IBM Systems Magazine, Mainframe - January/February 2018 - 21

"In Z, the encryption keys are
never exposed to the hypervisor,
OS or application. If that protected
key gets exposed to the hacker, it's
worthless because it can't be used
to decrypt the data. This is something
that only Z can do."
-Nick Sardino, program director,
IBM Z Offering Management

reducing the risk of unidentified
or misclassified data.
"Encryption has been
around for a long time. Clients
experienced the pain points that
it's been expensive and slows
down performance," Sardino
says. "Organizations today are
implementing selective encryption.
They only encrypt the data needed
to meet the minimum threshold
for compliance regulations,
which is usually only the most
sensitive data. With z14, pervasive
encryption is the new standard."
With pervasive encryption, IBM
overcomes traditional challenges
to make encryption affordable
and scalable without impacting
service-level agreements (SLAs), he
says. "Our clients are particularly
sensitive to system performance.
However, with pervasive
encryption, organizations can
encrypt data at enterprise scale
without impacting SLAs such
as transactional throughput or
response time."
The Solitaire Interglobal report
found that the IBM pervasive

encryption solution requires less overhead than
other systems. Organizations that deploy pervasive
encryption on IBM Z can reduce overall processing
overhead by as much as 91.7 percent, according to
the report. The report also found a lower total cost of
ownership for IBM Z security implementations, by as
much as 83.7 percent than for other platforms.

Comprehensive Security Strategy
IBM Z faces security threats from a variety of
sources, Sardino warns. No single solution can
prevent them all.
"Pervasive encryption is the foundation of a larger
data security and protection strategy," he explains.
"Different solutions protect against different types of
threats. Pervasive encryption is a good way to protect
data at-rest and in-flight, but an attacker using the
stolen credential of an authorized user may still be
able to see unencrypted data."
Sardino advises organizations to integrate pervasive
encryption as a fundamental component of a strategic
security plan. That should include multi-factor
authentication and data activity monitoring to identify
who is accessing data. Security intelligence is also
critical, using detailed audit records and user behavior
analytics to spot anomalies.
Pervasive encryption can also simplify and accelerate
the process of working with a compliance auditor.
"When clients are doing selective encryption
and sit down with the auditor, they have to show

The Case for Pervasive Encryption
Encrypting all data in the enterprise and applications allows organizations to:
*
*
*
*
*

Reduce the risk associated with breached or misclassified sensitive data
Make it more difficult for attackers to identify sensitive data
Protect all of the company's digital assets
Reduce the cost of compliance
Decouple data encryption from data classification
-B.M.

how they decided what data to
encrypt. They have to show the
application changes needed to
do the encryption and where
those changes were made.
This can be a long, drawn-out
process," Sardino points out.
"If they can easily show
the auditor that they've
encrypted all the data across
all applications, this is an
extremely powerful statement
that shows they have met
and improved the compliance
capability of the organization."

Time for Encryption
Total encryption may be a seismic
shift for some organizations, yet
it offers unparalleled advantages.
Some companies are worried about
breaches because of the damage
to their brand, potential lawsuits,
loss of intellectual property and
the erosion of customers' trust.
Other organizations are wrestling
with meeting increasingly
stringent compliance mandates.
Despite having so much at stake,
many organizations haven't started
their data protection initiatives,
Sardino says.
"With z14, IBM is really
delivering a comprehensive set of
capabilities that make pervasive
encryption of at-rest and in-flight
data possible for the first time,
including compliance reporting
and key management," he says.
Businesses should examine
applications where critical
data is stored, then start
encryption there. After that,
companies can roll it out on an
application-by-application basis
until all data is encrypted.
"The goal is to get everything
encrypted across all workloads
and applications," he says.
"The real value is when
encryption is pervasive."
Brett Martin is a freelance writer
based in Shakopee, Minnesota.

ibmsystemsmag.com JANUARY/FEBRUARY 2018 // 21


http://www.ibmsystemsmag.com

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe - January/February 2018

Table of Contents
Editor's Desk: Encryption Importance
Partner POV: Protect Your Assets: An application view of data is important for a point-in-time recovery
Currents: A Human-Centric Approach: IBM Design Thinking leads to an elevated user experience
Feature: Battle-Tested Tools: USAA integrates applications and data across platforms using RESTful APIs
Cover Story: Enterprise Peace of Mind: IBM z14 pervasive encryption protects all data
Feature: Worldwide Preparation: How IBM Z addresses GDPR compliance with pervasive encryption
Special Report: Rising to the Challenge: Survey shows opportunities for Linux on POWER
TECH Showcase: A Plan in Place: Determine which of the 7 levels of business continuity is right for you
Administrator: Improved Protection: Pervasive encryption features include integrated cryto hardware, key management, encryption of data at rest and data in flight, and Secure Service Container support
StopRun: Enthusiastic Education: Instructor brings the mainframe to eager students
Reference Point - Global Events, Education, Resources for Power Systems
2018 Mainframe Solution Edition
IBM Systems Magazine, Mainframe - January/February 2018 - Intro
IBM Systems Magazine, Mainframe - January/February 2018 - Cover1
IBM Systems Magazine, Mainframe - January/February 2018 - Cover2
IBM Systems Magazine, Mainframe - January/February 2018 - 1
IBM Systems Magazine, Mainframe - January/February 2018 - Table of Contents
IBM Systems Magazine, Mainframe - January/February 2018 - 3
IBM Systems Magazine, Mainframe - January/February 2018 - 4
IBM Systems Magazine, Mainframe - January/February 2018 - 5
IBM Systems Magazine, Mainframe - January/February 2018 - Editor's Desk: Encryption Importance
IBM Systems Magazine, Mainframe - January/February 2018 - 7
IBM Systems Magazine, Mainframe - January/February 2018 - Partner POV: Protect Your Assets: An application view of data is important for a point-in-time recovery
IBM Systems Magazine, Mainframe - January/February 2018 - 9
IBM Systems Magazine, Mainframe - January/February 2018 - Currents: A Human-Centric Approach: IBM Design Thinking leads to an elevated user experience
IBM Systems Magazine, Mainframe - January/February 2018 - 11
IBM Systems Magazine, Mainframe - January/February 2018 - 12
IBM Systems Magazine, Mainframe - January/February 2018 - 13
IBM Systems Magazine, Mainframe - January/February 2018 - Feature: Battle-Tested Tools: USAA integrates applications and data across platforms using RESTful APIs
IBM Systems Magazine, Mainframe - January/February 2018 - 15
IBM Systems Magazine, Mainframe - January/February 2018 - 16
IBM Systems Magazine, Mainframe - January/February 2018 - 17
IBM Systems Magazine, Mainframe - January/February 2018 - Cover Story: Enterprise Peace of Mind: IBM z14 pervasive encryption protects all data
IBM Systems Magazine, Mainframe - January/February 2018 - 19
IBM Systems Magazine, Mainframe - January/February 2018 - 20
IBM Systems Magazine, Mainframe - January/February 2018 - 21
IBM Systems Magazine, Mainframe - January/February 2018 - Feature: Worldwide Preparation: How IBM Z addresses GDPR compliance with pervasive encryption
IBM Systems Magazine, Mainframe - January/February 2018 - 23
IBM Systems Magazine, Mainframe - January/February 2018 - 24
IBM Systems Magazine, Mainframe - January/February 2018 - Special Report: Rising to the Challenge: Survey shows opportunities for Linux on POWER
IBM Systems Magazine, Mainframe - January/February 2018 - 26
IBM Systems Magazine, Mainframe - January/February 2018 - 27
IBM Systems Magazine, Mainframe - January/February 2018 - 28
IBM Systems Magazine, Mainframe - January/February 2018 - 29
IBM Systems Magazine, Mainframe - January/February 2018 - 30
IBM Systems Magazine, Mainframe - January/February 2018 - TECH Showcase: A Plan in Place: Determine which of the 7 levels of business continuity is right for you
IBM Systems Magazine, Mainframe - January/February 2018 - 32
IBM Systems Magazine, Mainframe - January/February 2018 - 33
IBM Systems Magazine, Mainframe - January/February 2018 - 34
IBM Systems Magazine, Mainframe - January/February 2018 - Administrator: Improved Protection: Pervasive encryption features include integrated cryto hardware, key management, encryption of data at rest and data in flight, and Secure Service Container support
IBM Systems Magazine, Mainframe - January/February 2018 - 36
IBM Systems Magazine, Mainframe - January/February 2018 - 37
IBM Systems Magazine, Mainframe - January/February 2018 - 38
IBM Systems Magazine, Mainframe - January/February 2018 - 39
IBM Systems Magazine, Mainframe - January/February 2018 - StopRun: Enthusiastic Education: Instructor brings the mainframe to eager students
IBM Systems Magazine, Mainframe - January/February 2018 - Cover3
IBM Systems Magazine, Mainframe - January/February 2018 - Cover4
IBM Systems Magazine, Mainframe - January/February 2018 - Reference Point - Global Events, Education, Resources for Power Systems
IBM Systems Magazine, Mainframe - January/February 2018 - SE
IBM Systems Magazine, Mainframe - January/February 2018 - 2018 Mainframe Solution Edition
IBM Systems Magazine, Mainframe - January/February 2018 - SECover2
IBM Systems Magazine, Mainframe - January/February 2018 - SE3
IBM Systems Magazine, Mainframe - January/February 2018 - SE4
IBM Systems Magazine, Mainframe - January/February 2018 - SE5
IBM Systems Magazine, Mainframe - January/February 2018 - SE6
IBM Systems Magazine, Mainframe - January/February 2018 - SE7
IBM Systems Magazine, Mainframe - January/February 2018 - SE8
IBM Systems Magazine, Mainframe - January/February 2018 - CT1
IBM Systems Magazine, Mainframe - January/February 2018 - CT2
IBM Systems Magazine, Mainframe - January/February 2018 - SE9
IBM Systems Magazine, Mainframe - January/February 2018 - SE10
IBM Systems Magazine, Mainframe - January/February 2018 - SE11
IBM Systems Magazine, Mainframe - January/February 2018 - SE12
IBM Systems Magazine, Mainframe - January/February 2018 - SE13
IBM Systems Magazine, Mainframe - January/February 2018 - SE14
IBM Systems Magazine, Mainframe - January/February 2018 - SE15
IBM Systems Magazine, Mainframe - January/February 2018 - SE16
IBM Systems Magazine, Mainframe - January/February 2018 - SE17
IBM Systems Magazine, Mainframe - January/February 2018 - SE18
IBM Systems Magazine, Mainframe - January/February 2018 - SE19
IBM Systems Magazine, Mainframe - January/February 2018 - SE20
IBM Systems Magazine, Mainframe - January/February 2018 - SE21
IBM Systems Magazine, Mainframe - January/February 2018 - SE22
IBM Systems Magazine, Mainframe - January/February 2018 - SE23
IBM Systems Magazine, Mainframe - January/February 2018 - SE24
IBM Systems Magazine, Mainframe - January/February 2018 - SE25
IBM Systems Magazine, Mainframe - January/February 2018 - SE26
IBM Systems Magazine, Mainframe - January/February 2018 - SE27
IBM Systems Magazine, Mainframe - January/February 2018 - SE28
IBM Systems Magazine, Mainframe - January/February 2018 - SE29
IBM Systems Magazine, Mainframe - January/February 2018 - SE30
IBM Systems Magazine, Mainframe - January/February 2018 - SE31
IBM Systems Magazine, Mainframe - January/February 2018 - SE32
IBM Systems Magazine, Mainframe - January/February 2018 - SE33
IBM Systems Magazine, Mainframe - January/February 2018 - SE34
IBM Systems Magazine, Mainframe - January/February 2018 - SE35
IBM Systems Magazine, Mainframe - January/February 2018 - SE36
IBM Systems Magazine, Mainframe - January/February 2018 - SE37
IBM Systems Magazine, Mainframe - January/February 2018 - SE38
IBM Systems Magazine, Mainframe - January/February 2018 - SE39
IBM Systems Magazine, Mainframe - January/February 2018 - SE40
IBM Systems Magazine, Mainframe - January/February 2018 - SE41
IBM Systems Magazine, Mainframe - January/February 2018 - SE42
IBM Systems Magazine, Mainframe - January/February 2018 - SE43
IBM Systems Magazine, Mainframe - January/February 2018 - SE44
IBM Systems Magazine, Mainframe - January/February 2018 - SE45
IBM Systems Magazine, Mainframe - January/February 2018 - SE46
IBM Systems Magazine, Mainframe - January/February 2018 - SECover3
IBM Systems Magazine, Mainframe - January/February 2018 - SECover4
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
http://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
http://www.nxtbook.com/nxtbooks/mspcomm/ibmsystems_mainframe_200901
http://www.nxtbookMEDIA.com