Mainframes

Three IBM Z security insights from Think 2018

Share this post:

The data breach threat is real. Recent high-profile breaches have focused boardroom attention on this issue. Data breaches are expensive, costing $3.6 million on average[1]. And they’re increasingly likely: an organization has a 28 percent chance of being breached in the next 24 months.[2] To stay out of the data breach headlines, organizations require security solutions that protect enterprise and customer data for minimal cost and effort.

With security on our customers’ minds, this week IBM is hosting its Z Security Hub on the Modern Infrastructure Campus at Think 2018. The hub includes customer-led sessions, interactive think tanks and informative deep dives. But its centerpiece is today’s Z Security core session, hosted by Ross Mauri, General Manager for IBM Z and LinuxONE.

IBM Z security

Michael Jordan discusses pervasive encryption at today’s core session.

Here are the top three insights Think attendees can take away from this session.

Insight #1: Enterprises face varied security challenges

In talking with many customers, we’ve identified three common security challenges. Ross Mauri outlined how organizations are challenged to protect data in core business applications, reduce insider threats and meet audit and compliance obligations.

  • Protect data – 9 million data records were compromised in 2015, including nearly 20 million financial records.[3] Selectively encrypting data – the current industry practice – helps to protect it. But this process is costly, complex, and requires significant ongoing maintenance while still leaving some data unprotected.
  • Reduce insider threats – 58 percent of security attacks on financial institutions in 2016 were insider attacks.[4] Fearing both malicious and inadvertent insider threats, business leaders aim to ensure that only employees with a need to know have access to sensitive data.
  • Stay compliant – Businesses must comply with many regulations while enduring internal and external inspections and audits. The General Data Protection Regulation (GDPR) will go into effect on May 25 this year, creating new data usage and storage requirements for organizations doing business in the EU.

If you are like other organizations, you may spend a good deal of time dealing with these and related issues.

Insight #2: The “age of the customer” requires a security hyper-focus

Data security isn’t just needed for self-preservation. It’s required to thrive in today’s “age of the customer.” Bobby Cameron, VP and Principal Analyst at Forrester, discussed the “customer-obsessed” approach that leading organizations are adopting to spur growth and success.

To obsess over customers means to take great care in protecting their most sensitive data. That’s why the cornerstone of a “customer-obsessed” model is Forrester’s “zero trust” security framework. This framework includes, among other security elements, encryption of all data across the enterprise. That leads to our last takeaway.

Insight #3: Pervasive encryption is a game-changer

Pervasive encryption, unique to IBM Z, addresses the three challenges above while helping you thrive in the age of the customer. At the core session, Michael Jordan, IBM Distinguished Engineer for IBM Z Security, detailed how pervasive encryption represents a paradigm shift in security. Previously, selective field-level encryption was the only feasible way to secure data, but it was time-, cost-, and resource-intensive – and it left large portions of business data unsecured.

Pervasive encryption, however, offers a solution capable of encrypting data in bulk, making it possible and practical to encrypt all data associated with an application, database, and cloud service – whether on premises or in the cloud, at-rest or in-flight. This approach also simplifies compliance by eliminating the need to demonstrate compliance at the field level. Multiple layers of encryption – from disk and tape up through applications – provide the strongest possible defense against security breaches. The high levels of security enabled by pervasive encryption help you to promote customer confidence by protecting their data and privacy.

Client success story: Government agency puts security at the core of its platform

Attendees at Think also heard from an IBM client, the head of enterprise architecture of a national government agency, who will share his agency’s digital transformation approach and its emphasis on enterprise and citizen security. The agency plans to implement several solutions on multiple z14s utilizing pervasive encryption, Secure Service Containers, machine learning and secure cloud. These solutions will help the agency meet its core mandates of citizen-centered design and delivery of services while optimizing security and preventing fraud.

To learn more about how to make  security the cornerstone of your digital strategy, visit the IBM Z security webpage or read one of our security client success stories.

[1] Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview

[2] Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview

[3] Security trends in the finance industry, IBM X-Force® Research Managed Security Services Report, 2016

[4] Security trends in the financial services sector, IBM X-Force® Research, April, 2017

WW IBM Z and LinuxONE Security Marketing

More Mainframes stories

The evolution of the IBM Blockchain Platform: Choice and control on IBM Z and LinuxONE

We’re living in a multicloud world. Today, 85 percent of businesses rely on multiple clouds to meet their IT needs, with 71 percent using more than three[1]. What this means in practice for enterprise clients is that they have multiple architectures in place. This may be fine for “tried and true” workloads–like credit card processing […]

Continue reading

New Container pricing enhancements bring pay-as-you-go model to z/OS

Today’s IT is fast-paced and in constant evolution. For many clients, IBM Z® is at the center of their digital transformation. Utilizing this secure, flexible infrastructure with the agility of public cloud and the security and resiliency of a private cloud, clients can accelerate the deployment of new services to help meet market demands. We continue to deliver security, development and […]

Continue reading

The new normal: A secure and agile business

If you’re like most of the IT leaders in this industry, you know that high stakes boardroom conversations are changing as fast as the pace of technology innovation. Today’s executives in a digitally empowered world, want IT to innovate and deliver outstanding user experiences, all built on a strong foundation of equity and trust in […]

Continue reading