IBM Systems Magazine, Mainframe - January/February 2018 - SE27
Keeps All Data Secure
ata breaches are a major concern for organizations. While
big breaches get lots of play in the news, smaller breaches
are just as devastating. Keeping data safe on the mainframe is
top of mind for IBM.
IBM Systems Magazine's recent readership survey found that
54 percent of respondents are deploying security solutions
currently, and another 8 percent expect to do so within the next
year. Because security is an overriding concern, respondents said
they wanted to better understand how to boost their mainframe
security. (See "Magazine Reader Survey Reveals Top Concerns
Among Mainframe Users," bit.ly/2z60HPq.)
Many respondents remarked that upper management doesn't
completely understand the value the mainframe brings to
keeping data secure. To provide guidance, Nick Sardino,
program director, IBM Z* Offering Management, has this
advice: "Security is architected into the entire platform from
the microprocessor and firmware, the hypervisors and OSes,
and all the way into the applications and middleware." He
also points out that the IBM Z platform provides security at 81
percent lower cost and is 8x more resistant to security threats
Another reason for using the mainframe is pervasive encryption.
Available on the new z14* system, pervasive encryption ensures
that all-not some-data is encrypted on the system. It also
reduces the complexity and cost of meeting compliance
mandates. (See "Pervasive Encryption is the No-Compromise
Approach to Data Protection on IBM z14," bit.ly/2x68QWw.)
"Strong walls and perimeter defenses are no longer
adequate to shield organizations from
cyberattacks," Sardino says. "We must
view data as the new perimeter and put
the security controls for the data on the data itself. That means
implementing strong encryption of data wherever it resides."
Many organizations consider encryption to be complex.
Some have opted for encrypting only the data needed to
meet compliance regulations. Such encryption happens at the
application level and can be costly because of the need for IT
personnel with encryption skills and ongoing maintenance.
Pervasive encryption is IBM's solution to this quandary. IBM
added several new capabilities integrated throughout the z14
stack in hardware, OS and middleware. IBM enhanced on-chip
cryptographic acceleration to provide 6x more performance
than the z13*, more than 18x faster than competing platforms,
according to a report by Solitaire Interglobal.
Further, IBM placed the bulk file and data set encryption at
a point in the OS to optimize performance and where it would
be transparent to applications. New capabilities were added
to encrypt the data in the z/OS* Coupling Facility and to report
on z/OS network session security.
Db2* and IMS* middleware were enhanced, too. "Clients
can transition Db2 and IMS high availability databases from
unencrypted to encrypted without stopping the database
or the application, which is a huge value for the DBAs we've
spoken to," Sardino says.
IBM Z pervasive encryption represents a paradigm shift in how
organizations can protect their data.
Because all of the data within an enterprise is encrypted,
pervasive encryption thwarts hackers looking for certain data
to steal. It can also separate identification and classification
from the encryption process, reducing
the possibility of misclassified or
ibmsystemsmag.com/buyersguide 2018 // 27