IBM Systems magazine, IBM Z - May/June 2020 - SD31

ARTICLE

SECURITY

Encryption Keeps Data Secure
By Shirley S. Savage

O

rganizations are eager to take
advantage of cloud's flexibility.
Yet concerns about security
often hold them back. While cloud
services encrypt data at rest and
in flight, issues including access to
customer data by cloud admins as
well as reliability and performance are
concerns.
Recognizing these concerns, IBM
introduced IBM Cloud* Hyper Protect
Services to enable built-in workload
isolation and prevent tampering
of data by privileged users. Hyper
Protect Services use LinuxONE*
Secure Service Container technology.
By enabling Hyper Protect Services,
application developers can create
secure cloud applications. The Docker
base stack provides security without
any coding changes. Clients get the
performance and reliability they've
come to expect with LinuxONE.
"The LinuxONE platform doesn't
change in the cloud, so there's still
a secure enclave-the backbone for
Secure Service Containers," says John
Currie, program director, IBM Hyper
Protect Services. "We can provide a
secure enclave for client to operate
within, limiting access by a third party.
We also have 100% encryption of all
data within the secure enclave."
IBM is adding to the roster of Hyper
Protect Services as offerings are
developed and tested. For example,
Hyper Protect Database as a Service
(DBaaS) and Hyper Protect Crypto
Services now are available for clients.
Hyper Protect DBaaS gives full control
of the data to the data owners and stops
cloud operator access. Hyper Protect
Crypto Services enables data owners to
control encryption keys and Hardware
Security Nodules. These offerings help

keep client data secure in the cloud
("Hyper Protect Services Increase
Cloud Security," bit.ly/2M8eWvh).

Encryption's Benefits
Several ways exist to encrypt data
at rest, including full disk and tape
encryption, database encryption, file
or data set encryption, and application
encryption. All encryption levels
complement each other. Many clients
choose data set encryption to bolster
their hardware-level encryption,
says Cecilia Carranza Lewis, a senior
technical staff member at IBM.
With z/OS* data set encryption,
the data can be encrypted without
application changes. The user assigns
an encryption key label when the
data set is created. Once that's done,
access methods will encrypt data as it's
written and decrypt the data when it's
read.
On z/OS, data set encryption has
several benefits that set it apart from
hardware encryption:
* It's enabled by policy, which lets
users specify a key label to identify
data sets to be encrypted
* The user decides which data sets
need to be encrypted and sets the
granularity level
* Data is encrypted in flight and at
rest
* It simplifies audits as encryption
attributes are displayed with data
set metadata
Data set encryption on z/OS adds
value to the enterprise's security
portfolio. ("How does z/OS data set
encryption differentiate itself from
other types of encryption for data at
rest?" bit.ly/2M8BMTr).

Getting Comfortable
With Encryption
Many enterprise IT shops have
concerns about implementing
pervasive encryption on IBM Z*
and how it will affect the business.
Concerns about losing crypto keys,
creating policies and procedures
around the lifecycle of keys can be
addressed to allay worries, says Mark
Moore, software architect in IBM's IT
Economics and Research Team.
Lost crypto keys are a common
concern. However, IT shops can take
several preventive measures to ensure
that keys aren't misplaced. The IBM
Z platform has a master key facility
to manage operational keys for data
set encryption called Integrated
Cryptographic Services Facility. In
addition, IBM's Crypto Express card
has a master key that is used to create
secure operational keys. This feature
prevents bad actors from accessing
data. Users can avail themselves of
redundant Crypto Express cards,
which prevent loss if a failure occurs.
Many IT shops worry about
encryption affecting system
performance. To get a better handle on
how a system will be affected, IT can
use the IBM Z Batch Network Analyzer.
This PC-based tool analyzes metrics to
see how data set encryption will impact
performance. Other tools such as z/
OS Encryption Readiness Technology
can determine what network traffic is
encrypted.
Any organization considering using
pervasive encryption likely will want
to start with a proof of concept, Moore
says. Once the organization is familiar
with encryption, it can be confident
about applying it in other areas of the
business.

ibmsystemsmag.com/solutions-directory 2020 31


http://bit.ly/2M8eWvh http://bit.ly/2M8BMTr http://www.ibmsystemsmag.com/solutions-directory

IBM Systems magazine, IBM Z - May/June 2020

Table of Contents for the Digital Edition of IBM Systems magazine, IBM Z - May/June 2020

