IBM Systems magazine, IBM Z - March/April 2020 - 22

IBM's two-pronged data-centric
approach uses encryption keys
to ensure data is protected while
leveraging the platform's key
protection capabilities. Encryption
is central to protecting data and
privacy in the cloud.

Easy and Impenetrable
Security
With encryption becoming ubiquitous, delivering Crypto-as-a-Service
capability is significant. When IBM's
Hyper Protect Virtual Servers are
combined with IBM Z cryptographic
horsepower, it's easy to see why anyone using cryptocurrency is eager to
tap into these new capabilities. For
example, IBM cryptographic hardware-which meets the highest-level
security certification standards,
can be virtualized; each server can
have 16 cryptographic cards with 85
virtual domains per card. When
you multiply that out, it serves
cloud-scale perfectly.

IBM Z as a Service
in Action
IBM Blockchain is an excellent
example of IBM Z as a Service in
action. IBM Blockchain has been
running in the IBM Cloud* on IBM Z
for two years-with more than 500
customers using it as a secure platform shared among financial institutions. With that kind of rigor and
transparency built into the design,
it's hard to make a business case for
moving mission-critical workloads
from the IBM Z platform onto a commodity cloud where enterprise data
and applications are at risk.
IBM Hyper Protect Virtual Servers combine several capabilities,
built in end-to-end-from the hardware, firmware and the OS, according to Michael Jordan, Distinguished
Engineer, IBM Z Security. By default,
all of the code and data associated
with Hyper Protect Virtual Servers
are encrypted. When you deploy an
application in one of these containers, everything in flight and at
rest gets encrypted automatically-

without additional configuration or
set up. IBM's Hyper Protect Virtual
Servers solution is a locked down
container prohibiting access from
anyone without a key. Blocking and
restricting access prevents administrators with elevated privileges from
having uncontrolled access to the
file system.

Addressing the
Linux Conundrum
The idea of protected execution
eliminates the ability for someone to
use their access for malicious purposes. Using Secure Service Containers-which have been available
for over a year, effectively resolves
the problem. Secure Service Containers, now called Hyper Protect
Virtual Servers, are available when
coding in containers.
However, because organizations not using containers require
a different approach to solve the
same problem, a second solution
from IBM is on the near horizon.
It's the next ace in a strong hand to
ensure customer data and applications can be protected no matter
what OS is used because IBM Z and
LinuxONE* systems will have a
more hardened, secure execution
environment for Linux*.

From DevOps
to DevSecOps
No organization wants its name
plastered across the headlines for
experiencing a data breach, compromising either data or clients'
privacy. Different threat factors
can compromise an application
throughout its lifecycle. For instance, now that containers are used
pervasively across small and large
organizations-from start-up to
well-established businesses, development staff and contractors who
possess elevated credentials have
the potential to do real damage to an
organization. 
Misuse by authorized users is
gaining ground as a breach pattern. According to the 2019 Ver-

izon Data Breach Investigations
Report (vz.to/2PFsIrc), "privilege
misuse and error by insiders"
account for up to 30% of breaches;
and that number is even worse
within the healthcare sector where
internal threats are more prevalent than external attacks-60%
(internal) versus 42% (external). 
Insider-initiated incidents are
problematic for several reasons.
Insider breaches can be tricky to
detect: An internal actor may already have access to a system to do
their job. With no spotlight on the
incident, the post-breach response
can be slow; and, finally, organizations often hesitate to report
breaches of this kind, regarding
them as taboo. Without the usual
signposts to highlight a potential
threat, the infrastructure itself isn't
viewed as critical-especially when
a team is focused on getting their
applications built, out the door and
deployed quickly. 

Protect Against Misuse
From Authorized Users
"Organizations need to consider
who has access to the infrastructure-and what the individual could
do with an elevated level of access,"
says Diana Henderson, offering
manager for IBM Z as a Service.
Trusted execution environments enable you to securely build,
deploy and manage container run
time environments in a virtualized
environment on either IBM Z or
LinuxONE platforms. "When an
application is due to be deployed,
there's potential for bad actors with
elevated authority to access the
application or data. The individual
could modify either the app or the
profiles of the configuration associated with the app-causing serious
damage," explains Henderson.
The differentiated security capability is ideal for protecting mission-critical workloads in financial
services, healthcare and government, as well as managed service
providers providing infrastructure

22 | MARCH/APRIL 2020 IBMSYSTEMSMAG.COM

pg 21-23.indd 22

2/12/20 3:10 PM


http://www.vz.to/2PFsIrc http://www.IBMSYSTEMSMAG.COM

IBM Systems magazine, IBM Z - March/April 2020

Table of Contents for the Digital Edition of IBM Systems magazine, IBM Z - March/April 2020

