Mainframes

Is your enterprise encryption strategy a compromise?

Share this post:

Protecting your business, part 1

There are many different statistics available on the risks and impact of data breaches.  The most alarming one in my opinion is this: out of the nearly 6 billion data records breached since 2013, Breach Level Index reports that only 4 percent were encrypted.  This is staggering given that most organizations recognize the risks and understand the importance of data security and encryption.  It begs the question — Why do we see such a significant disconnect between known risks and the level of data protection?

Security today

Strong walls and perimeter defenses are no longer adequate to prevent cyber-attacks in today’s enterprises.  There are countless points of entry into an organization’s IT environment, all of which lead to what should be private data.  Not only could a team be completely consumed by trying to secure all of the potential entry points, but they could do all that and still not achieve their objective.  Threats from insiders, whether they be from rogue insiders or attackers posing as insiders, complicate the situation further.

Though many organizations recognize that encryption is vital, they struggle in their data encryption journey.  The main reason is that implementing encryption is extremely complex.  Many wrestle with questions such as: What data needs to be encrypted?  Where should encryption occur? Who is responsible for encryption?  Leaders in organizations which have already started down the path are beginning to grasp the complexity and challenges involved in reaching their destination.

Roadblocks to deploying an enterprise encryption strategy can include insufficient skills, resource constraints, overhead costs, technology limitations, and an all-too-common problem — not knowing where the sensitive data is located.  Since none of these are easily overcome, companies often veer off the original path out of necessity and end up with best-effort encryption versus the best-in-class encryption originally planned.

Industry and government regulations mandate that certain sensitive data be encrypted.  Thus, many organizations have adopted the practice of selective encryption.  They look for credit card data, social security numbers and other sensitive data and encrypt a subset of data. Adopting selective encryption makes sense in theory but falls short of protecting all of the digital assets of value to an organization.

In summary, traditional approaches alone aren’t sufficient.  If they were, we wouldn’t be hearing another report about how our personal data was breached. Organizations must operate on the premise that potential attackers are already inside and must view regulations regarding data security as a minimum threshold, not a best practice.  It is time for a paradigm shift in protecting the data at the core of the enterprise.

A new approach

Data needs to be treated as the new perimeter.  To achieve any chief information security officer’s (CISO) ideal of enterprise data protection, organizations should adopt a strategy of encrypting all data wherever it resides.

It is easy to envision how pervasive encryption can minimize the risk and impact of a data breach.  However, it can also help with encryption deployment and compliance.  By encrypting data at a broad scale, organizations can move forward on encryption quickly since the process of identifying and classifying data is decoupled from the act of implementing encryption.  Additionally, it simplifies compliance reporting by being able to show all data is encrypted.   And lastly, pervasive encryption helps protect all of an organization’s digital assets – not just those mandated by compliance.

Protect your business

Do not compromise on your enterprise encryption strategy.  in the future in this blog series, we’ll explore how new technologies that support pervasive encryption can help you with that.  Until then, watch this webcast to learn how to begin encrypting everything without changing anything.

IBM z Systems encryption, Encryption Strategy

More Mainframes stories

The unbearable lightness of being: mainframe on the cloud

Cloud computing, Mainframes, Servers

Some time ago, having the words “cloud” and “mainframe” in the same phrase was considered implausible or even impossible. Working with mainframe-related technologies or even directly with any mainframe applications was always associated with green screens, blocky letters and this feeling of old technology. We could say this feeling still exists among a lot of ...read more


IBM Z enhances the journey to cloud

Cloud computing, Linux on z, Mainframes

In today’s fast-paced world, forward-thinking enterprises constantly seek to innovate while continuing to delight their customers. Cloud–public, private and hybrid–underpins how these enterprises are innovating while also introducing new challenges. The world is not getting any simpler. It’s not moving to fewer clouds. It’s not moving to fewer options. Hybrid multicloud is the new standard. ...read more


IBM Z defines the future of hybrid cloud

Cloud computing, Ecosystem & partners, Mainframes

 The stakes remain high for IT leaders. Not only do they have to respond to dynamic business demands in real time, they must optimize operations on their increasingly complicated multi-platform, multicloud environments– all while simultaneously managing resources and budgets. In short, the mandate for IT leaders remains: “Do more with less.” Today, IBM is announcing ...read more