Published: Mon, July 17, 2017
Research | By Jo Caldwell

IBM Z mainframe has built-in encryption to fight 'epidemic of data breaches'

IBM Z mainframe has built-in encryption to fight 'epidemic of data breaches'

Customers of the previous z13 mainframe can take advantage of the new pervasive encryption features by upgrading the operating system and software, but they won't get the performance boost that the new IBM Z mainframe provides, Perera said.

The system encrypts data at rest or in flight wherever it is located, and can be encrypted in bulk rather than in small chunks as is usual today. The EU's new General Data Protection Regulation will, among other things, hit a company subject to a data breach with significant fines unless they are able to demonstrate that the data were encrypted and the keys protected.

Not every business has a security strategy, and it's highly likely that not every business has encrypted its data, but IBM thinks it can solve this problem with its Z mainframe. IBM said the dedicated silicon means cryptographic performance is about 18 times faster than current x86 systems. IBM said the Z represents the "most significant system overhaul" in more than 15 years.

"The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very hard and expensive to do at scale", Ross Mauri, general manager of IBM Z, said in the release.

The IBM Z isn't short on power, though.

The Z mainframe also has the ability to destroy encryption keys if tampering or interference is detected - encrypting the programming interfaces which link the apps and services.

IBM said it co-designed the IBM Z with 150 clients including security experts and chief security officers. "But companies that need mainframes to run the backbone of large, complex business systems will find the upgrade to z14 worthwhile", he said.

The mainframe, called IBM Z or z14, introduces a new encryption engine that for the first time will allow users to encrypt all of their data with one click-in databases, applications or cloud services-with virtually no impact on performance.

"The pervasive encryption that is built into, and is created to extend beyond, the new IBM Z really makes this the first system with an all-encompassing solution to the security threats and breaches we've been witnessing in the past 24 months", says Peter Rutten, analyst at IDC's Servers and Compute Platforms Group.

IBM Z represents revolutionary changes in cryptography technology delivering such breakthroughs as pervasive encryption of data and tamper-responding encryption keys.

It hopes the new mainframe will enable companies to comply with new data protection laws, such as the European Union's General Data Protection Regulation (GDPR) and the U.S.'s Federal Financial Institutions Examination Council (FFIEC) guidance on the use of encryption in the financial services industry. It also removes entire classes of data and users from the compliance scope. The system also provides an audit trail showing if and when permissioned insiders accessed data. Its memory footprint is 32TB, which is three times the size of the previous generation. The z14 is even gruntier and bumps that up nearly five fold to 12 billion encrypted transactions per day. It supports 2,000,000 Docker containers and 1,000 concurrent NoSQL databases. When available, these capabilities will include the support of workflow extensions for IBM Cloud Provisioning and Management for z/OS and real-time SMF analytics infrastructure support.

Like this: