Pervasive encryption: The new standard in data protection

Share this post:

Virtually every business faces the daunting challenges of protecting of their customers’ trust and their data, complying with increasingly stringent regulatory and compliance requirements, managing challenging IT environments, and keeping costs down.

IBM Z offers the most secure platform, and with carefully-defined security policies your data can be kept very safe.  Even so, there may be risks that you have not anticipated or hidden gaps that remain in your security policy.

Encryption of data

One of the best ways to protect data is to keep it encrypted.  Only 2 percent of corporate data within data centers is encrypted, contrasted with more than 80 percent of data on mobile devices according to a recent Solitaire Paper.   With the stakes so high, why don’t more companies encrypt more of the data within their enterprise?  The short answer is that it is often expensive and complex to do so.

Selective encryption in the application is very high cost, requires ongoing changes and maintenance, and is difficult to plan.  Pervasive encryption has much lower people costs and simplifies maintenance, but can drive up CPU capacity requirements and software license charges.

IBM’s solution – z/OS dataset encryption

IBM has provided z/OS customers with a number of powerful security enhancements, including encryption of data to/from the coupling facility, but dataset encryption is the most critical to a pervasive encryption strategy at low cost.  With dataset encryption, your system administrators can make the necessary changes quickly and easily to ensure that all data associated with entire applications and databases is protected without the high cost of application development and testing.

IBM Z and z/OS are designed to work with huge amounts of data.  Data is often read and written in large blocks.  Databases carefully buffer data to avoid recurrent I/O requests.  Dataset encryption is optimized to work well in this environment.  Data is encrypted within z/OS before it is written to disk and decrypted after it is read from disk using CP Assist for Cryptographic Function (CPACF).  CPACF works very efficiently with the large block sizes and provides the added security of protected key technology.

Cost: Huge improvements with z14

We have analyzed data from some clients to estimate the additional MIPS needed during their peak 4-hour window to encrypt all datasets.  On the z13 machine, some clients would need 30 percent more MIPS, but on z14 most of these clients would need less than 5 percent more MIPS.  I/O intensity is a key factor.  For workloads like I/O intensive batch, the cost of encryption will be higher.  For workloads like online transaction processing, the cost of encryption will generally be lower.

additional MIPS needed for encryption of all datasets

IBM has provided tools to help estimate the cost of dataset encryption:

  • Use zBNA to provide a detailed estimate of the cost of dataset encryption.
  • Contact IBM to request a zCP3000 study for a high-level estimate of the dataset encryption cost.


IBM offers dataset encryption as a necessary component of a pervasive encryption strategy.  Dataset encryption enables you to meet your data security goals and compliance requirements without application changes and with simpler maintenance and lower cost.

IBM z14 provides huge reductions in the CPU cost of dataset encryption.

Contact your IBM account team for a zCP3000 study and use the zBNA tool to estimate the additional CPU capacity needed to enable dataset encryption.

If you are not on a z14 yet, be sure to get an estimate of how much the z14 can reduce your capacity requirements for dataset encryption.

Click here to learn more about how to optimize your enterprise encryption strategy.

Senior Technical Staff Member – IBM Z Performance

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Servers stories

Join us at IBM Systems Technical University 2018 events!

Cloud and cognitive technologies may be driving the future of business, but just as important as implementing them is optimizing the infrastructure that supports them. In 2018, IT professionals can grow their skills in designing, building and delivering IT infrastructure for the cloud and cognitive era by attending IBM Systems Technical University (TechU). To serve the demand […]

Continue reading

‘Twas the night before Go Live

‘Twas the night before Go Live, when all through the site, Technologies were in place to make it run right; A new cloud-based app had been rolled out with care, In hopes that customers soon would be there. The whole DevOps crew was snug in their beds, While visions of gigabytes danced in their heads. […]

Continue reading

How to catch a unicorn on your cloud

Of course you love all of your clients, especially the profitable ones. But face it, not all of them are cash cows, growing exponentially and driving your revenues skyward. You could wish upon a star and hope one of your current clients suddenly catches fire, or maybe there’s a better way. Maybe you could stack […]

Continue reading