Table of Contents
Editor's Desk: Enabling your success in a hybrid multicloud world
Currents: Arvind Krishna elected IBM CEO, James Whitehurst elected president
Currents: Solutions
Currents: Sustainable battery composition
Currents: The next generation of IBMers on why IBM Z is relevant
Currents: Women in IT value community and mentorship
Currents: A call to all Canadian mainframers
Partner POV: Develop an effective package management strategy to streamline DevOps
Cover Story: Meet the New IBM z15 and IBM LinuxONE III Models: The latest air-cooled systems can help enhance resiliency, security and availability in a hybrid cloud world
The Business Value of the Transformative IBM Z Platform How Feature 1: The Business Value of the Transformative IBM Z Platform: How IBM Z provides tools and capabilities for digital transformation
TECH Showcase: The IBM DS8900F family of flash storage systems provides improved encryption, disaster recovery, uptime and scalability
Techbits: Linux on IBM Z and IBM LinuxONE: When to use SCSI versus DASD storage
Techbits: Application tier considerations for moving to the cloud or x86
Techbits: Ask the expert: How can I reduce risk when performing an IBM Z hardware upgrade?
Beyond the Box: IBMer David Hilliard on his role as a locomotive engineer for the Catskill Mountain Railroad
IBM Systems magazine, IBM Z - May/June 2020 - Intro
IBM Systems magazine, IBM Z - May/June 2020 - Table of Contents
IBM Systems magazine, IBM Z - May/June 2020 - Cover2
IBM Systems magazine, IBM Z - May/June 2020 - 1
IBM Systems magazine, IBM Z - May/June 2020 - 2
IBM Systems magazine, IBM Z - May/June 2020 - 3
IBM Systems magazine, IBM Z - May/June 2020 - 4
IBM Systems magazine, IBM Z - May/June 2020 - 5
IBM Systems magazine, IBM Z - May/June 2020 - Editor's Desk: Enabling your success in a hybrid multicloud world
IBM Systems magazine, IBM Z - May/June 2020 - 7
IBM Systems magazine, IBM Z - May/June 2020 - Currents: Solutions
IBM Systems magazine, IBM Z - May/June 2020 - Currents: The next generation of IBMers on why IBM Z is relevant
IBM Systems magazine, IBM Z - May/June 2020 - Currents: Women in IT value community and mentorship
IBM Systems magazine, IBM Z - May/June 2020 - 11
IBM Systems magazine, IBM Z - May/June 2020 - 12
IBM Systems magazine, IBM Z - May/June 2020 - 13
IBM Systems magazine, IBM Z - May/June 2020 - Currents: A call to all Canadian mainframers
IBM Systems magazine, IBM Z - May/June 2020 - 15
IBM Systems magazine, IBM Z - May/June 2020 - Partner POV: Develop an effective package management strategy to streamline DevOps
IBM Systems magazine, IBM Z - May/June 2020 - 17
IBM Systems magazine, IBM Z - May/June 2020 - Cover Story: Meet the New IBM z15 and IBM LinuxONE III Models: The latest air-cooled systems can help enhance resiliency, security and availability in a hybrid cloud world
IBM Systems magazine, IBM Z - May/June 2020 - 19
IBM Systems magazine, IBM Z - May/June 2020 - 20
IBM Systems magazine, IBM Z - May/June 2020 - 21
IBM Systems magazine, IBM Z - May/June 2020 - 22
IBM Systems magazine, IBM Z - May/June 2020 - 23
IBM Systems magazine, IBM Z - May/June 2020 - The Business Value of the Transformative IBM Z Platform How Feature 1: The Business Value of the Transformative IBM Z Platform: How IBM Z provides tools and capabilities for digital transformation
IBM Systems magazine, IBM Z - May/June 2020 - 25
IBM Systems magazine, IBM Z - May/June 2020 - 26
IBM Systems magazine, IBM Z - May/June 2020 - 27
IBM Systems magazine, IBM Z - May/June 2020 - 28
IBM Systems magazine, IBM Z - May/June 2020 - TECH Showcase: The IBM DS8900F family of flash storage systems provides improved encryption, disaster recovery, uptime and scalability
IBM Systems magazine, IBM Z - May/June 2020 - 30
IBM Systems magazine, IBM Z - May/June 2020 - 31
IBM Systems magazine, IBM Z - May/June 2020 - 32
IBM Systems magazine, IBM Z - May/June 2020 - 33
IBM Systems magazine, IBM Z - May/June 2020 - 34
