IBM Z Pervasive Encryption Marks a Paradigm Shift for Security
Trust is the currency that drives the new economy. It’s the foundation of digital relationships and demands security, transparency and greater value in every interaction and transaction. That’s among the reasons IBM equipped the new z14 system with pervasive encryption. Transitioning away from selective encryption to end-to-end protection helps organizations secure all of their enterprise data while reducing the cost and complexity of meeting compliance mandates.
“Strong walls and perimeter defenses are no longer adequate to shield organizations from cyberattacks. We must view data as the new perimeter, and put the security controls for the data on the data itself,” says Nick Sardino, program director, IBM Z Offering Management. “That means implementing strong encryption of data wherever it resides.”
Why Pervasive?
Encryption is perceived as complex. Organizations struggle with determining which data should be encrypted, where encryption should occur and who is responsible for it.
Because the responsibility for encryption is unclear, many companies only encrypt what’s required for compliance. Often this means it occurs at the application level. Doing so is costly because it requires people with the skills to handle the encryption, and ongoing maintenance is needed throughout the application lifecycle. Pervasive encryption provides a transparent and consumable approach to enable extensive encryption of data in flight and at rest to simplify and reduce the costs associated with protecting data and achieving compliance mandates.
To achieve this new standard for encryption, IBM Z delivered several new capabilities integrated throughout the z14 stack in the hardware, OS and middleware. The on-chip cryptographic acceleration was enhanced to provide more than 6x more performance than z13 at more than 18x faster than competitive platforms, according to a Solitaire Interglobal report. Bulk file and data set encryption was placed at a point in the OS where the encryption would be transparent to applications and highly optimized for performance. IBM also designed new capabilities to encrypt the data in the z/OS Coupling Facility, and more easily report on the security of z/OS network sessions.
IBM middleware such as Db2 and IMS was enhanced to exploit these new features as well. “Clients can transition Db2 and IMS high availability databases from unencrypted to encrypted without stopping the database or the application,” says Sardino, “which is a huge value for the DBAs that we’ve spoken to.”
IBM Security also enhanced the IBM Security zSecure suite to provide administration and audit support for pervasive encryption. The suite can feed data into a newly designed QRadar dashboard for auditors. Other IBM Security solutions such as IBM Security Guardium Data Encryption for Db2 and IMS Databases and IBM Security Guardium Data Activity Monitor can be layered on top of pervasive encryption for additional levels of data protection.
New Thinking
In addition to helping organizations protect all of their digital assets, pervasive encryption can decouple identification and classification from the process of encryption and reduce the risk of unidentified or misclassified data. It also makes sensitive data within the enterprise more difficult for attackers to identify because it’s all encrypted.
When organizations can quickly and easily demonstrate to auditors all of their data is encrypted, the cost and complexity are significantly reduced.
Rest Easy
IBM Z is the only platform that offers the protection of pervasive encryption. This no-compromise approach to data protection is at the core of trusted digital experiences. With pervasive encryption you can rest easy knowing your data is secure.
“The new capabilities being delivered with z14 will allow organizations to encrypt all of the data associated with an application or database, without the need to make any application changes and without impacting service level agreements,” says Sardino. “No other platform in the world can do this.”