IBM Systems Magazine, Mainframe - January/February 2018 - 24
and some 96 percent of those records weren't encrypted, according to the Breach Level Index (breachlevelindex.com). "I find that shocking," Compert says. Every company in every industry should be similarly astonished. If they don't encrypt sensitive data, they risk exposing it on a massive scale-impacting customers for perhaps their lifetimes-potentially facing fines and tarnishing their brands. Pervasive Encryption, CaaS, GDPR... Making Sense of the Noise! Tuesday, February 6 | 1 ET / Noon CT The disruption & opportunities presented by PE, GDPR & Crypto as a Service We will discuss what's happened recently, recap key announcements and cover the implications for Z tech professionals. We'll also look at the impact of these announcements for non-Z users, making particular reference to the brave new world of Crypto as a Service (CaaS). And, precisely what this all means in terms of GDPR and other legislation. FEATURING: Mark Wilson Director - Technical & Security RSM Partners Ltd Register Today: webcasts.com/ibmsystemsmag sponsored advertising content 24 // JANUARY/FEBRUARY 2018 ibmsystemsmag.com Under GDPR, however, organizations might be able to avoid some breach-notification requirements if they employ encryption. For example, if data is stolen or compromised in some way but was encrypted and the keys hadn't been stolen, the organization might not have to divulge the breach to impacted individuals. "Anything you design should take encryption into account. It's like when I want a drink of water. I just go over to the faucet and I turn it on. It's a utility." -Cindy Compert, IBM cybersecurity leader, U.S. Public Sector Market, and CTO, data security and privacy, IBM Security They will have to disclose it to data-protection regulatory authorities, but their public reputation can be spared because the data was encrypted at the time of the breach1. These types of legal safe harbors apply to many industries, as is the case where U.S. HIPAA compliance is required. Some organizations have declined to use encryption because of CPU overhead and having to rewrite applications. In some cases, encrypting data resulted in 100 percent CPU utilization, which sometimes rendered systems unresponsive. Although