Encryption

Is your smartphone data safer than your enterprise data?

Share this post:

More than eighty percent of smartphone data is encrypted, according to an IBM-sponsored Solitaire Interglobal Ltd. report upon which this blog post is based.[i] You might expect a similarly high percentage of enterprise data to be encrypted as well, especially considering that encrypted data is rarely successfully attacked.[ii] Yet most organizations today are encrypting only a minimum of data.[iii]

sailboat

Selective encryption can leave your enterprise struggling to plug the leaks in your data security defenses.

Encrypting just a portion of data leaves your organization vulnerable to cyberattacks. And despite its limited effectiveness, encrypting selectively still requires significant resources and creates headaches for you as a decision maker. For instance, how do you prioritize which data to encrypt? Where should encryption occur? And who is responsible for it?

If selective encryption is such a limited approach, why don’t most organizations encrypt all data? Here’s a closer look at the traditional challenges of full encryption–and a solution created to help organizations rethink these challenges and build a safer world for your corporate data.

Why few organizations were encrypting all data… until now

Encrypting all data–at the application, database and cloud service level–is a strong protection against data breaches. It’s also a simpler method of encryption. With full encryption you encrypt all data and don’t need to answer the tricky questions posed above. You simplify your compliance activities by gaining the ability to implement policies across a data set, rather than at the field level. And you close breach loopholes by minimizing your administrators’ access to sensitive data.[iv]

Despite its seemingly obvious advantages, attempting full encryption on a traditional x86 architecture can be extremely challenging according to the Solitaire report:

  • sailboat 2It’s costly. Full encryption on an x86 architecture is prohibitively expensive for most organizations. Embedding encryption into all applications can quickly create onerous costs.[v]
  • It requires significant processing power. x86 processors are not typically built to encrypt at scale. Encrypting all data at the hardware level can max out your processing power in a hurry, leaving you without resources to run core systems and applications. While full encryption may be possible in an x86 environment, it’s not practical because of the performance overhead required.[vi]

Full data encryption is the best way to help protect your business against cyberthreats. But it can be prohibitively expensive and resource-intensive on many common architectures. Fortunately, there’s a solution.

Make the pervasive encryption dream a reality with an enterprise computing platform

An enterprise computing platform allows you to simply and cost-effectively encrypt enterprise data. With innovative processing power and technology, this platform can encrypt application, database and cloud service data easily and inexpensively – whether the data is at rest or in flight.[vii]

According to the Solitaire report, with pervasive encryption available on an enterprise computing platform, you can…

  • Encrypt effectively: On an enterprise platform you can encrypt data while requiring minimal processing resources and no changes to applications or SLAs.[viii]
  • Encrypt quickly: You can encrypt data 18.4 times faster than on competing platforms and respond to security threats 85.8 percent more quickly.[ix]
  • Encrypt cost-efficiently: Encrypt fully for 93 percent less cost and 81 percent less effort than on competing platforms.[x]

sailboat 3Data is your most valuable resource. Yet because of cost, time and resource constraints, it often isn’t protected as it could be. With pervasive encryption of data on an enterprise computing platform, you can address these challenges to deliver data security at just five percent of the cost of competing solutions.[xi] Better data security can help create a better world–a world where customer reliance is unbreakable, and where your innovation and growth is less constrained by cyberthreat concerns.

Discover how to keep customer trust through a secure infrastructure

Read the previous blog posts in this series:

[i]When it came to mobile devices, approximately 82% of data on those platforms is encrypted” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection” on https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&, page 20

[ii]“Only 4% of breaches were “Secure Breaches” where encryption was used and the stolen data was rendered useless” – statement on https://www.breachlevelindex.com based on research by Gemalto.

