Share this post:
The threat is real. You see it in the newspaper headlines and on your TV news channel. As predicted years ago, data is now the new oil. As with any valuable resource, it has become the main target for criminal organizations. In the past, the threat came from burglars or spies. Now the threat is hackers.
No system is immune to hackers, including the mainframe, even though it is one of the most secure systems in the world. As reported in an article from IBM Systems Magazine, the IBM Systems Lab Services team was involved in investigating a possible data breach at a mainframe shop a few years ago. It was a rare example of hackers using a virtual machine in Europe sneaking inside a US-based z/OS system that hadn’t taken advantage of all the available security options.
The story had a happy ending. The hackers did not access data, and IBM Systems Lab Services put in some preventative measures to protect the system going forward, but the company was previously at risk.
Staying out of the data breach headlines
So, what can you do to reduce the risks of a data breach on your mainframe? IBM has responded to the increasing threats of a breach with pervasive encryption for IBM Z. This concept, based on software and hardware technology, helps make the protection of data as easy and affordable as possible. It’s designed to help clients fully encrypt data and support that decision with ongoing management. Pervasive encryption enables you to encrypt your data and it’s designed to do it without application changes and negative impacts to service level agreements. With IBM z14 and z/OS 2.3, the heart of pervasive encryption is z/OS data set encryption, with coupling facility encryption and z Encryption Readiness Technology (zERT). Plus, all the existing ways to encrypt data (at-rest or in-flight) will also benefit from this new pervasive encryption technology.
Now, if pervasive encryption is easy and affordable, why would you need support from IBM Systems Lab Services? The main challenge is not in the technology but in ensuring you’re optimizing your implementation with the right features and smoothing the deployment in your shop.
Optimizing your implementation
Optimizing your implementation is mainly ensuring that all the technical options are used correctly and that business processes are adjusted for encryption. For example, key management will require a strong backup procedure to ensure you don’t inadvertently cryptographically destroy all your data by losing a key. If you need to manage hundreds of keys, using basic tooling is probably not the best way to do it. Implementing IBM Enterprise Key Management Foundation (EKMF) would be an answer to this challenge.
Making a smooth deployment
Making a smooth deployment is all about ensuring that the people involved in the IT and business processes are aware of the technology, their role in the project and the need to carefully plan and execute the implementation. For example, z/OS data set encryption requires coordination of multiple teams, from system programmers to storage and security teams. They all need to know what to do and how to do it correctly at the right time. The larger the client organization is, the bigger the challenge is. That’s why we have the Pervasive Encryption Readiness Assessment and associated implementation services.
IBM Systems Lab Services and pervasive encryption
IBM Systems Lab Services has aligned multiple offerings dedicated to pervasive encryption to help our clients. From the Readiness Assessment to educate and align all the teams, to the EKMF implementation to assist in building robust and scalable key management processes, we are ready. And we are already doing it with clients like you.
From governments that want to protect data according to regulatory requirements, to major credit card industry clients who need to achieve GDPR compliance as quickly as possible, to an IT provider that already has thousands of keys to protect its client data and expects thousands more with z/OS data set encryption — numerous organizations around the world are using IBM Systems Lab Services for their pervasive encryption projects to take advantage of our experience and learn about best practices.
IBM Systems Lab Services has standard offerings dedicated to implementing all the technical elements that make security better and optimize pervasive encryption for your business. From AT-TLS implementation to the z/OS Security Health Checks (because there’s no point in implementing pervasive encryption if your base security is not enforcing industry best practices), we are always working to improve our clients’ security to help them avoid being in the data breach headlines.
If you’re looking for support on mainframe security, contact IBM Systems Lab Services today.