Pervasive encryption: The new standard in data protection

Share this post:

Virtually every business faces the daunting challenges of protecting of their customers’ trust and their data, complying with increasingly stringent regulatory and compliance requirements, managing challenging IT environments, and keeping costs down.

IBM Z offers the most secure platform, and with carefully-defined security policies your data can be kept very safe.  Even so, there may be risks that you have not anticipated or hidden gaps that remain in your security policy.

Encryption of data

One of the best ways to protect data is to keep it encrypted.  Only 2 percent of corporate data within data centers is encrypted, contrasted with more than 80 percent of data on mobile devices according to a recent Solitaire Paper.   With the stakes so high, why don’t more companies encrypt more of the data within their enterprise?  The short answer is that it is often expensive and complex to do so.

Selective encryption in the application is very high cost, requires ongoing changes and maintenance, and is difficult to plan.  Pervasive encryption has much lower people costs and simplifies maintenance, but can drive up CPU capacity requirements and software license charges.

IBM’s solution – z/OS dataset encryption

IBM has provided z/OS customers with a number of powerful security enhancements, including encryption of data to/from the coupling facility, but dataset encryption is the most critical to a pervasive encryption strategy at low cost.  With dataset encryption, your system administrators can make the necessary changes quickly and easily to ensure that all data associated with entire applications and databases is protected without the high cost of application development and testing.

IBM Z and z/OS are designed to work with huge amounts of data.  Data is often read and written in large blocks.  Databases carefully buffer data to avoid recurrent I/O requests.  Dataset encryption is optimized to work well in this environment.  Data is encrypted within z/OS before it is written to disk and decrypted after it is read from disk using CP Assist for Cryptographic Function (CPACF).  CPACF works very efficiently with the large block sizes and provides the added security of protected key technology.

Cost: Huge improvements with z14

We have analyzed data from some clients to estimate the additional MIPS needed during their peak 4-hour window to encrypt all datasets.  On the z13 machine, some clients would need 30 percent more MIPS, but on z14 most of these clients would need less than 5 percent more MIPS.  I/O intensity is a key factor.  For workloads like I/O intensive batch, the cost of encryption will be higher.  For workloads like online transaction processing, the cost of encryption will generally be lower.

additional MIPS needed for encryption of all datasets, Data Encryption

IBM has provided tools to help estimate the cost of dataset encryption:

  • Use zBNA to provide a detailed estimate of the cost of dataset encryption.
  • Contact IBM to request a zCP3000 study for a high-level estimate of the dataset encryption cost.


IBM offers dataset encryption as a necessary component of a pervasive encryption strategy.  Dataset encryption enables you to meet your data security goals and compliance requirements without application changes and with simpler maintenance and lower cost.

IBM z14 provides huge reductions in the CPU cost of dataset encryption.

Contact your IBM account team for a zCP3000 study and use the zBNA tool to estimate the additional CPU capacity needed to enable dataset encryption.

If you are not on a z14 yet, be sure to get an estimate of how much the z14 can reduce your capacity requirements for dataset encryption.

Click here to learn more about how to optimize your enterprise encryption strategy.

Senior Technical Staff Member – IBM Z Performance

More Security stories

The new normal: A secure and agile business

If you’re like most of the IT leaders in this industry, you know that high stakes boardroom conversations are changing as fast as the pace of technology innovation. Today’s executives in a digitally empowered world, want IT to innovate and deliver outstanding user experiences, all built on a strong foundation of equity and trust in […]

Continue reading

Enhancing business value with IT operations on IBM Z

Business leaders sometimes think of IT operations as little more than a team with a set of processes and tools to “keep the lights on.” IT is expected to maintain 100 percent uptime on the lowest budget possible in the face of increasing complexity. Of course, everyone recognizes the vital importance of strong IT operations […]

Continue reading

Achieving agility in a hybrid and multicloud world

Just two decades ago, most enterprise IT infrastructure resided on premises. Many enterprises have since moved portions of their infrastructure to one or more private or public clouds, and IBM believes that most enterprises will maintain a balance of on-premises and cloud infrastructure. They will continue to use the cloud for what the cloud is […]

Continue reading