IBM Systems magazine, IBM Z - May/June 2020 - Techbits: Linux on IBM Z and IBM LinuxONE: When to use SCSI versus DASD storage
IBM Systems magazine, IBM Z - May/June 2020 - 36
IBM Systems magazine, IBM Z - May/June 2020 - Techbits: Application tier considerations for moving to the cloud or x86
IBM Systems magazine, IBM Z - May/June 2020 - 38
IBM Systems magazine, IBM Z - May/June 2020 - Techbits: Ask the expert: How can I reduce risk when performing an IBM Z hardware upgrade?
IBM Systems magazine, IBM Z - May/June 2020 - Beyond the Box: IBMer David Hilliard on his role as a locomotive engineer for the Catskill Mountain Railroad
IBM Systems magazine, IBM Z - May/June 2020 - Cover3
IBM Systems magazine, IBM Z - May/June 2020 - Cover4
IBM Systems magazine, IBM Z - May/June 2020 - SD
IBM Systems magazine, IBM Z - May/June 2020 - CoverSD1
IBM Systems magazine, IBM Z - May/June 2020 - CoverSD2
IBM Systems magazine, IBM Z - May/June 2020 - SD1
IBM Systems magazine, IBM Z - May/June 2020 - SD2
IBM Systems magazine, IBM Z - May/June 2020 - SD3
IBM Systems magazine, IBM Z - May/June 2020 - SD4
IBM Systems magazine, IBM Z - May/June 2020 - CT1
IBM Systems magazine, IBM Z - May/June 2020 - CT2
IBM Systems magazine, IBM Z - May/June 2020 - SD5
IBM Systems magazine, IBM Z - May/June 2020 - SD6
IBM Systems magazine, IBM Z - May/June 2020 - SD7
IBM Systems magazine, IBM Z - May/June 2020 - SD8
IBM Systems magazine, IBM Z - May/June 2020 - SD9
IBM Systems magazine, IBM Z - May/June 2020 - SD10
IBM Systems magazine, IBM Z - May/June 2020 - SD11
IBM Systems magazine, IBM Z - May/June 2020 - SD12
IBM Systems magazine, IBM Z - May/June 2020 - SD13
IBM Systems magazine, IBM Z - May/June 2020 - SD14
IBM Systems magazine, IBM Z - May/June 2020 - SD15
IBM Systems magazine, IBM Z - May/June 2020 - SD16
IBM Systems magazine, IBM Z - May/June 2020 - SD17
IBM Systems magazine, IBM Z - May/June 2020 - SD18
IBM Systems magazine, IBM Z - May/June 2020 - SD19
IBM Systems magazine, IBM Z - May/June 2020 - SD20
IBM Systems magazine, IBM Z - May/June 2020 - SD21
IBM Systems magazine, IBM Z - May/June 2020 - SD22
IBM Systems magazine, IBM Z - May/June 2020 - SD23
IBM Systems magazine, IBM Z - May/June 2020 - SD24
IBM Systems magazine, IBM Z - May/June 2020 - SD25
IBM Systems magazine, IBM Z - May/June 2020 - SD26
IBM Systems magazine, IBM Z - May/June 2020 - SD27
IBM Systems magazine, IBM Z - May/June 2020 - SD28
IBM Systems magazine, IBM Z - May/June 2020 - SD29
IBM Systems magazine, IBM Z - May/June 2020 - SD30
IBM Systems magazine, IBM Z - May/June 2020 - SD31
IBM Systems magazine, IBM Z - May/June 2020 - SD32
IBM Systems magazine, IBM Z - May/June 2020 - SD33
IBM Systems magazine, IBM Z - May/June 2020 - SD34
IBM Systems magazine, IBM Z - May/June 2020 - SD35
IBM Systems magazine, IBM Z - May/June 2020 - SD36
IBM Systems magazine, IBM Z - May/June 2020 - SD39
IBM Systems magazine, IBM Z - May/June 2020 - SD40
IBM Systems magazine, IBM Z - May/June 2020 - SD41
IBM Systems magazine, IBM Z - May/June 2020 - SD42
IBM Systems magazine, IBM Z - May/June 2020 - SD43
IBM Systems magazine, IBM Z - May/June 2020 - SD44
IBM Systems magazine, IBM Z - May/June 2020 - SD45
IBM Systems magazine, IBM Z - May/June 2020 - SD46
IBM Systems magazine, IBM Z - May/June 2020 - SD47
IBM Systems magazine, IBM Z - May/June 2020 - SD48
IBM Systems magazine, IBM Z - May/June 2020 - SD49
IBM Systems magazine, IBM Z - May/June 2020 - SD50
IBM Systems magazine, IBM Z - May/June 2020 - SD51
IBM Systems magazine, IBM Z - May/June 2020 - SD52
IBM Systems magazine, IBM Z - May/June 2020 - SD53
IBM Systems magazine, IBM Z - May/June 2020 - SD54
IBM Systems magazine, IBM Z - May/June 2020 - SD55
IBM Systems magazine, IBM Z - May/June 2020 - SD56
IBM Systems magazine, IBM Z - May/June 2020 - CoverSD3
IBM Systems magazine, IBM Z - May/June 2020 - CoverSD4
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20201112
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200910
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbookmedia.com