ORLANDO, Fla.—IBM continues to prove that the mainframe is very much still alive and well, this time by announcing a new mainframe that delivers the security of data encryption without slowing down system performance to midsize organizations.
The new system, the IBM z13s, is optimized for hybrid cloud environments and can help secure information and transactions better than before, IBM said. IBM highlighted the new mainframe at its PartnerWorld Leadership Conference here.
IBM also announced new security partnerships and integrated innovations for the mainframe, such as security embedded into the hardware. The new z13s has advanced cryptography features built into the hardware that allow it to encrypt and decrypt data twice as fast as previous generations, protecting information without compromising performance.
IBM also is integrating mainframe technology with IBM Security software solutions to create a more secure foundation for a hybrid cloud infrastructure. And IBM is offering a new Cyber Security Analytics service to z Systems customers that can help identify malicious activity by learning user behavior over time.
In addition, IBM is working with leaders in the cyber-security industry through the “Ready for IBM Security Intelligence” partner program to help deliver enterprisewide solutions and offerings tailored to specific client needs. The new partners for z Systems are BlackRidge Technology, Forcepoint—a joint venture of Raytheon and Vista Equity Partners—and RSM Partners.
“Fast and secure transaction processing is core to the IBM mainframe, helping clients grow their digital business in a hybrid cloud environment,” said Tom Rosamilia, senior vice president of IBM Systems, in a statement. “With the new IBM z13s, clients no longer have to choose between security and performance. This speed of secure transactions, coupled with new analytics technology helping to detect malicious activity and integrated IBM Security offerings, will help midsize clients grow their organization with peace of mind.”
IBM said the typical enterprise can face an average of 81 million security incidents annually. The incidents and threats are escalating and evolving as companies increase interactions to their network through mobile devices and cloud networks, with industry analyst IDC forecasting 80 percent enterprise hybrid cloud adoption by 2017. Cyber-criminals are now manipulating data, rather than stealing it, compromising its accuracy and reliability. The z13s provides access to APIs and microservices in a hybrid cloud setting while keeping data integrity intact, IBM said.
“Key to protecting the enterprise and new cloud deployments is managing access at the earliest possible time based on user and device identity,” said Bob Graham, CEO of BlackRidge Technology, in a statement. “Even being able to identify endpoints via network scanning can be an entry point for malicious hackers, whose methods are becoming more and more advanced. As a member of the Ready for IBM Security Intelligence partner program for z Systems, we have been able to offer our identity-based network protection for the mainframe to provide a new level of protection against today’s advanced threats.”
BlackRidge Technology delivers identity-based network security that operates before network connections are established and security defenses engage at the application layer. BlackRidge determines and authenticates user or device identity on the first packet before network connections are established. This provides the equivalent of secure caller ID for the network that allows only identified and authorized users or devices access to enterprise systems, stopping known and even unknown threats.
IBM’s z13s, the new entry point to the z Systems portfolio for enterprises of all sizes, is packed with security innovations. The z13s includes an updated cryptographic and tamper-resistant hardware-accelerated cryptographic coprocessor cards with faster processors and more memory, providing encryption at twice the speed as previous mid-range systems. This means clients can process twice as many high-volume, cryptographically protected transactions as before without compromising performance. This equates to processing twice as many online or mobile device purchases, IBM said.
Moreover, z Systems clients can take advantage of the z Systems Cyber Security Analytics offering, which delivers an advanced level of threat monitoring based on behavior analytics. The solution, being developed by IBM Research, learns user behaviors and is then able to detect anomalous patterns on the platform, alerting administrators to potential malicious activity. Along with IBM Security QRadar security software, which can correlate data from more than 500 sources to help organizations determine if security-related events are simply anomalies or potential threats, z Systems now delivers breakthrough intelligent security solutions that offer end-to-end protection based on advanced analytics. z Systems Cyber Security Analytics service will be available as a no-charge, beta offering for z13 and z13s customers.
