Data breaches: the threat is still real

By | 2 minute read | June 28, 2021

News headlines regularly feature the latest data breach and ransomware attack. It’s happening all over the world, nearly every day.

I first wrote about this risk in 2018. Sadly, despite efforts to combat cyberattacks, the threat is still all too real. Even in my hometown of Poughkeepsie, NY, a healthcare provider was hacked recently.

According to some analysts, hackers are not just looking for tons of raw data. Today, they’re especially focused on very valuable records such as user passwords, card and account numbers and social security numbers. As a result, today’s breaches can have especially far-reaching consequences.

The COVID-19 pandemic has created additional security risks with so many employees working remotely. In this climate, pervasive encryption is critical. It enables a customer to protect data even in the event of a breach. As I explained in my previous blog entry, pervasive encryption helps our clients to make the protection of data as easy and affordable as possible. It provides compliance quickly. And it works!

My team has helped many organizations improve their security posture by running IBM z/OS security health checks, to identify weak points in their security defense, or to implement pervasive encryption to better protect their client’s data.

One of our major clients from the payment industry implemented z/OS dataset encryption, the “star” feature of pervasive encryption, in a first phase with Db2 to maintain their compliance with PCI-DSS. And, as promised, the overhead was unnoticeable.

This is hardly the only success story. From the insurance industry to the healthcare industry, I’ve supported other implementations with high client satisfaction feedback. From a mainframe perspective, and from an IBM Lab Services point of view, I can say that I am relieved I haven’t been back to a hacked client crime scene lately.

We continue to improve pervasive, delivering enhancements such as the capability to encrypt non-extended format datasets and new functionalities like JES2 spool encryption (and compression). We also made key management easy with EKMF Web Edition. It is a graphical user interface running on Z to manage pervasive encryption keys easily and securely.

As you can read from my previous article, even for the mainframe, the most securable platform, a small mistake can put an entire business at risk.

But Lab Services is always ready to help. A pervasive encryption readiness assessment (PERA) can be a game changer. It is a one-day, on-site, in-person workshop (or two remote sessions while COVID restrictions persist), which provides in-depth education about pervasive encryption, readiness state assessment and an implementation roadmap. It is even easier for z15 clients to get help with the zForward program available at no additional charge.

Later on, Lab Services is also here to help you in your implementation journey, from what I call the fundamental bricks (such as ICSF and TKE), to the actual pervasive encryption implementation.

While cybercriminals become more and more sophisticated, our goal is to always be there, one step ahead. The threat may remain real, but the battle is far from over. So, if you are ready to fight, contact IBM Technology Lab Services now. We can help.