IBM Systems magazine, Mainframe - November/December 2018 - 17

O

rganizations are eager to capture opportunities that beckon
in the marketplace. They know
that new and modernized applications are necessary to better serve
customers. Organizations also realize
that, now more than ever, security
remains crucial to business success.
In October, IBM announced IBM
Secure Service Containers, a new
!É$ Ã&Ä&Ã"$!(ÈÉ%ÃÆÉ É®&%Ã!$Ã
security, as well as the Solution Consumption License Charges (SCLC)
metric, a consumption-based
pricing model for new z/OS*-based
applications. Both offerings are
designed to provide developers
with an agile environment that fully
exploits the capabilities of IBM Z* to
cost effectively deploy new services.

IBM Secure Service
Containers
Security and agility are at the heart
of the IBM Secure Service Container
offering. This software appliance
framework is designed to securely
package an OS, middleware and application components to be deployed
as a single image on an IBM Z or
LinuxONE* server. A Secure Service
Container provides unique security
capabilities like tamper protection
of the appliance framework, encryp&! Ã!ÃÈÄ&ÄÃ ï&ÃÄ ÈÃÄ&Ã$É%&QÃÄ ÈÃ
protection from misuse of privileged
user credentials.
"Consider server infrastructure
deployed in a data center," says
Diana Henderson, offering manager, IBM Z and LinuxONE. "The
ÄÈ %ÃÄ Ä ÃÄ ÈÃÇ! ®'$ Ã
this environment need access to
the infrastructure-the networking,
%&!$ÄÉQÃÇ! ®'$Ä&! Ã!ÃÄ$È)Ä$ÉÃ
"$!®É%QÃÉ&ÇNQÃÆ'&ÃÈ! V&à ÉÇÉ%%Ä$1Ã
need visibility to the data and code
running on the systems."
While Secure Service Containers
are foundational to existing solutions like IBM Blockchain, IBM Db2*
Analytics Accelerator for accelerated Db2 queries and others, there
has always been a desire to enable
external users to deploy their choice
of workload within the Secure

Bad actors both inside and outside
an organization are threats to its security. External threats from hackers
and ransomware remain a primary
focus for organizations. Industry
studies have returned compelling
statistics regarding the threats
faced by enterprises. The 2018 Data
Breach Investigations Report by Verizon (vz.to/2JzzhGq) states that today,
most cybercriminals are motivated
by monetary gain, targeting sensitive
ÈÄ&ÄÃ%'ÇÃÄ%Ã"É$%! Ä1ÃÈÉ &®ÄÆÉÃ
information (PII), business assets
and intellectual property or payment
card data.
Savvy CIOs know they must protect their organizations from growing insider threats, which typically
come from an employee with a high
access level to data. Perhaps someone has a set of credentials to access
databases or other repositories. If
the person moves to another job in
the organization, those credentials
may no longer be needed. If access
% V&ÃÇ'$&ÄÉÈQÃ&ÉÃÉ"!1ÉÉÃÇ!'ÈÃ
misuse that access inadvertently or
maliciously for personal gain.