IBM Launches Super-Secure Mainframe for Encrypted Hybrid Clouds
In addition, IBM Multi-factor Authentication for z/OS (MFA) is now available on z/OS. The solution adds another layer of security by requiring privileged users to enter a second form of identification, such as a PIN or randomly generated token, to gain access to the system. This is the first time MFA has been tightly integrated into the operating system, rather than through an add-on software solution. This level of integration is expected to deliver more streamlined configuration and better stability and performance, the company said.
IBM maintains that hybrid cloud infrastructure offers advantages in flexibility but can also present new vulnerabilities. With more than half of all attackers coming from the inside, organizations must automate monitoring, removing human error or meddling. To address this, IBM is integrating the mainframe with IBM Security solutions that address privileged identity management, sensitive data protection and integrated security intelligence. When paired with z Systems, these solutions can allow clients to establish end-to-end security in their hybrid cloud environment.
IBM Security Identity Governance and Intelligence can help prevent inadvertent or malicious internal data loss by governing and auditing access based on known policies while granting access to those who have been cleared as need-to-know users. IBM Security Guardium uses analytics to help ensure data integrity by providing intelligent data monitoring, which tracks which users are accessing what specific data, helping quickly identify threat sources in the event of a breach. IBM Security zSecure and QRadar use real-time alerts to focus on the identified critical security threats that matter most to the business.
Total system security requires deep knowledge of specific industries and threats. That is why IBM is working with other leaders in the field to augment its own solutions. IBM’s strategic partnership program for security, “Ready for IBM Security Intelligence,” now includes more software applications from key ISVs integrating their solutions for z Systems. As the program extends to z Systems, it will provide an additional layer of protection and access governance to critical applications, resources and data that reside on the mainframe, IBM said.
For instance, Forcepoint’s Trusted Thin Client secures sensitive and mission-critical data at the endpoint—where it is most at risk. With a read-only endpoint device, there is no residual data on the device—if it is compromised, nothing can be stolen or leaked.
“The vast majority of security concerns today revolve around the endpoint device,” said Ed Hammersla, chief strategy officer at Forcepoint and president of Forcepoint Federal, in a statement. “No matter how secure the infrastructure is, if endpoints are not secure, vulnerabilities exist. By integrating Forcepoint Trusted Thin Client with an IBM z Systems mainframe, customers will benefit from a highly secure environment that will help prevent leakage of sensitive data at the endpoint.”
For its part, RSM Partners offers deep expertise in application readiness, penetration testing and security reviews. It also has software products that help ease security administration and provide dashboards that give a view into an organization’s overall mainframe security posture.
“Cyber-threats are constantly changing and evolving as attackers look for new ways to compromise systems,” said Mark Wilson, director of RSM Partners. “By working with IBM, RSM Partners is able to use its expertise in mainframe security to help organizations take full advantage of new technology to build comprehensive solutions that stay ahead of new threats.”
Banco do Nordeste, a large Latin American regional development bank, has purchased two new z Systems to support its growing mobile and banking automation transformations. Security, and specifically fraud prevention, is a primary concern for the bank. With z Systems as a core part of its technology infrastructure, it can use analytics capabilities to detect anomalies and prevent fraud.
“As our business continues to grow, we need a computing platform that can grow with us—while at the same time offering the security and reliability banks require,” said Claudio Freire, superintendent of Information Technology at Banco do Nordeste, in a statement. “The combination of performance and security on the mainframe with the openness of Linux provides us with an optimal platform to analyze user engagement and manage massive amounts of sensitive client data while keeping it secure.”
The new z13s systems are expected to be available in March. IBM Global Financing leases and payment plans are available from IBM and IBM Business Partners and provide flexible terms and conditions that can be tailored to meet each customer’s needs to upgrade from older models to z13s, convert an owned z system to leasing while upgrading or acquiring a net new z13s. Promotional offers include 90 days deferred payment for new customers.