Realizing the dream: Encrypting all mainframe data

Share this post:

The ability to encrypt all of the data for an entire application or database has been an unfulfilled dream of IT for quite some time. After all, nobody wants to be the next big name splashed across news headlines when a data breach takes place, or stiff regulatory penalties are assessed. These possibilities drive many CIOs and CTOs to look seriously at increasing their use of encryption, particularly on mainframe systems in their IT infrastructure. Unfortunately, they haven’t always liked what they’ve seen.

Barriers to widespread mainframe data encryption

While deploying encryption on a device such as a mobile phone is relatively easy, encrypting data at the enterprise level can be extremely complex. Organizational leaders have to go through terabytes or petabytes of data to locate sensitive information and classify different data sources—or even different fields within a database—from the standpoint of security importance. This largely manual process is error-prone, time-consuming and costly, especially as organizations keep more data in large data lakes or in cloud-based repositories.

Point solutions such as application-level encryption provide only limited coverage. And the more someone deploys these solutions, the more disjointed their encryption strategy becomes and the increased encryption-decryption processing can take a toll on overall system and workload management performance. That degradation in performance and its consequences on the user experience has been a key challenge to deploying encryption more pervasively. As a result, barely over 2 percent of enterprise data in data centers is encrypted, leaving a large number of targets for cybercriminals.

The new view of data encryption

But that’s yesterday’s mode. Today, we’re moving from a paradigm of selective encryption to pervasive encryption as the new standard. A system that encrypts virtually all data all of the time makes it much more difficult for cybercriminals to find targets. To be effective, the encryption has to extend practically anywhere—across any data, networks and external devices.

Our new IBM Z (z14) mainframe is designed to meet these requirements. For the first time, IBM Z enables organizations to pervasively encrypt data—either in flight or at rest—that is associated with an entire application, cloud service or database.  All of this comes with no changes to the applications. It’s powered by the world’s most powerful and secure transaction system, capable of running more than 12 billion encrypted transactions per day. The customer experience doesn’t suffer.

The encryption keys are protected by a tamper-responding hardware security module, ensuring that they are never visible in memory to the operating system, hypervisor, or application. IBM Z provides another safeguard by enabling organizations to encrypt application programming interfaces (APIs), an essential capability as they build disruptive applications such as blockchain, and use APIs to connect them back to system-of-record data.

Pervasive encryption at favorable cost

Of course, because CIOs and CTOs need to pencil out potentially cost-effective solutions, IBM commissioned a study by Solitaire Interglobal that modeled the cost of using x86 systems of different sizes to selectively encrypt data. The same report mentioned previously concluded that in IBM Z and x86 systems configured to support the same overall level of business performance, the IBM Z encryption system delivered 8.5 times the security protection, ran 18.4 times faster, and at only one-twentieth of the cost.

For enterprises that want to protect more than just a small percent of their corporate data, this result may well spell the end of inefficient, piecemeal encryption. Learn more about IBM Z and the latest enhancements in the IBM z14 mainframe.

Program Director, IBM Z Offering Management

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Servers stories

IBM Storage: Client success intersects with industry’s top spot in storage software

According to the laws of physics, momentum is a three-dimensional phenomenon. The momentum of an object involves mass, velocity and direction. When industry observers note that IBM Storage is gaining momentum these days, they are right on the mark. What’s happening within and around the IBM Storage portfolio affects thousands of organizations across dozens of […]

Continue reading

Systems social media + IBM Think 2018 = The technology event you can’t miss

IBM Think, in its inaugural year, is a conference where the brightest minds will gather to help make businesses work smarter. IBM Systems will be there at the center of the Modern Infrastructure Campus, where you’ll find dozens of learning sessions, think tanks, certifications, networking and more. Whether you’re attending Think in person or following […]

Continue reading

Join us for IBM Z and LinuxONE education at SHARE Sacramento

Event season is in motion! If you’re an IT professional looking for education opportunities, this time of year can be busy. Organizations with an infrastructure built on IBM Z and LinuxONE technologies are excited about the upcoming SHARE conference in Sacramento, California. SHARE is a volunteer-run IT association that provides education, professional networking and industry […]

Continue reading