A passport to data-centric protection and privacy

By | 3 minute read | January 8, 2020

From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IBM Systems IT Infrastructure blog. The opinions in these posts are their own, and do not necessarily reflect the views of IBM.

Author Chuck Brooks discussed the emerging data privacy and protection landscape with IBM Z Security Offering Manager Jessica Doherty and Senior Technical Staff Member Anthony Sofia. Over the next two blog posts, we’ll learn what he discovered and what IBM is doing to tackle these new challenges.

Since the global economy increasingly runs on the fuel of data, data security and privacy have become essential priorities for any business wanting to thrive in the marketplace. For a business to be successful, it must be able to keep data private and protected in all forms — no matter where it resides.

Protecting data is a significant challenge. Businesses are facing growing risks in data loss — both in cost and numbers. Breaches are common and the costs associated with them are going up too. The 2019 IBM sponsored Ponemon Cost of a Data Breach Report estimates that the average total cost of a breach is now $3.92 million.[1] More alarming is that 59 percent of companies[2] experienced a data breach caused by a third party and that, according to an IBM-sponsored study by Solitaire Interglobal Ltd., 78 percent of customers surveyed would not automatically return to a business after a data breach.[3]

The new paradigm of data-centric protection

IBM approaches the challenges of the merging digital landscape by using a framework of data-centric audit and protection (DCAP). In its simplest form, DCAP indicates that once protected data is protected regardless of location: whether on- or off-premises, in flight or at rest, as an unauthorized copy or on a memory stick.

The core of IBM’s DCAP approach is evidenced in its new platform, the IBM z15™.

The IBM z15 is data-centric in the design of its architecture. The platform has demonstrated a massive improvement in crypto acceleration. A key factor in performance is its ability to compress data. The IBM z15 can compress data with zlib 42x faster with Integrated Accelerator for zEDC compared to using software compression on its predecessor the IBM z14™.[4] The combination of enhanced encryption and compression capabilities is a real game-changer.

Encryption everywhere and cloud native development

The security of data on the IBM z15 platform is characterized by two key aspects: 1) encrypting data everywhere, which enables clients to provision and revoke access to data at any time, across a hybrid multicloud environment; and 2) cloud-native development designed so that developers can more easily modernize apps in place, build new cloud-native apps and  integrate important workloads across the secured hybrid cloud.

For me, encrypting everywhere is a dynamic change for addressing breaches transparently and directly. Encrypting data everywhere protects the users from compromised file records, and it gives additional protection to the point of data in use. The IBM z15 encryption enables you to encrypt 100 percent of data at the database, data set and disk level, with no changes to applications. That includes a zero-trust model of comprehensive multiple layers of encryption — from disk and tape up through applications.

Cloud native development is also a critical function to improve cybersecurity functions. The combination of encryption everywhere and cloud-native development allows for operations in a transparent and optimized environment designed to provide security that is data-centric rather than point to point.

Read more about encryption everywhere and cloud native development with z15 here, and stay tuned for part 2 of this blog, which will go deeper into IBM’s data privacy solutions.

You can also watch an on-demand webinar to see how the unparalleled data protection of IBM z15 helps you meet consumer privacy demands and protect against data breach damage while reducing data protection cost and complexity.

Read Part two here.


[1] “Cost of a Data Breach Report 2019.” IBM and Ponemon Institute, 2019. 

[2] “2018 Data Risk in the Third-Party Ecosystem: Third Annual Study.” Ponemon Institute, 2018. Written permission to use stat received 9 September 2019.

[3]  Solitaire Interglobal Ltd, “Scaling the Digital Mountain.” An IBM-sponsored study.

[4] Claim: Compress data with zlib on z15 with 4 IFLs up to 42x faster with Integrated Accelerator for zEDC compared to using software compression. Substantiation: Performance results based on IBM internal tests running the minigzip benchmark with compression level -1 from the dfl tcc branchof zlib (downloaded from https://github.com/iii-i/zlib/tree/dfltcc-20190708). Source data files were taken from the Large Corpus (downloaded from http://corpus.canterbury.ac.nz/descriptions). Canterbury.tar contained all files from all corpora. Results may vary. z15 configuration: LPAR  with 4 dedicated IFLs, 64 GB  memory, 40 GB DASD storage, SLES 12 SP4 (SMT  mode).