IBM Systems magazine, IBM Z Sept/Oct 2020 - SD31

ARTICLE

SECURITY

Encryption Keeps Data Secure
By Shirley S. Savage

O

rganizations are eager to take
advantage of cloud's flexibility.
Yet concerns about security
often hold them back. While cloud
services encrypt data at rest and
in flight, issues including access to
customer data by cloud admins as
well as reliability and performance are
concerns.
Recognizing these concerns, IBM
introduced IBM Cloud* Hyper Protect
Services to enable built-in workload
isolation and prevent tampering
of data by privileged users. Hyper
Protect Services use LinuxONE*
Secure Service Container technology.
By enabling Hyper Protect Services,
application developers can create
secure cloud applications. The Docker
base stack provides security without
any coding changes. Clients get the
performance and reliability they've
come to expect with LinuxONE.
"The LinuxONE platform doesn't
change in the cloud, so there's still
a secure enclave-the backbone for
Secure Service Containers," says John
Currie, program director, IBM Hyper
Protect Services. "We can provide a
secure enclave for client to operate
within, limiting access by a third party.
We also have 100% encryption of all
data within the secure enclave."
IBM is adding to the roster of Hyper
Protect Services as offerings are
developed and tested. For example,
Hyper Protect Database as a Service
(DBaaS) and Hyper Protect Crypto
Services now are available for clients.
Hyper Protect DBaaS gives full control
of the data to the data owners and stops
cloud operator access. Hyper Protect
Crypto Services enables data owners to
control encryption keys and Hardware
Security Nodules. These offerings help

keep client data secure in the cloud
("Hyper Protect Services Increase
Cloud Security," bit.ly/2M8eWvh).

Encryption's Benefits
Several ways exist to encrypt data
at rest, including full disk and tape
encryption, database encryption, file
or data set encryption, and application
encryption. All encryption levels
complement each other. Many clients
choose data set encryption to bolster
their hardware-level encryption,
says Cecilia Carranza Lewis, a senior
technical staff member at IBM.
With z/OS* data set encryption,
the data can be encrypted without
application changes. The user assigns
an encryption key label when the
data set is created. Once that's done,
access methods will encrypt data as it's
written and decrypt the data when it's
read.
On z/OS, data set encryption has
several benefits that set it apart from
hardware encryption:
* It's enabled by policy, which lets
users specify a key label to identify
data sets to be encrypted
* The user decides which data sets
need to be encrypted and sets the
granularity level
* Data is encrypted in flight and at
rest
* It simplifies audits as encryption
attributes are displayed with data
set metadata
Data set encryption on z/OS adds
value to the enterprise's security
portfolio. ("How does z/OS data set
encryption differentiate itself from
other types of encryption for data at
rest?" bit.ly/2M8BMTr).

Getting Comfortable
With Encryption
Many enterprise IT shops have
concerns about implementing
pervasive encryption on IBM Z*
and how it will affect the business.
Concerns about losing crypto keys,
creating policies and procedures
around the lifecycle of keys can be
addressed to allay worries, says Mark
Moore, software architect in IBM's IT
Economics and Research Team.
Lost crypto keys are a common
concern. However, IT shops can take
several preventive measures to ensure
that keys aren't misplaced. The IBM
Z platform has a master key facility
to manage operational keys for data
set encryption called Integrated
Cryptographic Services Facility. In
addition, IBM's Crypto Express card
has a master key that is used to create
secure operational keys. This feature
prevents bad actors from accessing
data. Users can avail themselves of
redundant Crypto Express cards,
which prevent loss if a failure occurs.
Many IT shops worry about
encryption affecting system
performance. To get a better handle on
how a system will be affected, IT can
use the IBM Z Batch Network Analyzer.
This PC-based tool analyzes metrics to
see how data set encryption will impact
performance. Other tools such as z/
OS Encryption Readiness Technology
can determine what network traffic is
encrypted.
Any organization considering using
pervasive encryption likely will want
to start with a proof of concept, Moore
says. Once the organization is familiar
with encryption, it can be confident
about applying it in other areas of the
business.

ibmsystemsmag.com/solutions-directory 2020 31


http://bit.ly/2M8eWvh http://bit.ly/2M8BMTr http://www.ibmsystemsmag.com/solutions-directory

IBM Systems magazine, IBM Z Sept/Oct 2020

Table of Contents for the Digital Edition of IBM Systems magazine, IBM Z Sept/Oct 2020

