IBM Systems Lab Services

Data breaches: The threat is real

Share this post:

The threat is real. You see it in the newspaper headlines and on your TV news channel. As predicted years ago, data is now the new oil. As with any valuable resource, it has become the main target for criminal organizations. In the past, the threat came from burglars or spies. Now the threat is hackers.

No system is immune to hackers, including the mainframe, even though it is one of the most secure systems in the world. As reported in an article from IBM Systems Magazine, the IBM Systems Lab Services team was involved in investigating a possible data breach at a mainframe shop a few years ago. It was a rare example of hackers using a virtual machine in Europe sneaking inside a US-based z/OS system that hadn’t taken advantage of all the available security options.

The story had a happy ending. The hackers did not access data, and IBM Systems Lab Services put in some preventative measures to protect the system going forward, but the company was previously at risk.

Staying out of the data breach headlines

So, what can you do to reduce the risks of a data breach on your mainframe? IBM has responded to the increasing threats of a breach with pervasive encryption for IBM Z. This concept, based on software and hardware technology, helps make the protection of data as easy and affordable as possible. It’s designed to help clients fully encrypt data and support that decision with ongoing management. Pervasive encryption enables you to encrypt your data and it’s designed to do it without application changes and negative impacts to service level agreements. With IBM z14 and z/OS 2.3, the heart of pervasive encryption is z/OS data set encryption, with coupling facility encryption and z Encryption Readiness Technology (zERT). Plus, all the existing ways to encrypt data (at-rest or in-flight) will also benefit from this new pervasive encryption technology.

Now, if pervasive encryption is easy and affordable, why would you need support from IBM Systems Lab Services? The main challenge is not in the technology but in ensuring you’re optimizing your implementation with the right features and smoothing the deployment in your shop.

Optimizing your implementation

Optimizing your implementation is mainly ensuring that all the technical options are used correctly and that business processes are adjusted for encryption. For example, key management will require a strong backup procedure to ensure you don’t inadvertently cryptographically destroy all your data by losing a key. If you need to manage hundreds of keys, using basic tooling is probably not the best way to do it. Implementing IBM Enterprise Key Management Foundation (EKMF) would be an answer to this challenge.

Making a smooth deployment

Making a smooth deployment is all about ensuring that the people involved in the IT and business processes are aware of the technology, their role in the project and the need to carefully plan and execute the implementation. For example, z/OS data set encryption requires coordination of multiple teams, from system programmers to storage and security teams. They all need to know what to do and how to do it correctly at the right time. The larger the client organization is, the bigger the challenge is. That’s why we have the Pervasive Encryption Readiness Assessment and associated implementation services.

IBM Systems Lab Services and pervasive encryption

IBM Systems Lab Services has aligned multiple offerings dedicated to pervasive encryption to help our clients. From the Readiness Assessment to educate and align all the teams, to the EKMF implementation to assist in building robust and scalable key management processes, we are ready. And we are already doing it with clients like you.

From governments that want to protect data according to regulatory requirements, to major credit card industry clients who need to achieve GDPR compliance as quickly as possible, to an IT provider that already has thousands of keys to protect its client data and expects thousands more with z/OS data set encryption — numerous organizations around the world are using IBM Systems Lab Services for their pervasive encryption projects to take advantage of our experience and learn about best practices.

IBM Systems Lab Services has standard offerings dedicated to implementing all the technical elements that make security better and optimize pervasive encryption for your business. From AT-TLS implementation to the z/OS Security Health Checks (because there’s no point in implementing pervasive encryption if your base security is not enforcing industry best practices), we are always working to improve our clients’ security to help them avoid being in the data breach headlines.

If you’re looking for support on mainframe security, contact IBM Systems Lab Services today.

IBM Z Consultant, IBM Systems Lab Services

More IBM Systems Lab Services stories

Optimizing data lake infrastructure

In today’s world, data is the new oil, and there’s a great need to preserve that data for exploration and to derive value. A “data lake” acts as a repository that consolidates an organization’s data into a governed and well-managed environment that supports both analytics and production workloads. It embraces multiple data platforms, such as […]

Continue reading

Top IBM Power Systems myths: Linux on x/86 is different from Linux on Power

There are many misconceptions about IBM Power Systems in the marketplace today, and this blog series is all about dispelling some of the top myths. In the last post, I put aside the myth that IBM Power Systems has no cloud strategy. In this post, we’ll look at a myth that has been propagated by […]

Continue reading

Are you making the best of your Spark environment?

All companies are in the data business now. By empowering your organization to make data-driven decisions at a high speed, with optimal resource utilization, IT will soon become the data hero that helps shape the future of the business. Organizations from varied spheres are thus enthusiastic about 21st-century data science. “Big data” solutions have been […]

Continue reading