Tens of billions of dollars—no exaggeration--are being lost or forfeited due to security breaches, worldwide, in 2008. Private citizens, national and local governments, and global enterprises fall prey to this BIG sting. Medical and banking records are exposed. Intellectual capital loses its privacy. Identity theft has become “common.” News reports across the globe say various governments use cyberspace assaults to access another nation’s key defense information. It does not matter which country; exposure of critical assets threatens us all.
When we “feel” insecure, some of us strap on seat-belts, don helmets, double-lock our front doors, install security software, change passwords. We encrypt, we hide, and sometimes camouflage our assets, whether personal or corporate. Simply, we take defensive measures to try and ensure that our risks—and fears about them—do not materialize. Most times we are successful…most times. Those who believe that personal, governmental or corporate assets are completely secure may be seriously out of touch with reality.
The 9/11 events jolted business and government into tighter security…or the illusion of it. IT had either a field-day or nightmare, depending on one’s technology function at the time: conduct security self-audits; source new security software; consider industry analysts’ recommendations on improving baseline IT security. Today, some in IT think security has been solved by software and middleware…layers of it….big stacks of it. To some extent, this perception holds true.
Can IBM mainframes prevent all security intrusions? Perhaps. Who knows? The most important discussion points may be: how integral security is to core service levels; and, how it can consistently safeguard data, records, and intellectual capital, many companies’ source of competitive advantage. Our pitch? Consider more closely IBM’s System z for overall security, and as the security “hub” should you plan to implement an SOA environment.
In an ideal world of enterprise computing, those heading IT security would put an umbrella over all resources in the complex: servers, storage, hubs, routers, switches, and sub-systems in between. Little would be left to chance. This umbrella would address known hacker techniques, histories of “invasions,” and past exposure to information assets by those who should have no access. All relevant government certifications would apply to the entire operating environment. But the question remains: is any security literally “impregnable?
Data proliferation, new governmental regulations, and increasingly virtualized distributed environments have made security—how to establish, maintain, and continuously improve it—paramount. Fortunately, IBM mainframes are designed with security as a primary focus. That statement applies to how the server, operating systems, and middleware are architected. Bullet-proof is the goal…and, relative to alternatives, the achieved objective.
When Butler Group (analyst firm) says that 70% of critical applications in Government run on mainframes (1), reliability, availability and scalability are not the only reasons. When the combo of EAL5, FIPS 140-2 Level 4 and related security certifications are earned by System z—and only System z—the other key reason becomes clear. Exciting? Hardly--but essential to any company’s ability to execute against business goals without undue concern about the security of their vital information, and speed by which that vital information can be communicated.
Security expertise, alone, may not provide a sufficient cause to shift your systems to IBM System z. But, there are questions worth asking either to affirm the current IT operating environment, or to consider a change or makeover:
- When was the most recent compromise of corporate IT security for whatever cause?
- What was the business impact of that breach, and how was it remedied?
- Have the Lines of Business you support stated their security requirements?
- Does your “Security Committee” constantly update requirements?
- Is the security software you use with your hardware causing performance hits?
- What is the priority your company places on data center security?
- Do you perceive security ranks in the top 5, top 10 IT improvements you want?
- What would your business be able to accomplish if your IT were more secure?
Note 1 -- Butler Group’s Roy Illsley: ftp://ftp.software.ibm.com/software/systemz/pdf/analyst/The_King_is_Dead_-_Long_Live_the_Mainframe.pdf
Most IT organizations will not flinch when answering. Many will even re-affirm their operating protocols for security. What some may lack, however, is deep understanding of IBM mainframe security advantages. Consider the following:
Mainframes execute multiple, mixed workloads with remarkable integrity and integration.This type of tight integration between images on a mainframe -- z/OS, Linux, and z/VSE hosted in dynamic virtual partitions -- provides outstanding network security. Example: the design of a System z innovation, HiperSockets, provides an internal network connection between virtual images on System z. HiperSockets can protect the data communications that distributed networks often expose using TCP-IP. Fortunately, again, System z has secure methods for working with distributed systems and encrypted networking. measures systems performance, especially that of mainframes. A single IBM System z10 Crypto Express (1) card can enable up to 6000 SSL handshakes/second Implication? System z is outstanding for secure, high-volume Internet communications: data serving, web access serving, file transfer, email and more. Encryptionprovides another level of protection from “sniffers” and “snoopers,” helping to ensure that only the intended party is allowed to decrypt sensitive data. System z provides encryption solutions to protect data at rest and in flight. In fact, IBM encryption acceleration can be provided with every System z, along with other outstanding, hw and sw security features that are designed to be tightly integrated. You get advanced security with minimum throughput penalty! Business Continuity (BC) and Disaster Recovery (DR)have rarely, if ever, been more in demand. In response, organizations rely on networked, geographically dispersed facilities, and on virtualization and other tactics to preserve service level delivery. Problem is, each of these “techniques” can compromise security. Test System z, again, to determine how it provides BC and DR without the same compromises.
The goal of this entry was to whet your appetite to learn more about System z security. We invite you to connect your security experts with ours. Our story is much deeper and proven than what you have just read. And if you do not yet believe that security is still a very live issue, pop open these links: You may have second thoughts.
- Pentagon: Chinese military hacked us, The Register, September 4, 2007
- Manager quits, intern fired in data loss, Cleveland.com, July 20, 2007
PLUS, read “our story:”
Note 1 -- System z is the only server with EAL 5 certification for logical partitioning. Operating systems certifications include z/OS at EAL4+ and Linux on z at EAL 4+.[Read More]