IBM Security Z Security

 View Only

Hyper Protect Data Controller 1.2.0 Released!

By Anthony Sofia posted Fri September 24, 2021 08:00 AM


Today, I am happy to announce that IBM Hyper Protect Data Controller 1.2.0 is available for download from Passport Advantage. The enhancements in this release provide substantial usability and performance benefits to clients. To simplify use, with this release we are introducing a new web-based user interface for managing and defining policies. To help improve performance, we are delivering significant improvements in the JDBC SQL processing engine for easier integration of the solution and a reduction in performance overhead related to protecting data.

User Interface

Within the IBM Hyper Protect Data Controller solution, the Data Controller is where the policy governing the protection and usage of data is maintained. Policy definition for the Data Controller in 1.1.0 was done using an XML file, and edited using a provided XML Schema Document (XSD). To make policy definition quicker and more intuitive, this release of Hyper Protect Data Controller provides a new Management Interface where policies can be defined and managed through a set of guided inputs.

Policy Dashboard Screen

When you log into the Management Interface you can see a list of all the policies in the system, as well as showing the currently active policy for the current Data Controller. A single instance of the Management Interface can be used to manage multiple Data Controllers.

Policy Preview Screen

The interface will allow the entire policy to be created with a guided procedure. Once a policy is created, it can be previewed and all the information about the policy can be shown. Those policies can then be approved and activated using the Management Interface.

SQL Performance over JDBC

This release introduces a significant performance improvement for the SQL processing when the Data Controller is acting as a passthrough for data coming from a DBMS. The way that SQL is handled is that the exact SQL sent to the Data Controller is passed through to the target database. This allows predicates in the SQL statement on clear data to be handled locally by the database.

Flow of queries and data

The query can be routed by the Data Controller either through a default connection for a specific persona, or through inspection of the SQL query to a specific database connection. The result set from the database may contain a combination of clear data and Encrypted Data Objects (EDOs). These results are streamed through the Data Controller, as it is read from the source database. The data is then processed by the Data Controller, which involves decryption and policy-based masking, at which point the data is immediately made available for the client to fetch those results. This enhancement reduces the latency for the first results, resulting in a significant increase in overall data throughput as compared to 1.1.0.


The enhancements in the 1.2.0 release of Hyper Protect Data Controller provide lots of new value for clients, especially in the areas of usability and performance. Through our continuous delivery (CD) model, the development team is dedicated to delivering quarterly updates to the product, which include new features and support to continuously optimize your experience when deploying and using this solution.


Enjoy the new release!

Additional Resources