IBM Systems Magazine, Mainframe - March/April 2018 - 28
"As enterprises embrace the cloud-along with microservices
application development and multidata center environments
to host their workloads-security has become a shared
responsibility between clients and their service providers."
-Diana Henderson, offering manager for IBM Z and LinuxONE, IBM
degrade customer confidence in
an organization, she notes, which
can jeopardize its reputation,
impeding the ability to conduct
Enterprises also face new and
strengthened regulations and
guidelines to protect corporate
and citizen data. The financial
services industry has been
particularly affected. And new
frameworks like the European
Union's General Data Protection
Regulation (GDPR), which goes
into effect this May, "will emerge
as more prominent regulations
driving institutions to ensure
that all their data is protected,"
Henderson says. More stringent
cybersecurity requirements are
spanning multiple geographies-
in the United States, China and
other countries. (Read about how
IBM offers a framework to prepare
for the GDPR, page 33.)
Again, most enterprises know
cybersecurity has become a
critical business task. "The
challenge is discovering and
classifying all of the data that
should be protected," Henderson
says, a process she describes as
particularly cumbersome: "You
have to go through all of the data
and determine which data needs to
"Having to go and cherrypick is really time consuming,
it's error-prone-it's something
organizations don't want to risk
Organizations need protection
for any type of work they need to
perform, and for any type of data
they need to protect. And IBM's
cloud capabilities can help them
lower their risks more effectively
for Data Protection
"Strong passwords and
credentials are often the first line
of defense in an organization,"
Henderson notes. This makes sure
that the proper employees have
access solely to the data they need
to perform their jobs. On z/OS*,
authentication has traditionally
used passwords and passphrases.
Unfortunately, such credentials
can be vulnerable to theft if
they are common across login
platforms, if character lengths
are relatively short or if the
passphrases are predictable.
To address this, authentication
for z/OS now incorporates
multiple authentication factors
for users during the login process.
IBM Multi-Factor Authentication
for z/OS, in combination with
z/OS Security Server RACF*,
allows z/OS users to authenticate
with multiple factors: something
they know (e.g., a password),
something they are (e.g., a
fingerprint) and something they
have (e.g., an ID badge).
In helping determine which
data to encrypt, this past July, IBM
introduced pervasive encryption
for IBM z14*. With pervasive
encryption, Z users can encrypt
all of the data and not worry
about picking out the data that
might need protection.
"In some cases, organizations
might not know where all of
their data lies," Henderson says.
Pervasive encryption, she adds,
provides a full-stack view when
28 // MARCH/APRIL 2018 ibmsystemsmag.com
of the enterprises
you look at the hardware, OS
and the middleware. This is very
much a collaborative approach.
Pervasive encryption can also be
used to encrypt data sets on z/OS.
"As enterprises embrace the
cloud-along with microservices
application development and
multidata center environments
to host their workloads-
security has become a shared
responsibility between clients
and their service providers.
Enterprises often bring their own
tools, processes and licenses to
support their cloud workloads
and classify their most sensitive
data. Pervasive encryption
can make this much easier,"
Henderson says. It also can help
reduce the amount of data that
might require an enterprise's
review for audit or compliance.
Pervasive encryption enables
clients to avoid that complexity of
classification and discovery and
simply encrypt all of their data.
Protecting customer data can
also extend to the analytics and
cognitive capabilities for IBM Z.
Henderson notes that clients are
seeking real-time analytic insights
from their data to drive better
business outcomes. By keeping
data on the platform, clients can
run analytics where the data
resides, avoid data deduplication
and the latency associated
"IBM Pervasive Encryption: A New
Paradigm for Protection," from Solitaire: