment, you can specify that the Tivoli backup connector use encrypted

backups to store the files sent by the NPS backup utilities.

© Copyright International Business Machines Corporation 2021

Refer to the following document for detailed information about configuring system for encrypted

backup using TSM.

• Tivoli Storage Manager encrypted backup support

4.5. Encrypting Local User passwords

When you create local NPS database users, the account passwords are stored in the database in

encrypted form. The NPS system has a default encryption process. For more security, you can

create and specify a host key for encrypting passwords.

5. Data-in Transit Protection It is essential to secure the data while it is travelling across the components within the product or via external network.

5.1. Secured User Authentication • When users are integrated with an external user directory such a LDAP server or a

Windows Active Directory, it is recommended to use SSL/TLS communication between external client and LDAP authentication server.

• NPS supports SSLv3.0 and TLS1.2 protocol support for the communication with the

external Enterprise LDAP server. It ensures that the password is always encrypted during

authentication process by using the in-built SSSD mechanism. NPS expects SSL or TLS

be enabled and CA certificates are configured on Enterprise LDAP server before being

used for authentication.

• The identity of the components in client/server communication is also ensured by using

Public Key Infrastructure (PKI) certificate management process.

5.2. Secured Database Connections • By default, the Netezza Performance Server system is configured to accept either

secure SSL connections or plain connection from Netezza clients. It is recommended to use secured SSL connection for external clients as the best security practice.

• If your users are located within the secure firewall of your network or they use a protocol

such as ssh to securely connect to the Netezza system, you might require them to use

unsecured communications, which avoids the performance overhead of secured

communications. If you have one or more clients who are outside that firewall, you might

require them to use secured connections.

• If enabled for SSL connections, NPS uses TLSv1.2 protocol by default.

• Refer the following documents on how to create different database connection types in

NPS.

© Copyright International Business Machines Corporation 2021

• Configure the Netezza host authentication for clients

• Netezza client encryption and security

6. Secure Installation

6.1. The Secure Software Repo Management

The Netezza Performance Server software packages and fix packs are stored in secure software

location repository called IBM Fix Central( https://www.ibm.com/support/fixcentral/).

The software repo authentication and access for downloading the software is managed by IBM

Certified authentication process.

6.2. Third Party software installation Third party software installation is not allowed to install by default, which is to preserve the

integrity of the overall Netezza software stack on the appliance environment. Any forced 3rd

party software installation can hamper the overall functioning and performance of the product.

7. Authentication and Authorization

Authentication and authorization are key component of NPS to support user access and

execution of product services.

Database Administrators needs to manage the access to different users by granting them only the

required roles or privileges as needed to access a particular database object and System

Administrators should manage the overall access to the Cloud Pak for Data System.

7.1. Roles and access rights

• You can control access to NPS by placing the system in a secured location such as a data

center.

• You control the access to the NPS database, objects, and tasks on the system by

managing the NPS database user accounts that can establish SQL connections to the

system. By default, the database user who creates an object is the owner of the object

unless the person who creates the object specifies a different database user.

• Linux accounts allow users to log in to the NPS server at the operating system level, but

they cannot access the NPS database using SQL.

• You can control access to the Cloud Pak for Data System where NPS is deployed by

following the guidelines as recommended in Could Pak for Data System usage.

© Copyright International Business Machines Corporation 2021

7.2. Separation of duties

NPS recommends that you develop an access model for your NPS system. An access model is a

profile of the users who require access to the NPS and the permissions or tasks that they will

need.

7.3. Database Administrators

As the database admin user, you can create other database users and groups to grant and manage

access to the objects (such as databases, tables, and views) and administration tasks (such as

creating or dropping tables, deleting rows, and creating users).

For more information, see: Performance Server database users, groups, and roles.

7.4. Privileged administrators

The default admin user account is a powerful database super-user account. Use the admin

account only when necessary; IBM recommends that you create an administration group that

reflects an appropriate set of permissions and capabilities (See: Creating an administrative user

group.

The NPS security model is a combination of administrator privileges granted to users and/or

groups, object privileges associated with specific objects (for example: table xyz) and classes of

objects (for example: all tables). You need administrative privileges to take data outside of NPS.

For more about Netezza Performance Server administration, see: Administration overview.

7.5. User Management via external enterprise Microsoft Windows Active Directory / LDAP server

The default local user management feature is for getting started quickly and may not be suitable

for meeting all the compliance requirements for user management. Hence after the initial setup

of NPS, it is strongly recommended to use enterprise-level LDAP provider for user management.

NPS system supports LDAP authentication for container authentication and Database user

authentication. The authentication process is described in IBM documentation: LDAP

authentication .

NPS system also supports Kerberos authentication for database users – as it is described in IBM

Documentation.

7.6. Netezza Performance Server access

• It is recommended to use NPS web console via https protocol for more secure operation,

and to reduce usage of CLI.

© Copyright International Business Machines Corporation 2021

• Container access via port 51022 to be restricted for specific administrative users.

• As a best practice, avoid using root user for doing ssh into the NPS host container.

Always use nz or equivalent user for Host access via ssh.

7.7. Local User Password Policy A password policy sets certain standards for passwords, such as password complexity and the

rules for changing passwords. A password policy minimizes the inherent risk of using passwords

by ensuring that they meet adequate complexity standards to thwart brute force attacks.

On enabling LDAP authentication, the LDAP user’s password is managed by LDAP

administrator as per enterprise policy standards.

For local user authentication the password changes are applied as described in the Password

expiration settings.

On Client side encryption of password using nzpassword can be applied as explained in local

user password encryption. It is recommended to change default password for default users such as nz, admin, root using

standard Netezza password change procedure.

8. Network Access Control

8.1. Netezza Clients Authentication

Netezza Performance Server supports the functionality to enable communication specific host/IP

address or subnet: when connection is added from a specific IP or subnet, then NPS server can be

accessed only from defined connections as explained in the section Configure the Netezza host for client authentication.

It is highly recommended to use connection functionality to allow or deny access to specific

hosts from which the database application are executed.

8.2. Network setup and DNS update

Network setup and DNS setups to be followed as defined in the Installation Guide, or you can

contact IBM Support team for updates.

© Copyright International Business Machines Corporation 2021

9. Security information and event

management (SIEM) support

At a high level, audit logging provides accountability, traceability, and regulatory compliance

regarding access to and modification of data. Enterprises are often subject to industry

requirements for regulatory auditing compliance. The NPS along with Cloud Pak for Data

System platform has functionality to integrate with an external enterprise log server such IBM Q-

Radar.

9.1. Activity logs

All major software components that run on the host machine have an associated log. In addition,

query history captures user activity information on the system, such as the queries that are run,

query plans, table access, column access, session creation, and failed authentication requests.

For more information, see:

• System logs

• Advanced query history

9.2. Privacy and Compliance management

Data privacy is generally focused on the use and governance of personal data and personally

identifiable information. It might include putting policies in place to ensure that personal

information is being collected, shared, and used in appropriate ways.

Compliance is a systematic approach to governance designed to ensure that an institution meets

its obligations under applicable laws, regulations, best practices and standards, contractual

obligations, and institutional policies.

Clients are responsible for ensuring their own readiness for the laws and regulations that apply.

Clients are solely responsible for obtaining advice of competent legal counsel as to the

identification and interpretation of any relevant laws and regulations that may affect the

clients‚ business, and any actions the clients might need to take to comply with such laws and

regulations.

The products, services, and other capabilities described herein are not suitable for all client

situations and might have restricted availability. IBM does not provide legal, accounting, or

auditing advice or represent or warrant that its services or products will ensure that clients are

ready for any law or regulation.

Netezza Performance Server supports following security and privacy compliance assessments:

• The General Data Protection Regulation (GDPR)

© Copyright International Business Machines Corporation 2021

• Defence Information Systems Agency (DISA) - Security Technical Implementation

Guide – (DISA-STIG)

9.2.1. GDPR The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and

privacy in the European Union and the European Economic Area. GDPR establishes a stronger

data protection regulatory framework for processing of personal data of individuals.

Clients are responsible for ensuring their own readiness for the laws and regulations, including the

European Union General Data Protection Regulation. See NPS Data consideration for GDPR

readiness.

9.2.2. DISA-STIG Defense Information Systems Agency (DISA) - Security Technical Implementation Guide

(STIG) provides technical guidance to 'lock down' information systems/software that might

otherwise be vulnerable to a malicious computer attack. The Federal Customer and Financial

customers would require meeting the STIG compliance in an Enterprise operation.

The Netezza Performance Server and the Cloud Pak for Data System platform on which NPS

runs supports the enabling STIG compliance. It is recommended that customers enable STIG

compliance for both NPS and the platform and scan with Nessus scanner for compliance.