they wrestle with decisions about
which data to encrypt. "Identifying
the most critical data to be encrypted and where that data resides in
the enterprise can be a challenge for
many," notes Henderson. Organizations are looking for a better way to
determine which data to encrypt.
Businesses can leverage IBM Secure Service Container technology
and, in particular, its encryption of
ÈÄ&ÄÃÄ&Ã$É%&ÃÄ ÈÃ ï&ÃÇÄ"ÄÆ&É%Ã
for container workloads deployed
in the Secure Service Container for
IBM Cloud Private. The manageÉ &ï!)Ã%ÃÉ Ç$1"&ÉÈÃ!$ÃÈÄ&ÄÃ Ã
¯&Ã)&Ã4$Ä %"!$&Ã,Ä1É$Ã3ÉÇ'$&1Ã
(TLS), while data at rest is encrypted
'% Ã&ÉÃ, '0xÃ5 ®ÉÈÃ+É1Ã3É&'"Ã
(LUKS)-based encryption. The appliance, in this instance, is performing
the encryption automatically. The
keys utilized to perform this encryption are contained within and manÄÉÈÃÆ1Ã&ÉÃÄ""Ä ÇÉQÃ%!Ã&É1V$ÉÃ
inaccessible to a user from outside
the appliance, whether internal or
external to an organization.
$ÉÆ'ÃÄ ÈÃÇ! ®'$Ä&! ÃÈÄ&ÄÃ!Ã
the Secure Service Container framework are also encrypted in case they
hold sensitive data. "Even encrypting
&ÉÃÇ! ®'$Ä&! ÃÈÄ&ÄÃ!Ã&ÉÃÄ"pliance could be as valuable as the
defense itself," Henderson says.
In addition to security, deployment speed is key. With the
packaging of underlying components of the OS, middleware and
UI control, organizations can focus
at higher levels of the stack, managing Kubernetes-based clusters
in the case of IBM Secure Service
Container for IBM Cloud Private
and the containerized application.
The underlying execution environment is abstracted away as part of
the appliance image. "This layer
È!É% V&Ã ÉÉÈÃ&!ÃÆÉÃÄ ÄÉÈÃÆ1Ã&ÉÃ
end user as its update path is tied
to the updates of the overall appliance," Henderson says.

Built-in Encryption

Cloud Integration

Many organizations are turning to
encryption to secure their data. But

IBM is also working to enable clients
and ISVs to use Secure Service

Service Container framework. This
journey begins now as Secure Service Containers have been extended
to enable the deployment of applications at runtime by external users.
"We leverage Docker container
and Kubernetes container management technologies as a means
to leverage an industry standard
for application packaging and
deployment," says Henderson. This
is available through a new offering called the IBM Secure Service
Container for IBM Cloud* Private,
which enables organizations to
securely deploy Docker and Kubernetes workloads on IBM Z and
LinuxONE servers while managed
by IBM Cloud Private, a Platform
as a Service for hybrid and private
cloud deployments.

A Secure Environment

IBMSYSTEMSMAG.COM NOVEMBER/DECEMBER 2018 | 17


http://www.vz.to/2JzzhGq http://www.IBMSYSTEMSMAG.COM

IBM Systems magazine, Mainframe - November/December 2018

Table of Contents for the Digital Edition of IBM Systems magazine, Mainframe - November/December 2018

