Security

Realizing the dream: Encrypting all mainframe data

Share this post:

The ability to encrypt all of the data for an entire application or database has been an unfulfilled dream of IT for quite some time. After all, nobody wants to be the next big name splashed across news headlines when a data breach takes place, or stiff regulatory penalties are assessed. These possibilities drive many CIOs and CTOs to look seriously at increasing their use of encryption, particularly on mainframe systems in their IT infrastructure. Unfortunately, they haven’t always liked what they’ve seen.

Barriers to widespread mainframe data encryption

While deploying encryption on a device such as a mobile phone is relatively easy, encrypting data at the enterprise level can be extremely complex. Organizational leaders have to go through terabytes or petabytes of data to locate sensitive information and classify different data sources—or even different fields within a database—from the standpoint of security importance. This largely manual process is error-prone, time-consuming and costly, especially as organizations keep more data in large data lakes or in cloud-based repositories.

Point solutions such as application-level encryption provide only limited coverage. And the more someone deploys these solutions, the more disjointed their encryption strategy becomes and the increased encryption-decryption processing can take a toll on overall system and workload management performance. That degradation in performance and its consequences on the user experience has been a key challenge to deploying encryption more pervasively. As a result, barely over 2 percent of enterprise data in data centers is encrypted, leaving a large number of targets for cybercriminals.

The new view of data encryption

But that’s yesterday’s mode. Today, we’re moving from a paradigm of selective encryption to pervasive encryption as the new standard. A system that encrypts virtually all data all of the time makes it much more difficult for cybercriminals to find targets. To be effective, the encryption has to extend practically anywhere—across any data, networks and external devices.

Our new IBM Z (z14) mainframe is designed to meet these requirements. For the first time, IBM Z enables organizations to pervasively encrypt data—either in flight or at rest—that is associated with an entire application, cloud service or database.  All of this comes with no changes to the applications. It’s powered by the world’s most powerful and secure transaction system, capable of running more than 12 billion encrypted transactions per day. The customer experience doesn’t suffer.

The encryption keys are protected by a tamper-responding hardware security module, ensuring that they are never visible in memory to the operating system, hypervisor, or application. IBM Z provides another safeguard by enabling organizations to encrypt application programming interfaces (APIs), an essential capability as they build disruptive applications such as blockchain, and use APIs to connect them back to system-of-record data.

Pervasive encryption at favorable cost

Of course, because CIOs and CTOs need to pencil out potentially cost-effective solutions, IBM commissioned a study by Solitaire Interglobal that modeled the cost of using x86 systems of different sizes to selectively encrypt data. The same report mentioned previously concluded that in IBM Z and x86 systems configured to support the same overall level of business performance, the IBM Z encryption system delivered 8.5 times the security protection, ran 18.4 times faster, and at only one-twentieth of the cost.

For enterprises that want to protect more than just a small percent of their corporate data, this result may well spell the end of inefficient, piecemeal encryption. Learn more about IBM Z and the latest enhancements in the IBM z14 mainframe.

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Servers Stories

How to catch a unicorn on your cloud

Of course you love all of your clients, especially the profitable ones. But face it, not all of them are cash cows, growing exponentially and driving your revenues skyward. You could wish upon a star and hope one of your current clients suddenly catches fire, or maybe there’s a better way. Maybe you could stack […]

Continue reading

Building the workforce for the cognitive era

Mainframes are the core infrastructure system for many of the world’s leading businesses, including 92 of the top 100 global banks, the 10 top insurers and 18 of the top 25 retailers. Given the importance of these systems to their businesses, clients often ask what IBM is doing to help ensure a strong pipeline of […]

Continue reading

Storage disaster recovery: Are you using the right tool?

Disaster recovery (DR) and business continuity planning isn’t a one-time event. Effective DR and business continuity requires ongoing management and has to be integrated into your day-to-day operations. Storage systems are one of the most critical dimensions in DR and business continuity planning, and most organizations feel that planning for it is a complex task […]

Continue reading