[iii]“Only 2.13% of enterprise data within datacenters is encrypted.”  – Pervasive Encryption  – A New Paradigm for Protection, Solitaire Interglobal Ltd, page 20, URL: https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

[iv] “It provides policy-based encryption tied to access control and encourages a separation of roles, ensuring that security stays within control of security administrators (as opposed to storage admins or other actors). Increased granularity allows for a higher level of specificity in applying encryption, so users can better determine what data get protected and how. The ability to encrypt data in bulk for lower overhead further mitigates exposures caused by misidentification or misclassification of sensitive data and simplifies the audit process (by pervasively encrypting and by lowering the number of auditable human actors who can view data in the clear). – statement from IBM Journal of Research & Development R&D Volume 62 No 2/3 Paper 2 “Enabling pervasive encryption through IBM Z stack innovations”, page 4, URL: https://ieeexplore.ieee.org/document/8270590/

[v]“Taking the average load for each platform within the study group, that deployment would result in the addition of up to 12.2 times the number of current servers. Such an increase in platform count would substantially raise the cost of operations. The impact on the organization adopting this solution would be considerable, with sharply rising hardware, software, and personnel expenses.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 21, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

[vi]Taking the average load for each platform within the study group, that deployment would result in the addition of up to 12.2 times the number of current servers. Such an increase in platform count would substantially raise the cost of operations. The impact on the organization adopting this solution would be considerable, with sharply rising hardware, software, and personnel expenses.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 21, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

[vii]1- “For the analyzed organizations in a recent SIL study, organizations that deploy pervasive encryption on IBM Z can reduce overall processing overhead by as much as 91.7%.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 22, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

2 – “Innovations in the software stack, in turn, leverage these encryption capabilities to allow organizations to protect corporate and client data from internal and external threats, with no need for application changes and no impact on service-level agreements (SLAs).” – statement from IBM Journal of Research & Development R&D Volume 62 No 2/3 Paper 2 “Enabling pervasive encryption through IBM Z stack innovations”, page 2, URL: https://ieeexplore.ieee.org/document/8270590/

[viii] 1- “For the analyzed organizations in a recent SIL study, organizations that deploy pervasive encryption on IBM Z can reduce overall processing overhead by as much as 91.7%.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 22, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

2 – “Innovations in the software stack, in turn, leverage these encryption capabilities to allow organizations to protect corporate and client data from internal and external threats, with no need for application changes and no impact on service-level agreements (SLAs).” – statement from IBM Journal of Research & Development R&D Volume 62 No 2/3 Paper 2 “Enabling pervasive encryption through IBM Z stack innovations”, page 2, URL: https://ieeexplore.ieee.org/document/8270590/

[ix]“IBM mainframe architecture can deliver encryption up to 18.4 times faster, for only 5% of the cost of other platform solutions” and “The same standard activities on Z consume up to 85.80%  less clock time than those executed on other platforms”, statement from Solitaire research paper “Pervasive Encryption, the New Paradigm for Protection”, page 28 on https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

[x]Based on initial installations, the foundation Z security solution provides as much as 8.5 times the interception level of alternative platform solutions at 93% less cost in overall expenditure, and with 81% less effort.”, statement from Solitaire research paper “Pervasive Encryption, the New Paradigm for Protection”, page 28 on https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

[xi]The full impact of the faster encryption engine and the ability to encrypt information in bulk creates a fully pervasive solution that runs more than 18.4 times faster and at only 1/20 of the cost of other solutions.” – statement from Solitaire research paper “Pervasive Encryption, the New Paradigm for Protection”, page 28 on https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&

More Encryption stories

Protection against malware: IBM AIX has your back

IBM Systems Lab Services, Power Systems, Security

“How can we protect our IBM AIX systems from malware attacks?” As a cyber security consultant, I come across this question more than any other when it comes to securing servers running IBM AIX. Most security breaches today are based on malware attacks, especially in banking sector. The infamous FASTCash malware has infected many banks’ ...read more


The next big leaps for IBM modern data protection

Data security, Multicloud, Storage

Recent analyst research indicates why hybrid multicloud support is becoming increasingly important. According to a 2019 ESG report [1], 67 percent of organizations surveyed currently use public cloud services in their data protection environment. Among those companies, on average 26 percent of their protection environments (measured by amount of data) are housed in the cloud, ...read more


Riding LinuxONE Systems in the hybrid cloud

Data security, LinuxONE solutions, Open source

Alf Thunberg often rides a motorcycle to the office. He repairs his two motorcycles himself, and rides the vintage bikes to work, wearing his helmet and a business suit. He’s taking an all-in-one approach to his daily travels, reducing unnecessary costs wherever possible. He applies the same approach to deploy client applications on scalable data ...read more