Table of Contents
Editor's Desk: Securing a data-driven world
Currents: Learn how to provide customers with data privacy and security at Think 2020
Currents: On the web
Currents: Closing the COBOL programming skills gap
Currents: Hyundai and Uber announce aerial ride-hailing partnership
Partner POV: 3 requirements for enterprise-level digital transformation
Cover Story: Dynamic Data Protection: IBM Data Privacy Passports gives IBM Z users data privacy control, no matter where it is or where it's going
Feature 1: Sealing up Privacy: Continuous IBM Z innovations offer a roadmap designed to stay ahead of clients' changing security needs
Feature 2: Unlocking Quantum Security: Quantum-safe cryptography is key to protecting data as quantum computing systems evolve
TECH Showcase: Collaboration, communication and cooperation are crucial for developing a successful data management strategy
Techbits: z/OS data migration: Helping clients avoid risk and downtime
Techbits: Ask the expert: What is Fibre Channel over IP?
Beyond the Box: Homer Ahr reflects on working mission control for the NASA Apollo space program
Reference Point - Global Events, Education, Resources for Power Systems
2020 IBM Z Solutions Directory
IBM Systems magazine, IBM Z - March/April 2020 - Intro
IBM Systems magazine, IBM Z - March/April 2020 - Cover1
IBM Systems magazine, IBM Z - March/April 2020 - Cover2
IBM Systems magazine, IBM Z - March/April 2020 - 1
IBM Systems magazine, IBM Z - March/April 2020 - 2
IBM Systems magazine, IBM Z - March/April 2020 - 3
IBM Systems magazine, IBM Z - March/April 2020 - Table of Contents
IBM Systems magazine, IBM Z - March/April 2020 - 5
IBM Systems magazine, IBM Z - March/April 2020 - Editor's Desk: Securing a data-driven world
IBM Systems magazine, IBM Z - March/April 2020 - 7
IBM Systems magazine, IBM Z - March/April 2020 - Currents: Learn how to provide customers with data privacy and security at Think 2020
IBM Systems magazine, IBM Z - March/April 2020 - Currents: On the web
IBM Systems magazine, IBM Z - March/April 2020 - Currents: Closing the COBOL programming skills gap
IBM Systems magazine, IBM Z - March/April 2020 - Currents: Hyundai and Uber announce aerial ride-hailing partnership
IBM Systems magazine, IBM Z - March/April 2020 - Partner POV: 3 requirements for enterprise-level digital transformation
IBM Systems magazine, IBM Z - March/April 2020 - 13
IBM Systems magazine, IBM Z - March/April 2020 - Cover Story: Dynamic Data Protection: IBM Data Privacy Passports gives IBM Z users data privacy control, no matter where it is or where it's going
IBM Systems magazine, IBM Z - March/April 2020 - 15
IBM Systems magazine, IBM Z - March/April 2020 - 16
IBM Systems magazine, IBM Z - March/April 2020 - 17
IBM Systems magazine, IBM Z - March/April 2020 - 18
IBM Systems magazine, IBM Z - March/April 2020 - 19
IBM Systems magazine, IBM Z - March/April 2020 - 20
IBM Systems magazine, IBM Z - March/April 2020 - Feature 1: Sealing up Privacy: Continuous IBM Z innovations offer a roadmap designed to stay ahead of clients' changing security needs
IBM Systems magazine, IBM Z - March/April 2020 - 22
IBM Systems magazine, IBM Z - March/April 2020 - 23
IBM Systems magazine, IBM Z - March/April 2020 - Feature 2: Unlocking Quantum Security: Quantum-safe cryptography is key to protecting data as quantum computing systems evolve
IBM Systems magazine, IBM Z - March/April 2020 - 25
IBM Systems magazine, IBM Z - March/April 2020 - 26
IBM Systems magazine, IBM Z - March/April 2020 - 27
IBM Systems magazine, IBM Z - March/April 2020 - 28
IBM Systems magazine, IBM Z - March/April 2020 - 29
IBM Systems magazine, IBM Z - March/April 2020 - 30
IBM Systems magazine, IBM Z - March/April 2020 - TECH Showcase: Collaboration, communication and cooperation are crucial for developing a successful data management strategy
IBM Systems magazine, IBM Z - March/April 2020 - 32
IBM Systems magazine, IBM Z - March/April 2020 - 33
IBM Systems magazine, IBM Z - March/April 2020 - 34
IBM Systems magazine, IBM Z - March/April 2020 - 35
IBM Systems magazine, IBM Z - March/April 2020 - Techbits: z/OS data migration: Helping clients avoid risk and downtime