Table of Contents
Editor's Desk: Room for imporovement
Currents: The big redesign unveil
Currents: ExxonMobil and IBM improce the mobile app user experience
Currents: 8 emerging storage trends of 2018
Currents: Solutions
Currents: Remembering Dr. John Ehrman: The father of IBM High Level Assembler
Partner POV: DevOps requires quality, velocity and efficiency to transform software delivery life cycles
Cover Story: Enabling opportunity: Get the most out of IBM Z with Secure Service Containers and a consumption-based pricing model
Feature 1: Skilling up: How Russell Tobin, Per Scholas and IBM brought new talent into the mainframe workforce
TECH Showcase: How to reap the full benefits of virtual tape storage, properly measure its performance and choose the right strategy for your business
Techbits: Banco do Brasil improves processes after migrating to the IBM Db2 Utilities Suite for z/OS
Techbits: Multifactor authentication is a user-friendly upgrade to password-only systems
Beyond the Box: The mainframe Playground Education Initiative opens the mainframe to the next generation
Reference Point - Global Events, Education, Resources for Power Systems
2018 Mainframe Solutions Edition Product Index
IBM Systems magazine, Mainframe - November/December 2018 - Intro
IBM Systems magazine, Mainframe - November/December 2018 - Cover1
IBM Systems magazine, Mainframe - November/December 2018 - Cover2
IBM Systems magazine, Mainframe - November/December 2018 - 1
IBM Systems magazine, Mainframe - November/December 2018 - 2
IBM Systems magazine, Mainframe - November/December 2018 - 3
IBM Systems magazine, Mainframe - November/December 2018 - Table of Contents
IBM Systems magazine, Mainframe - November/December 2018 - 5
IBM Systems magazine, Mainframe - November/December 2018 - Editor's Desk: Room for imporovement
IBM Systems magazine, Mainframe - November/December 2018 - 7
IBM Systems magazine, Mainframe - November/December 2018 - Currents: The big redesign unveil
IBM Systems magazine, Mainframe - November/December 2018 - Currents: ExxonMobil and IBM improce the mobile app user experience
IBM Systems magazine, Mainframe - November/December 2018 - Beyond the Box: The mainframe Playground Education Initiative opens the mainframe to the next generation
IBM Systems magazine, Mainframe - November/December 2018 - 11
IBM Systems magazine, Mainframe - November/December 2018 - Currents: Solutions
IBM Systems magazine, Mainframe - November/December 2018 - Currents: Remembering Dr. John Ehrman: The father of IBM High Level Assembler
IBM Systems magazine, Mainframe - November/December 2018 - Partner POV: DevOps requires quality, velocity and efficiency to transform software delivery life cycles
IBM Systems magazine, Mainframe - November/December 2018 - 15
IBM Systems magazine, Mainframe - November/December 2018 - Cover Story: Enabling opportunity: Get the most out of IBM Z with Secure Service Containers and a consumption-based pricing model
IBM Systems magazine, Mainframe - November/December 2018 - 17
IBM Systems magazine, Mainframe - November/December 2018 - 18
IBM Systems magazine, Mainframe - November/December 2018 - 19
IBM Systems magazine, Mainframe - November/December 2018 - 20
IBM Systems magazine, Mainframe - November/December 2018 - 21
IBM Systems magazine, Mainframe - November/December 2018 - Feature 1: Skilling up: How Russell Tobin, Per Scholas and IBM brought new talent into the mainframe workforce
IBM Systems magazine, Mainframe - November/December 2018 - 23
IBM Systems magazine, Mainframe - November/December 2018 - 24
IBM Systems magazine, Mainframe - November/December 2018 - 25
IBM Systems magazine, Mainframe - November/December 2018 - 26
IBM Systems magazine, Mainframe - November/December 2018 - 27
IBM Systems magazine, Mainframe - November/December 2018 - 28
IBM Systems magazine, Mainframe - November/December 2018 - TECH Showcase: How to reap the full benefits of virtual tape storage, properly measure its performance and choose the right strategy for your business
IBM Systems magazine, Mainframe - November/December 2018 - 30
IBM Systems magazine, Mainframe - November/December 2018 - 31
IBM Systems magazine, Mainframe - November/December 2018 - 32
IBM Systems magazine, Mainframe - November/December 2018 - 33
IBM Systems magazine, Mainframe - November/December 2018 - 34
IBM Systems magazine, Mainframe - November/December 2018 - 35
IBM Systems magazine, Mainframe - November/December 2018 - Techbits: Banco do Brasil improves processes after migrating to the IBM Db2 Utilities Suite for z/OS
IBM Systems magazine, Mainframe - November/December 2018 - 37
IBM Systems magazine, Mainframe - November/December 2018 - Techbits: Multifactor authentication is a user-friendly upgrade to password-only systems
IBM Systems magazine, Mainframe - November/December 2018 - 39
IBM Systems magazine, Mainframe - November/December 2018 - 40
IBM Systems magazine, Mainframe - November/December 2018 - Cover3
IBM Systems magazine, Mainframe - November/December 2018 - Cover4
IBM Systems magazine, Mainframe - November/December 2018 - Reference Point - Global Events, Education, Resources for Power Systems
IBM Systems magazine, Mainframe - November/December 2018 - 2018 Mainframe Solutions Edition Product Index
IBM Systems magazine, Mainframe - November/December 2018 - SE2
IBM Systems magazine, Mainframe - November/December 2018 - SE3
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbook.com/nxtbooks/mspcomm/ibmsystems_mainframe_200901
https://www.nxtbookmedia.com