IBM Systems Lab Services

Data breaches: The threat is real

Share this post:

The threat is real. You see it in the newspaper headlines and on your TV news channel. As predicted years ago, data is now the new oil. As with any valuable resource, it has become the main target for criminal organizations. In the past, the threat came from burglars or spies. Now the threat is hackers.

No system is immune to hackers, including the mainframe, even though it is one of the most secure systems in the world. As reported in an article from IBM Systems Magazine, the IBM Systems Lab Services team was involved in investigating a possible data breach at a mainframe shop a few years ago. It was a rare example of hackers using a virtual machine in Europe sneaking inside a US-based z/OS system that hadn’t taken advantage of all the available security options.

The story had a happy ending. The hackers did not access data, and IBM Systems Lab Services put in some preventative measures to protect the system going forward, but the company was previously at risk.

Staying out of the data breach headlines

So, what can you do to reduce the risks of a data breach on your mainframe? IBM has responded to the increasing threats of a breach with pervasive encryption for IBM Z. This concept, based on software and hardware technology, helps make the protection of data as easy and affordable as possible. It’s designed to help clients fully encrypt data and support that decision with ongoing management. Pervasive encryption enables you to encrypt your data and it’s designed to do it without application changes and negative impacts to service level agreements. With IBM z14 and z/OS 2.3, the heart of pervasive encryption is z/OS data set encryption, with coupling facility encryption and z Encryption Readiness Technology (zERT). Plus, all the existing ways to encrypt data (at-rest or in-flight) will also benefit from this new pervasive encryption technology.

Now, if pervasive encryption is easy and affordable, why would you need support from IBM Systems Lab Services? The main challenge is not in the technology but in ensuring you’re optimizing your implementation with the right features and smoothing the deployment in your shop.

Optimizing your implementation

Optimizing your implementation is mainly ensuring that all the technical options are used correctly and that business processes are adjusted for encryption. For example, key management will require a strong backup procedure to ensure you don’t inadvertently cryptographically destroy all your data by losing a key. If you need to manage hundreds of keys, using basic tooling is probably not the best way to do it. Implementing IBM Enterprise Key Management Foundation (EKMF) would be an answer to this challenge.

Making a smooth deployment

Making a smooth deployment is all about ensuring that the people involved in the IT and business processes are aware of the technology, their role in the project and the need to carefully plan and execute the implementation. For example, z/OS data set encryption requires coordination of multiple teams, from system programmers to storage and security teams. They all need to know what to do and how to do it correctly at the right time. The larger the client organization is, the bigger the challenge is. That’s why we have the Pervasive Encryption Readiness Assessment and associated implementation services.

IBM Systems Lab Services and pervasive encryption

IBM Systems Lab Services has aligned multiple offerings dedicated to pervasive encryption to help our clients. From the Readiness Assessment to educate and align all the teams, to the EKMF implementation to assist in building robust and scalable key management processes, we are ready. And we are already doing it with clients like you.

From governments that want to protect data according to regulatory requirements, to major credit card industry clients who need to achieve GDPR compliance as quickly as possible, to an IT provider that already has thousands of keys to protect its client data and expects thousands more with z/OS data set encryption — numerous organizations around the world are using IBM Systems Lab Services for their pervasive encryption projects to take advantage of our experience and learn about best practices.

IBM Systems Lab Services has standard offerings dedicated to implementing all the technical elements that make security better and optimize pervasive encryption for your business. From AT-TLS implementation to the z/OS Security Health Checks (because there’s no point in implementing pervasive encryption if your base security is not enforcing industry best practices), we are always working to improve our clients’ security to help them avoid being in the data breach headlines.

If you’re looking for support on mainframe security, contact IBM Systems Lab Services today.

More IBM Systems Lab Services stories

IBM PowerAI Vision: A visual recognition AI solution

AI, IBM Systems Lab Services, Power Systems

Many organizations are interested in employing deep learning and data science but have a skill and resource gap that impedes adoption of these technologies. To address this need, IBM created an easy deep learning solution specifically for business users. Designed to lower the barrier of entry required to create AI applications, IBM PowerAI Vision — ...read more


Top IBM Power Systems myths: The OpenPOWER Foundation is not really an industry backed consortium

IBM Systems Lab Services, OpenPOWER, Power Systems

There are many misconceptions about IBM Power Systems in the marketplace today, and this blog series is helping to dispel some of the top myths. In my last post, I put aside the myth that the x86 architecture is the de-facto industry standard for all applications and that Power Systems will soon become obsolete. In ...read more


The rise of Open Source Databases

IBM Systems Lab Services, Linux on Power Systems, Power Systems

After many years of working in the IT industry, both as an IT manager in a large telecommunications setup and as a consultant providing solutions to my clients, I’ve come to see a huge interest among users in leveraging more open source software and standards. It comes as no surprise to me that the adoption ...read more