IBM Systems magazine, IBM Z - March/April 2020 - 37
IBM Systems magazine, IBM Z - March/April 2020 - Techbits: Ask the expert: What is Fibre Channel over IP?
IBM Systems magazine, IBM Z - March/April 2020 - 39
IBM Systems magazine, IBM Z - March/April 2020 - Beyond the Box: Homer Ahr reflects on working mission control for the NASA Apollo space program
IBM Systems magazine, IBM Z - March/April 2020 - Cover3
IBM Systems magazine, IBM Z - March/April 2020 - Cover4
IBM Systems magazine, IBM Z - March/April 2020 - Reference Point - Global Events, Education, Resources for Power Systems
IBM Systems magazine, IBM Z - March/April 2020 - SD
IBM Systems magazine, IBM Z - March/April 2020 - 2020 IBM Z Solutions Directory
IBM Systems magazine, IBM Z - March/April 2020 - CoverSD2
IBM Systems magazine, IBM Z - March/April 2020 - SD1
IBM Systems magazine, IBM Z - March/April 2020 - SD2
IBM Systems magazine, IBM Z - March/April 2020 - SD3
IBM Systems magazine, IBM Z - March/April 2020 - SD4
IBM Systems magazine, IBM Z - March/April 2020 - CT1
IBM Systems magazine, IBM Z - March/April 2020 - CT2
IBM Systems magazine, IBM Z - March/April 2020 - SD5
IBM Systems magazine, IBM Z - March/April 2020 - SD6
IBM Systems magazine, IBM Z - March/April 2020 - SD7
IBM Systems magazine, IBM Z - March/April 2020 - SD8
IBM Systems magazine, IBM Z - March/April 2020 - SD9
IBM Systems magazine, IBM Z - March/April 2020 - SD10
IBM Systems magazine, IBM Z - March/April 2020 - SD11
IBM Systems magazine, IBM Z - March/April 2020 - SD12
IBM Systems magazine, IBM Z - March/April 2020 - SD13
IBM Systems magazine, IBM Z - March/April 2020 - SD14
IBM Systems magazine, IBM Z - March/April 2020 - SD15
IBM Systems magazine, IBM Z - March/April 2020 - SD16
IBM Systems magazine, IBM Z - March/April 2020 - SD17
IBM Systems magazine, IBM Z - March/April 2020 - SD18
IBM Systems magazine, IBM Z - March/April 2020 - SD19
IBM Systems magazine, IBM Z - March/April 2020 - SD20
IBM Systems magazine, IBM Z - March/April 2020 - SD21
IBM Systems magazine, IBM Z - March/April 2020 - SD22
IBM Systems magazine, IBM Z - March/April 2020 - SD23
IBM Systems magazine, IBM Z - March/April 2020 - SD24
IBM Systems magazine, IBM Z - March/April 2020 - SD25
IBM Systems magazine, IBM Z - March/April 2020 - SD26
IBM Systems magazine, IBM Z - March/April 2020 - SD27
IBM Systems magazine, IBM Z - March/April 2020 - SD28
IBM Systems magazine, IBM Z - March/April 2020 - SD29
IBM Systems magazine, IBM Z - March/April 2020 - SD30
IBM Systems magazine, IBM Z - March/April 2020 - SD31
IBM Systems magazine, IBM Z - March/April 2020 - SD32
IBM Systems magazine, IBM Z - March/April 2020 - SD33
IBM Systems magazine, IBM Z - March/April 2020 - SD34
IBM Systems magazine, IBM Z - March/April 2020 - SD35
IBM Systems magazine, IBM Z - March/April 2020 - SD36
IBM Systems magazine, IBM Z - March/April 2020 - SD39
IBM Systems magazine, IBM Z - March/April 2020 - SD40
IBM Systems magazine, IBM Z - March/April 2020 - SD41
IBM Systems magazine, IBM Z - March/April 2020 - SD42
IBM Systems magazine, IBM Z - March/April 2020 - SD43
IBM Systems magazine, IBM Z - March/April 2020 - SD44
IBM Systems magazine, IBM Z - March/April 2020 - SD45
IBM Systems magazine, IBM Z - March/April 2020 - SD46
IBM Systems magazine, IBM Z - March/April 2020 - SD47
IBM Systems magazine, IBM Z - March/April 2020 - SD48
IBM Systems magazine, IBM Z - March/April 2020 - SD49
IBM Systems magazine, IBM Z - March/April 2020 - SD50
IBM Systems magazine, IBM Z - March/April 2020 - SD51
IBM Systems magazine, IBM Z - March/April 2020 - SD52
IBM Systems magazine, IBM Z - March/April 2020 - SD53
IBM Systems magazine, IBM Z - March/April 2020 - SD54
IBM Systems magazine, IBM Z - March/April 2020 - SD55
IBM Systems magazine, IBM Z - March/April 2020 - SD56
IBM Systems magazine, IBM Z - March/April 2020 - CoverSD3
IBM Systems magazine, IBM Z - March/April 2020 - CoverSD4
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20201112
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200910
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbookmedia.com