Welcome
Currents: What works for the latest mainframe generation at IBM
Currents: On the web
Partner POV: Resiliency, availability and serviceability underscore the relevance of IBM Z
Cover Story: A Community for New Hires: New to Z program's tools and resources help close the skills gap and inspire new mainframers
Feature: Designing IBM Z to Meet Client Needs: IBM Z community members highlight the platform's agility through the pandemic and beyond
Tech Showcase: How IBM Z and IBM LinuxONE servers help keep data safe on-premise, in the cloud or both
Techbits: Open sources is flourishing on the IBM Z platform
Techbits: Changing regulations lead to refined data management practices
IBM Systems magazine, IBM Z Sept/Oct 2020 - Intro
IBM Systems magazine, IBM Z Sept/Oct 2020 - Cover1
IBM Systems magazine, IBM Z Sept/Oct 2020 - Cover2
IBM Systems magazine, IBM Z Sept/Oct 2020 - 1
IBM Systems magazine, IBM Z Sept/Oct 2020 - 2
IBM Systems magazine, IBM Z Sept/Oct 2020 - 3
IBM Systems magazine, IBM Z Sept/Oct 2020 - 4
IBM Systems magazine, IBM Z Sept/Oct 2020 - 5
IBM Systems magazine, IBM Z Sept/Oct 2020 - Welcome
IBM Systems magazine, IBM Z Sept/Oct 2020 - 7
IBM Systems magazine, IBM Z Sept/Oct 2020 - Currents: What works for the latest mainframe generation at IBM
IBM Systems magazine, IBM Z Sept/Oct 2020 - 9
IBM Systems magazine, IBM Z Sept/Oct 2020 - 10
IBM Systems magazine, IBM Z Sept/Oct 2020 - 11
IBM Systems magazine, IBM Z Sept/Oct 2020 - Currents: On the web
IBM Systems magazine, IBM Z Sept/Oct 2020 - 13
IBM Systems magazine, IBM Z Sept/Oct 2020 - Partner POV: Resiliency, availability and serviceability underscore the relevance of IBM Z
IBM Systems magazine, IBM Z Sept/Oct 2020 - 15
IBM Systems magazine, IBM Z Sept/Oct 2020 - Cover Story: A Community for New Hires: New to Z program's tools and resources help close the skills gap and inspire new mainframers
IBM Systems magazine, IBM Z Sept/Oct 2020 - 17
IBM Systems magazine, IBM Z Sept/Oct 2020 - 18
IBM Systems magazine, IBM Z Sept/Oct 2020 - 19
IBM Systems magazine, IBM Z Sept/Oct 2020 - 20
IBM Systems magazine, IBM Z Sept/Oct 2020 - 21
IBM Systems magazine, IBM Z Sept/Oct 2020 - Feature: Designing IBM Z to Meet Client Needs: IBM Z community members highlight the platform's agility through the pandemic and beyond
IBM Systems magazine, IBM Z Sept/Oct 2020 - 23
IBM Systems magazine, IBM Z Sept/Oct 2020 - 24
IBM Systems magazine, IBM Z Sept/Oct 2020 - 25
IBM Systems magazine, IBM Z Sept/Oct 2020 - 26
IBM Systems magazine, IBM Z Sept/Oct 2020 - Tech Showcase: How IBM Z and IBM LinuxONE servers help keep data safe on-premise, in the cloud or both
IBM Systems magazine, IBM Z Sept/Oct 2020 - 28
IBM Systems magazine, IBM Z Sept/Oct 2020 - 29
IBM Systems magazine, IBM Z Sept/Oct 2020 - 30
IBM Systems magazine, IBM Z Sept/Oct 2020 - 31
IBM Systems magazine, IBM Z Sept/Oct 2020 - 32
IBM Systems magazine, IBM Z Sept/Oct 2020 - Techbits: Open sources is flourishing on the IBM Z platform
IBM Systems magazine, IBM Z Sept/Oct 2020 - 34
IBM Systems magazine, IBM Z Sept/Oct 2020 - Techbits: Changing regulations lead to refined data management practices
IBM Systems magazine, IBM Z Sept/Oct 2020 - 36
IBM Systems magazine, IBM Z Sept/Oct 2020 - 37
IBM Systems magazine, IBM Z Sept/Oct 2020 - 38
IBM Systems magazine, IBM Z Sept/Oct 2020 - 39
IBM Systems magazine, IBM Z Sept/Oct 2020 - 40
IBM Systems magazine, IBM Z Sept/Oct 2020 - Cover3
IBM Systems magazine, IBM Z Sept/Oct 2020 - Cover4
IBM Systems magazine, IBM Z Sept/Oct 2020 - CoverSD1
IBM Systems magazine, IBM Z Sept/Oct 2020 - CoverSD2
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD1
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD2
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD3
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD4
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD5
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD6
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD7
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD8
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD9
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD10
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD11
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD12
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD13
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD14
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD15
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD16
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD17
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD18
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD19
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD20
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD21
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD22
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD23
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD24
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD25
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD26
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD27
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD28
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD29
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD30
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD31
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD32
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD33
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD34
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD35
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD36
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD39
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD40
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD41
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD42
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD43
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD44
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD45
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD46
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD47
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD48
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD49
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD50
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD51
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD52
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD53
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD54
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD55
IBM Systems magazine, IBM Z Sept/Oct 2020 - SD56
IBM Systems magazine, IBM Z Sept/Oct 2020 - CoverSD3
IBM Systems magazine, IBM Z Sept/Oct 2020 - CoverSD4
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200910
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbookmedia.com