For more details regarding enabling of STIG compliance see the following:

• STIG compliance for NPS

• STIG compliance for Cloud Pak for Data System

10. References

1. Cloud Pak for Data System v1.0 Security Insights https://community.ibm.com/community/user/cloudpakfordata/viewdocument/security-whitepaper-on-cloud-pak-fo?CommunityKey=c0c16ff2-10ef-4b50-ae4c-57d769937235&tab=librarydocuments

2. IBM Redbooks: Security in Development - The IBM Secure Engineering Framework

https://www.redbooks.ibm.com/redpapers/pdfs/redp4641.pdf

3. Security Guidelines for Storage Infrastructure and media sanitization.

https://csrc.nist.gov/publications/detail/sp/800-209/final https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final

4. Best Practices for Ensuring Impenetrable Data Warehouse Security

https://datawarehouseinfo.com/data-warehouse-security/

© Copyright International Business Machines Corporation 2021

11. Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer the products,

services, or features discussed in this document in other countries. Consult your local IBM representative for

information on the products and services currently available in your area. Any reference to an IBM product,

program, or service is not intended to state or imply that only that IBM product, program, or service may be used.

Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right

may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM

product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. The

furnishing of this document does not give you any license to these patents. You can send license inquiries, in

writing, to:

IBM Director of Licensing IBM

Corporation

North Castle Drive

Armonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and

Intellectual Property Law IBM Japan, Ltd.

19-21, Nihonbashi-Hakozakicho, Chuo-ku

Tokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any other country where such provisions are

inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS"

WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT

LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR

FITNESS FOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore this

statement might not apply to you. This information could include technical inaccuracies or typographical errors.

Changes are periodically made to the information herein; these changes will be incorporated in new editions of the

publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this

publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any

manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials

for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

© Copyright International Business Machines Corporation 2021

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual

use of the information which has been exchanged, should contact:

IBM Corporation 2Z4A/101

11400 Burnet Road Austin, TX

78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions, including in some cases payment

of a fee.

The licensed program described in this document and all licensed material available for it are provided by IBM

under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent

agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, the results

obtained in other operating environments may vary significantly. Some measurements may have been made on

development-level systems and there is no guarantee that these measurements will be the same on generally

available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results

may vary. Users of this document should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, their published

announcements or other publicly available sources. IBM has not tested those products and cannot confirm the

accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the

capabilities of non-IBM products should be addressed to the suppliers of those products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice and

represent goals and objectives only. All IBM prices shown are IBM's suggested retail prices, are current and are

subject to change without notice. Dealer prices may vary. This information is for planning purposes only. The

information herein is subject to change before the products described become available. This information contains

examples of data and reports used in daily business operations. To illustrate them as completely as possible, the

examples include the names of individuals, companies, brands, and products. All of these names are fictitious and

any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.

COPYRIGHT LICENSE

This information contains sample application programs in source language, which illustrate programming

techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any

form without payment to IBM, for the purposes of developing, using, marketing or distributing application

programs conforming to the application programming interface for the operating platform for which the sample

programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot

guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute

these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or

distributing application programs conforming to IBM's application programming interfaces.

Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as

follows:

© (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. © Copyright

IBM Corp. _enter the year or years_. All rights reserved.

If you are viewing this information in softcopy form, the photographs and color illustrations might not be

displayed.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines

Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM

or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark

information at ibm.com/legal/copytrade.shtml.

© Copyright International Business Machines Corporation 2021

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or trademarks of

Adobe Systems Incorporated in the United States, other countries, or both. IT Infrastructure Library is a registered

trademark of the Central Computer and Telecommunications Agency which is now part of the Office of

Government Commerce. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,

Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel

Corporation or its subsidiaries in the United States and other countries. Linux is a trademark of Linus Torvalds in

the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are

trademarks of Microsoft Corporation in the United States, other countries, or both. ITIL is a registered trademark,

and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent

and Trademark Office. UNIX is a registered trademark of The Open Group in the United States and other

countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or

its affiliates. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States,

other countries, or both and is used under license therefrom. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and

the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

Statement of Good Security Practices

IT system security involves protecting systems and information through prevention, detection and response to

improper access from within and outside your enterprise. Improper access can result in information being altered,

destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in

attacks on others. No IT system or product should be considered completely secure and no single product, service

or security measure can be completely effective in preventing improper use or access. IBM systems, products and

services are designed to be part of a comprehensive security approach, which will necessarily involve additional

operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT

WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE

YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

© International Business Machines Corporation 2021 International Business Machines Corporation

New Orchard Road Armonk, NY 10504 Produced

in the United States 06-20 All Rights Reserved

References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which

IBM operates.