Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Servers
    • Storage

    IBM Z Mainframe Runs Universal Encryption Quietly in the Background

    Written by

    Chris Preimesberger
    Published July 17, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Data encryption has always been a pain in the patootie for anybody charged with making sure all of an enterprise’s data is tightly protected during its lifetime.

      While an increasing number of x86-type server systems and consumer PCs are now using various encryption approaches, not much has been happening regarding the use of encryption in mainframes, which still comprise a healthy percentage of all the computing done in the world.

      As of July 17, a lot more is now happening in mainframe encryption.

      IBM announced that its new IBM Z mainframe will be able to encrypt all the data in an enterprise all the time—and without users even knowing that the documents they are accessing and sharing is encrypted. It’s literally pervasive encryption.

      Biggest Mainframe Advancement in 15 Years, IBM Says

      Big Blue said this newest mainframe is the most significant system overhaul in more than 15 years. It was designed with input from 150 clients who cited data breaches and encryption as their biggest challenge and concern. 

      Encryption has always been expensive and takes a lot of computing cycles to encrypt small chunks of data at a time, so a lot of time and power is always required. Not so with this new IBM system, which is automated and works as quietly as an international spy in the background.

      “Our customers around the world that called out for a different approach to solving the problems with perimeter defenses that most companies need,” IBM Vice-President of Offering Management for Z Systems Mike Desens told eWEEK. “So, based on those core competencies we had in the mainframe, the CISOs we’ve been working with defined this capability to do 100 percent encryption of all your data—without having to have any application changes or impacts to your service-level agreements.”

      This new capability lays encryption on everything—and not only through mainframes. The encryption follows the Z system data store from cloud services to databases, and it’s extremely scalable. The IBM Z is capable of running more than 12 billion encrypted transactions per day.

      Changes the Approach of Encryption

      “This changes the approach from a straight perimeter defense to where the data is; that’s where the (new) perimeter is. By encrypting the data, even if those bad entities get into your data center and behind your firewalls, they’re getting access to encrypted data, which is useless,” Desens said.

      This is IBM’s front-line response to the problem of data breaches and enterprise compliance—encrypting entire workloads all at once. The company said that in 2016 more than 4 billion data records were compromised, a 556 percent increase over 2015. Of the 9 billion records breached during the past 5 years, a mere 4 percent were encrypted.

      Key takeaways from this news include:

      –Encrypts all data, all the time: IBM Z for the first time makes it possible for organizations to encrypt all data associated with an entire application, cloud service or database in flight or at rest with one click. The standard practice today is to encrypt small chunks of data at a time, and invest significant labor to select and manage individual fields. This bulk encryption at cloud scale is made possible by a huge 7x increase in cryptographic performance over the previous generation z13, driven by a 4x increase in silicon dedicated to cryptographic algorithms.

      –Tamper-responding encryption keys: A concern for organizations is protection of encryption keys–an extreme version of the problem faced by millions of consumers with increasing complexity and vulnerability of passcodes. In large organizations, hackers often target encryption keys, which are routinely exposed in memory as they are used. IBM Z can protect millions of keys (as well as the process of accessing, generating and recycling them) in “tamper responding” hardware that causes keys to self-destruct at any sign of intrusion and then reconstituted in safety.

      The IBM Z key management system is designed to meet Federal Information Processing Standards (FIPS) Level 4 standards, where the norm for high security in the industry is Level 2. This IBM Z capability can be extended beyond the mainframe to other devices, such as storage systems and servers in the cloud. In addition, IBM Secure Service Container protects against Snowden-style insider threats from contractors and privileged users, provides automatic encryption of data and code in-flight and at-rest, and tamper-resistance during installation and runtime.

      —Encrypted APIs: IBM z/OS Connect technologies make it easy for cloud developers to discover and call any Z application or data from a cloud service, or for IBM Z developers to call any cloud service. IBM Z now allows organizations to encrypt these APIs–the digital glue that links services, applications and systems–faster than alternatives based on x86.

      The IBM Z also is designed to help clients build trust with consumers and comply with new standards such as the EU’s General Data Protection Regulation (GDPR) that increase data compliance requirements for organizations doing business in Europe starting next year.

      GDPR will require organizations to report data breaches within 72 hours or face fines of up to four percent of annual revenues unless the organization can demonstrate that data was encrypted and the keys were protected. At the U.S. Federal level, the Federal Financial Institutions Examination Council (FFIEC), which includes the five banking regulators, provides guidance on the use of encryption in the financial services industry. Singapore and Hong Kong have published similar guidance.

      More recently, the New York State Department of Financial Services published requirements regarding encryption in the Cybersecurity Requirements for Financial Services Companies.

      —Streamlines compliance: Auditors now are expected to manually inspect and validate the security of databases, applications and systems. IBM Security tools and IBM Z for the first time make it possible for organizations to streamline this process–taking data and applications out of scope of compliance by automating the verification that data is, in fact, encrypted and that the keys are secure. This will reduce the complexity and mounting cost of compliance for auditors. The system also provides an audit trail showing if and when permissioned insiders accessed data.

      In an example of IBM Z as an encryption engine for cloud services, IBM today announced the opening of six new IBM Blockchain Global Data Centers in New York, United Kingdom, Frankfurt, Tokyo, Toronto and Brazil all secured using IBM Z, as the company scales this service to global organizations.

      Wait, There’s More: New Container Pricing

      IBM also announced new Container Pricing for IBM Z, which provides simplified software pricing that combines flexible deployment with competitive economics.

      IBM initially announced these three solutions:

      • New applications for the deployment of new microservices and applications that enable clients to maximize the value from on-premises enterprise systems securely and in real time. Users can now colocate applications to optimize qualities of services that are priced competitively with public cloud and on-premises platforms.
      • Application development and test with the freedom to substantially increase capacity of all development environments on z/OS to support latest DevOps tooling and processes. Customers can triple capacity with no increase in monthly license charge.
      • Payment systems pricing based on the volume of payments a bank is processing, not the available capacity. Particularly in the fast-growing Instant Payment segment, this greatly increases flexibility to innovate affordably in a competitive environment. 


      These container pricing options are designed to give clients the predictability they require for their businesses. It is scalable both within and across LPARs (logical partitions) and delivers enhanced metering, capping and billing capabilities. Container pricing for IBM Z is planned to be available by year-end 2017 and enabled in z/OS V2.2 and z/OS V2.3.

      For more information, go here.

      Chris Preimesberger
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.
      Linkedin Twitter

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×