Secure hybrid cloud with encryption everywhere on IBM z15
By Jo Peterson | 3 minute read | October 7, 2019
From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IBM Systems IT Infrastructure blog. The opinions in these posts are their own, and do not necessarily reflect the views of IBM.
Securing hybrid cloud environments is a shared responsibility. IT teams are looking for reliable tools to help navigate the process. It’s ideal if these tools can scale automatically and are customizable and programmable. Tailoring security for a client’s specific environment is key. A nice-to-have is a security tool that has a certain degree of decision making baked in. Smart tools or systems like this allows for security decisions to be made in real time on behalf of the organization.
Make hybrid cloud security simple with new IBM Data Privacy Passports and IBM DS8900F
Meet the enterprise platform featuring encryption everywhere with Data Privacy Passports – the IBM z15. This is a commercial data privacy and security enforcement solution with off-platform access revocation. What does that mean exactly? It means smart choices around access to data that are customizable and programmable for 100 percent of your Z data as well as the associated data sitting in one or many hyperscale cloud platforms. IBM z15 covers data at rest and in flight with no impact to performance or application changes. Giving you, the client, the choice of who accesses the data, as well as when and at what level to revoke that access.
IBM DS8900F is engineered so you can achieve total end-to-end protection and authentication. Data encryption, especially in a hybrid environment where data transverses two or more platforms, has been a traditionally challenging area to address. Imagine a scenario where you can you can encrypt 100 percent of your data, isolate workloads and facilitate infrastructure security services.
Why encryption everywhere matters
According to Gemalto, data breaches compromised 3.3 billion records in first half of 2018. Not surprisingly, regulations and compliance requirements are increasing. Data breaches can cause tremendous problems not only for an organization but also the organization’s clients. Depending on the company, stolen data can range from relatively benign information to extremely personal details, such as bank account numbers. Not only can a breach cost a lot of money for remediation, it can cause significant damage to a company’s reputation.
To counter the complex, evolving data breach threat requires data-centric audit and protection (DCAP); protecting information at the data level rather than broadly at the IT infrastructure level. Think of this level of protection as having encryption everywhere.
Expand data privacy and protection with IBM z15
I’ve touched on data protection on the IBM z15. Now let’s take a moment to explore data privacy. The way you go about providing these mechanisms is different. Data privacy is being able to control how data gets used. You can think about that from a consumer point of view. As an individual we have rights re: how our data gets used and what gets shared. And when you think about data privacy, being able to manage that requires much more granular control than protecting aggregates of data.
IBM z15 Data Privacy Passports provides protection and enforcement of data from IBM Z and other sources when it is within your data center and when it travels outside your data center. Looking through a security lens, what are some other reasons why a customer might want to explore IBM z15?
IBM Z is inherently resistant to hacking and information theft because of the controls built into its hardware microcode to support process isolation and data integrity, and clients run their most critical applications on the platform. The data that is consumed by these applications need to be protected at all cost while not impacting service-level agreements.
IBM z15 offers three security features natively:
- IBM Z enables all clients to encrypt all application data at rest and in flight with pervasive encryption.
- IBM Secure Service Container helps to deploy applications in a tamper-proof environment – safe from internal and external threats.
- Tamper-respondent programmable Crypto Express adapters (HSMs) that are validated to meet FIPS 140-2 Level 4 certification, the highest level of security standards.
In fact, IDC projects that today’s mainframe hardware and software platforms, like IBM z15, deliver a combination of capabilities that allow interviewed organizations to achieve:
- 96 percent less time to identify security breaches
- 43 percent less unplanned downtime
Source: IDC Business Value Snapshot, co-sponsored by IBM and Broadcom, The Operational and Business Impact of the Transformative Mainframe, July 15, 2019