Mainframe, Security and More: A Review of 2022 and a Look at 2023
By Trevor Eddolls / January 19, 2023
Trevor Eddolls looks back at key events and security concerns in 2022—and covers trends to watch in 2023
Even while some people were looking for a career change, the world of the mainframe was still moving ahead in its usual, inexorable way. Mainframe services became available from the cloud, and IBM unveiled a new mainframe model. For mainframe users, there were security concerns with the enhancements to quantum computing and the number of security breaches that were reported. And looking to the future, Gartner predicted several trends to watch out for. Let’s explore these developments, starting with key IBM announcements.
Major IBM Announcements in 2022
AcquisitionsIn a relatively quiet year, IBM has acquired Neudesic, a cloud services consultancy specializing primarily in the Microsoft Azure platform. It also acquired Databand, a provider of data observability software, and Dialexa, which offers digital product engineering services.
IBM Wazi as-a-ServiceIn the first quarter of 2022, IBM announced IBM Wazi as-a-Service (Wazi aaS), which makes z/OS capabilities available to IBM Cloud, reducing the time it takes to access z/OS development and test environments from days to around six minutes. IBM Cloud for z/OS development is 15x faster than using an x86 environment. In effect, IBM is offering virtual machines that people can use as mainframe test and development environments with the intention of creating cloud-based virtual production environments. Users get on-demand access to z/OS and can develop and test applications they are working on.
IBM z16In April, IBM unveiled its much-trailed new mainframe, the z16, its next-generation system with an integrated on-chip AI accelerator, which delivers latency-optimized inferencing. The accelerator is designed to enable clients to analyze real-time transactions at scale. It’s ideal for mission-critical workloads such as credit card, healthcare and financial transactions. The z16 is also specifically designed to help protect against near-future threats that might be used to crack today’s encryption technologies. With its 7 nm Telum processor, the z16 provides much-needed on-chip AI inferencing, and the rest of the mainframe (like earlier models) provides highly secured and reliable high-volume transaction processing. Banks are now able to monitor for fraud during transactions on a massive scale. IBM asserts that the z16 can process 300 billion inference requests per day with just one millisecond of latency. Users of the z16 can reduce the time and energy required to handle fraudulent transactions on their credit card. For both merchants and card issuers, this could mean a reduction in revenue loss because consumers could avoid the frustration associated with false declines where they might turn to other cards for future transactions.
The IBM z16 is underpinned by lattice-based cryptography, an approach for constructing security primitives that helps protect data and systems against current and future threats. With IBM z16 quantum-safe cryptography, businesses can future-ready their applications and data today. IBM z16 clients can also strengthen their cyber resiliency posture and retain control of their system using secure boot (meaning that bad actors cannot inject malware into the boot process to take over the system during start-up). The z16’s secure boot and quantum-safe cryptography can help clients address future quantum computing-related threats—including harvest now, decrypt later (HNDL) attacks, which can lead to extortion, loss of intellectual property and disclosure of other sensitive data.
Key Security Concerns
Quantum ComputingThere’s been a nagging worry about quantum computing for a while now. Quantum computing is fast—a whole quantum leap faster than today’s technology. Rather than using 0’s and 1’s, quantum computers work at the quantum level (i.e., at the atomic or subatomic level), and information can be encoded in more than one place. That’s what makes them so fast. The worry is that large organizations and nation-states will use the speed of a quantum computer to break the algorithms used to encode data and access the previously encoded information.
The z16 supports the Crypto Express 8S adapter, which is designed to deliver quantum-safe APIs, letting enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications.
In September, IBM added the four National Institute of Standards and Technology (NIST) algorithms that were chosen in August to create a post-quantum cryptography (PQC) standard built on encryption algorithms that can protect against future quantum processor-based attacks. The NIST algorithms are designed for two of the main tasks for which public key cryptography is typically used: public key encapsulation, which is used for public key encryption and key establishment; and digital signatures, which are used for identity authentication and non-repudiation. The algorithms used include CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+.
