Linux systems

3 critical security issues for the modern enterprise

Share this post:

Security continues to be a top concern keeping IT leaders up at night. With good reason – the impact of security breaches can include remediation costs, reputation damage and reduced customer confidence.

What can leaders do to protect their data without sacrificing business agility? In August 2017, IBM commissioned Forrester to conduct a survey of IT and security decision makers to explore how organizations are implementing security to protect their data[1].

The Forrester study revealed that 46 percent of the organizational representatives surveyed encrypt little to none of their data, with only 12 percent encrypting all their data.

It also highlighted a wide range of security issues, including:

  1. A need to operationalize security to secure the new data perimeter.
  2. A focus on protecting data but a lower level of actual encryption.
  3. A desire for a “zero trust” approach to security, restricting access to those who need it.

1. Operationalizing Security

According to Forrester, operationalizing security is about “taking specific steps to identify malicious actions and respond to them in order to fix the issue.”

One of the biggest security issues today is the explosion in data, with much of that data being located beyond the previous security perimeter.

70 percent of people surveyed said they stored critical data in the cloud – so cloud service providers need to protect client data from other clients sharing the same cloud.

2. Encrypting data

85 percent of those surveyed currently encrypt their data based on a data classification scheme. Having to decide which data to encrypt exposes the remaining unencrypted data to attack.

The simple answer is to encrypt all data – an approach called pervasive encryption. But doing this in software can impact service level agreements (SLAs) because of the performance overhead. Pervasive encryption becomes practical when it is done in hardware with special cryptographic co-processors.

Encryption keys also need to be protected in order to properly safeguard data. Holding encryption keys in the clear speeds processing, but opens up other possible attack vectors.

3. Zero Trust

66 percent of those surveyed said that they subscribe to a zero trust approach to security.

Typical approaches include implementing access control mechanisms and enforcing role-based access – and these have proved valuable in protecting systems from many threats.

However, this still leaves system administrators with widespread access to data and applications, and they have often been the culprit (either intentionally or accidentally) in recent insider attacks.

Addressing critical security issues with IBM LinuxONE

In September 2017, IBM announced the latest member of its LinuxONE enterprise server family – Emperor II – with a wide range of capabilities designed to operationalize security.

For multi-tenant clouds, hardware virtualization provides “air-gap” level isolation between logical partitions, protecting against any peer access to critical data by other customers. It also enables new virtual machines to be provisioned faster and share resources.

LinuxONE includes hardware encryption. Faster encryption and decryption makes it practical for organizations to pervasively encrypt 100 percent of data. Updates have also been submitted to the Linux kernel to enable support for protected encryption keys on LinuxONE.

Secure Service Containers provide a framework for deploying software appliances on LinuxONE. Once configured, access is permitted only through well-defined APIs and web interfaces. This prohibits access by rogue system administrators or other external threats to private data, providing validation of the appliance code at boot time and automatically encrypting all data.

Today, Secure Service Containers support IBM-provided appliances such as the IBM Blockchain Platform. A beta program offers users and developers the chance to evaluate and provide feedback to shape the future direction of IBM Secure Service Containers.

All of these capabilities are unique to IBM LinuxONE – learn more about operationalizing security with the industry’s most secure data server, or schedule a consult today.

[1] Operationalize Security To Secure Your Data Perimeter, a September 2017 commissioned study conducted by Forrester Consulting on behalf of IBM.

Program Director - LinuxONE Marketing

More Linux systems stories

Modern data protection innovations to fight cyber threats

In 2018, the average cost of a data security breach approached $3.9 million. But organizations that fully deployed security automation saved over $1.5 million per breach.[1] These metrics demonstrate the value of effective data protection and security solutions, and underscore the significance of recent data security-related announcements from IBM. “ESG’s research clearly shows that data […]

Continue reading

System security assessment for servers that support SAP HANA

Information is at the core of today’s digital business operations. As the value of your organization’s information grows, it can become the primary target for a breach. A data breach occurs when someone is allowed to read data without authorization to access it. Once hackers can read your data, they can steal or modify it. […]

Continue reading

New Container pricing enhancements bring pay-as-you-go model to z/OS

Today’s IT is fast-paced and in constant evolution. For many clients, IBM Z® is at the center of their digital transformation. Utilizing this secure, flexible infrastructure with the agility of public cloud and the security and resiliency of a private cloud, clients can accelerate the deployment of new services to help meet market demands. We continue to deliver security, development and […]

Continue reading