IBM Systems Magazine, Mainframe - January/February 2018 - 19

ENTERPRISE

PEACE OF MIND
IBM z14 pervasive encryption protects all data
By Brett Martin k Illustration by Phil Wheeler

M

ore than 9 billion data
records have been lost or
stolen since 2013, according
to digital security company
Gemalto's Breach Level Index
(breachlevelindex.com). Only 4
percent of those breaches were
"secure," meaning the data was
encrypted. A report by Solitaire
Interglobal Ltd. and sponsored by
IBM, "Pervasive Encryption, A New
Paradigm for Protection" (ibm.
co/2z8eFBS) found that only 2.13
percent of enterprise data within
data centers is encrypted.
"The reality is that encryption
is largely absent from corporate
data centers," says Nick Sardino,
program director, IBM Z* Offering
Management. "The low rate for
encryption is extremely shocking
and disappointing."
The new IBM z14* mainframe is
poised to change that. Protecting

only the data required to achieve
compliance should be viewed
as a minimum threshold, not a
best practice. This is why IBM
moved from selective encryption
to pervasive encryption, where
all data is encrypted. With z14,
clients can encrypt data at scale
without having to change their
applications.
"With the new capabilities in
hardware, OS and middleware,
we have the delivery system to
allow clients to have pervasive
encryption at a price and
performance that has not been
possible until now," he adds.

Data and Application
Protection
If encrypted data is stolen, it's
useless without the encryption
key, which gives businesses an
extra layer of protection in the

event of a breach. Naturally,
hackers might begin to target the
encryption keys themselves. On
x86 systems, encryption keys
could be exposed in the clear
within memory. However, the z14
system uses protected keys that
allow for on-chip cryptographic
acceleration using keys that are
protected by a tamper-responding
hardware security module.
"In Z, the encryption keys are
never exposed to the hypervisor,
OS or application," Sardino
says. "If that protected key
gets exposed to the hacker, it's
worthless because it can't be
used to decrypt the data. This is
something that only Z can do."
By making pervasive encryption
easier and less expensive than
ever with z14, IBM has removed
challenges to implementation.
The Central Processor Assist for

INFOGRAPHIC:
The new data
protection paradigm
ibm.co/
2ARmScZ

Takeaway
*

*

With the IBM z14 and pervasive
encryption-where all data is
encrypted-clients can encrypt
data at scale without having to
change their applications.
Pervasive encryption decouples
the process of identification and
classification from encryption
because all data can be encrypted,

thereby reducing the risk of
unidentified or misclassified data.
Protecting only the data required
to achieve compliance should be
viewed as a minimum threshold,
not a best practice.
*

The new IBM Z platform uses
protected keys that allow for
on-chip cryptographic acceleration

using encryption keys that are
protected by a tamper-responding
hardware security module.
*

With this solution, IBM overcomes
traditional challenges to make
encryption affordable and scalable
without impacting service-level
agreements.

ibmsystemsmag.com JANUARY/FEBRUARY 2018 // 19


http://www.breachlevelindex.com https://www-01.ibm.com/marketing/iwm/dre/signup?source=urx-17425&S_PKG=ov59677&cm_mmc=OSocial_Blog-_-Systems_Systems+-+z+Systems+Servers-_-WW_WW-_-Systems+Magazine+Article+with+Vendor+-+Solitaire+Paper&cm_mmca1=000020YJ&cm_mmca2=10006489& https://www-01.ibm.com/marketing/iwm/dre/signup?source=urx-17425&S_PKG=ov59677&cm_mmc=OSocial_Blog-_-Systems_Systems+-+z+Systems+Servers-_-WW_WW-_-Systems+Magazine+Article+with+Vendor+-+Solitaire+Paper&cm_mmca1=000020YJ&cm_mmca2=10006489& http://ibm.co/2ARmScZ http://www.ibmsystemsmag.com

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe - January/February 2018

Table of Contents
Editor's Desk: Encryption Importance
Partner POV: Protect Your Assets: An application view of data is important for a point-in-time recovery
Currents: A Human-Centric Approach: IBM Design Thinking leads to an elevated user experience
Feature: Battle-Tested Tools: USAA integrates applications and data across platforms using RESTful APIs
Cover Story: Enterprise Peace of Mind: IBM z14 pervasive encryption protects all data
Feature: Worldwide Preparation: How IBM Z addresses GDPR compliance with pervasive encryption
Special Report: Rising to the Challenge: Survey shows opportunities for Linux on POWER
TECH Showcase: A Plan in Place: Determine which of the 7 levels of business continuity is right for you
Administrator: Improved Protection: Pervasive encryption features include integrated cryto hardware, key management, encryption of data at rest and data in flight, and Secure Service Container support
StopRun: Enthusiastic Education: Instructor brings the mainframe to eager students
Reference Point - Global Events, Education, Resources for Power Systems
2018 Mainframe Solution Edition
IBM Systems Magazine, Mainframe - January/February 2018 - Intro
IBM Systems Magazine, Mainframe - January/February 2018 - Cover1
IBM Systems Magazine, Mainframe - January/February 2018 - Cover2
IBM Systems Magazine, Mainframe - January/February 2018 - 1
IBM Systems Magazine, Mainframe - January/February 2018 - Table of Contents
IBM Systems Magazine, Mainframe - January/February 2018 - 3
IBM Systems Magazine, Mainframe - January/February 2018 - 4
IBM Systems Magazine, Mainframe - January/February 2018 - 5
IBM Systems Magazine, Mainframe - January/February 2018 - Editor's Desk: Encryption Importance
IBM Systems Magazine, Mainframe - January/February 2018 - 7
IBM Systems Magazine, Mainframe - January/February 2018 - Partner POV: Protect Your Assets: An application view of data is important for a point-in-time recovery
IBM Systems Magazine, Mainframe - January/February 2018 - 9
IBM Systems Magazine, Mainframe - January/February 2018 - Currents: A Human-Centric Approach: IBM Design Thinking leads to an elevated user experience
IBM Systems Magazine, Mainframe - January/February 2018 - 11
IBM Systems Magazine, Mainframe - January/February 2018 - 12
IBM Systems Magazine, Mainframe - January/February 2018 - 13
IBM Systems Magazine, Mainframe - January/February 2018 - Feature: Battle-Tested Tools: USAA integrates applications and data across platforms using RESTful APIs
IBM Systems Magazine, Mainframe - January/February 2018 - 15
IBM Systems Magazine, Mainframe - January/February 2018 - 16
IBM Systems Magazine, Mainframe - January/February 2018 - 17
IBM Systems Magazine, Mainframe - January/February 2018 - Cover Story: Enterprise Peace of Mind: IBM z14 pervasive encryption protects all data
IBM Systems Magazine, Mainframe - January/February 2018 - 19
IBM Systems Magazine, Mainframe - January/February 2018 - 20
IBM Systems Magazine, Mainframe - January/February 2018 - 21
IBM Systems Magazine, Mainframe - January/February 2018 - Feature: Worldwide Preparation: How IBM Z addresses GDPR compliance with pervasive encryption
IBM Systems Magazine, Mainframe - January/February 2018 - 23
IBM Systems Magazine, Mainframe - January/February 2018 - 24
IBM Systems Magazine, Mainframe - January/February 2018 - Special Report: Rising to the Challenge: Survey shows opportunities for Linux on POWER
IBM Systems Magazine, Mainframe - January/February 2018 - 26
IBM Systems Magazine, Mainframe - January/February 2018 - 27
IBM Systems Magazine, Mainframe - January/February 2018 - 28
IBM Systems Magazine, Mainframe - January/February 2018 - 29
IBM Systems Magazine, Mainframe - January/February 2018 - 30
IBM Systems Magazine, Mainframe - January/February 2018 - TECH Showcase: A Plan in Place: Determine which of the 7 levels of business continuity is right for you
IBM Systems Magazine, Mainframe - January/February 2018 - 32
IBM Systems Magazine, Mainframe - January/February 2018 - 33
IBM Systems Magazine, Mainframe - January/February 2018 - 34
IBM Systems Magazine, Mainframe - January/February 2018 - Administrator: Improved Protection: Pervasive encryption features include integrated cryto hardware, key management, encryption of data at rest and data in flight, and Secure Service Container support
IBM Systems Magazine, Mainframe - January/February 2018 - 36
IBM Systems Magazine, Mainframe - January/February 2018 - 37
IBM Systems Magazine, Mainframe - January/February 2018 - 38
IBM Systems Magazine, Mainframe - January/February 2018 - 39
IBM Systems Magazine, Mainframe - January/February 2018 - StopRun: Enthusiastic Education: Instructor brings the mainframe to eager students
IBM Systems Magazine, Mainframe - January/February 2018 - Cover3
IBM Systems Magazine, Mainframe - January/February 2018 - Cover4
IBM Systems Magazine, Mainframe - January/February 2018 - Reference Point - Global Events, Education, Resources for Power Systems
IBM Systems Magazine, Mainframe - January/February 2018 - SE
IBM Systems Magazine, Mainframe - January/February 2018 - 2018 Mainframe Solution Edition
IBM Systems Magazine, Mainframe - January/February 2018 - SECover2
IBM Systems Magazine, Mainframe - January/February 2018 - SE3
IBM Systems Magazine, Mainframe - January/February 2018 - SE4
IBM Systems Magazine, Mainframe - January/February 2018 - SE5
IBM Systems Magazine, Mainframe - January/February 2018 - SE6
IBM Systems Magazine, Mainframe - January/February 2018 - SE7
IBM Systems Magazine, Mainframe - January/February 2018 - SE8
IBM Systems Magazine, Mainframe - January/February 2018 - CT1
IBM Systems Magazine, Mainframe - January/February 2018 - CT2
IBM Systems Magazine, Mainframe - January/February 2018 - SE9
IBM Systems Magazine, Mainframe - January/February 2018 - SE10
IBM Systems Magazine, Mainframe - January/February 2018 - SE11
IBM Systems Magazine, Mainframe - January/February 2018 - SE12
IBM Systems Magazine, Mainframe - January/February 2018 - SE13
IBM Systems Magazine, Mainframe - January/February 2018 - SE14
IBM Systems Magazine, Mainframe - January/February 2018 - SE15
IBM Systems Magazine, Mainframe - January/February 2018 - SE16
IBM Systems Magazine, Mainframe - January/February 2018 - SE17
IBM Systems Magazine, Mainframe - January/February 2018 - SE18
IBM Systems Magazine, Mainframe - January/February 2018 - SE19
IBM Systems Magazine, Mainframe - January/February 2018 - SE20
IBM Systems Magazine, Mainframe - January/February 2018 - SE21
IBM Systems Magazine, Mainframe - January/February 2018 - SE22
IBM Systems Magazine, Mainframe - January/February 2018 - SE23
IBM Systems Magazine, Mainframe - January/February 2018 - SE24
IBM Systems Magazine, Mainframe - January/February 2018 - SE25
IBM Systems Magazine, Mainframe - January/February 2018 - SE26
IBM Systems Magazine, Mainframe - January/February 2018 - SE27
IBM Systems Magazine, Mainframe - January/February 2018 - SE28
IBM Systems Magazine, Mainframe - January/February 2018 - SE29
IBM Systems Magazine, Mainframe - January/February 2018 - SE30
IBM Systems Magazine, Mainframe - January/February 2018 - SE31
IBM Systems Magazine, Mainframe - January/February 2018 - SE32
IBM Systems Magazine, Mainframe - January/February 2018 - SE33
IBM Systems Magazine, Mainframe - January/February 2018 - SE34
IBM Systems Magazine, Mainframe - January/February 2018 - SE35
IBM Systems Magazine, Mainframe - January/February 2018 - SE36
IBM Systems Magazine, Mainframe - January/February 2018 - SE37
IBM Systems Magazine, Mainframe - January/February 2018 - SE38
IBM Systems Magazine, Mainframe - January/February 2018 - SE39
IBM Systems Magazine, Mainframe - January/February 2018 - SE40
IBM Systems Magazine, Mainframe - January/February 2018 - SE41
IBM Systems Magazine, Mainframe - January/February 2018 - SE42
IBM Systems Magazine, Mainframe - January/February 2018 - SE43
IBM Systems Magazine, Mainframe - January/February 2018 - SE44
IBM Systems Magazine, Mainframe - January/February 2018 - SE45
IBM Systems Magazine, Mainframe - January/February 2018 - SE46
IBM Systems Magazine, Mainframe - January/February 2018 - SECover3
IBM Systems Magazine, Mainframe - January/February 2018 - SECover4
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
http://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
http://www.nxtbook.com/nxtbooks/mspcomm/ibmsystems_mainframe_200901
http://www.nxtbookMEDIA.com