Data BreachesSecurity is an ongoing issue for every IT platform. IBM’s Cost of a Data Breach Report 2022 found that the current average cost of a data breach is $4.35 million. The average time to identify and contain a data breach is 277 days—207 days to identify the breach and 70 days to contain the breach. In term of ransomware: for organizations that didn’t pay the ransom, the average cost of the breach was $5.12 million; and for organizations that did pay the ransom, the cost of the breach was $4.49 million plus the cost of the ransom. The biggest problems were phishing attacks, stolen credentials, cloud misconfiguration and compromised business partners. And those are people problems, not software or hardware problems. That doesn’t include problems associated with disgruntled staff or ex-staff.
The 2022 IBM Security X-Force report found that manufacturing outpaced finance and insurance in the number of cyberattacks against these industries, extending global supply chain woes. The report said that manufacturers have a low tolerance for downtime, and ransomware actors are capitalizing on operational stressors exacerbated by the pandemic. About 1 in 4 attacks on this sector were from ransomware. In terms of statistics, 47% of attacks were vulnerability exploitation, 40% phishing, 7% removable media, and brute force and stolen credentials were both at 3%. The report goes on to suggest that as defenses grow stronger, malware gets more innovative. Attackers are increasingly using cloud-based messaging and storage services to blend into legitimate traffic. And some groups are experimenting with new techniques in encryption and code obfuscation to go unnoticed.
Strategic Technology Trends for 2023With the key trends and concerns of 2022 in mind, let’s look ahead to 2023. It’s always interesting to see what Gartner’s Top Strategic Technology Trends for the year are. In 2023, they include:
1. Digital Immune System – “By 2025, organizations that invest in building digital immunity will increase customer satisfaction by decreasing downtime by 80%.”
2. Applied Observability – “By 2026, 70% of organizations that successfully applied observability will achieve shorter latency for decision-making, enabling competitive advantage for target business or IT processes.”
3. AI Trust, Risk and Security Management (AI TRiSM) – “By 2026, organizations that operationalize AI transparency, trust and security will see their AI models achieve a 50% improvement in terms of adoption, business goals and user acceptance.”
4. Industry Cloud Platforms – “By 2027, more than 50% of enterprises will use industry cloud platforms to accelerate their business initiatives.”
5. Platform Engineering – “By 2026, 80% of software engineering organizations will establish platform teams as internal providers of reusable services, components and tools for application delivery.”
6. Wireless-Value Realization – “By 2025, 50% of enterprise wireless endpoints will use networking services that deliver additional capabilities beyond communication, up from less than 15%.”
7. Superapps – “By 2027, more than 50% of the global population will be daily active users of multiple superapps. A superapp is an app that provides end users (e.g., customers, partners or employees) with a set of core features, along with access to independently created miniapps.”
8. Adaptive AI – “By 2026, enterprises that have adopted AI engineering practices to build and manage adaptive AI systems will outperform their peers in the operationalizing AI models by at least 25%.”
9. Metaverse – “By 2027, over 40% of large organizations worldwide will be using a combination of Web3, spatial computing and digital twins in metaverse-based projects aimed at increasing revenue. Metaverse is a combinatorial innovation made up of multiple technology themes and trends.”
10. Sustainable Technology – “By 2025, 50% of CIOs will have performance metrics tied to the sustainability of the IT organization. Sustainable technology is a framework of solutions that increases the energy and material efficiency of IT services; enables enterprise sustainability through technologies like traceability, analytics, renewable energy and others; and helps customers become more sustainable through apps, software, marketplaces and more.”
The mainframe industry is an exciting place to work. I can confidently predict that 2023 will be an interesting year, and that the mainframe will continue to offer outstanding security, performance and reliability—and be at the heart of the world’s business-critical applications.
z/OS / Linux on IBM Z / z/VM / z/VSE / Article / Security / IBM Z / Data security / Quantum computing / Cybersecurity / z16
About the author
Trevor Eddolls is the CEO of iTech-Ed Ltd and has been an IBM Champion from 2009-2021.
See more by Trevor Eddolls