IBM Z mainframe brings end-to-end encryption to all your data


Big Blue announced that its latest IBM Z mainframe computer will be able to encrypt all of the data in an enterprise all of the time, bringing encryption to everything from cloud services to databases. The IBM Z can run more than 12 billion encrypted transactions per day.

This kind of encryption makes sense for security, but it wasn’t done in the past because it is very expensive and takes a lot of computing cycles. Now, however, it represents IBM’s response to the problem of data breaches and enterprise compliance. The company noted that in 2016 more than 4 billion data records were compromised, a 556 percent increase over 2015. Of the 9 billion records breached over the past 5 years, only 4 percent were encrypted.

Despite these staggering statistics, compounded by a wave of new regulations, no significant progress has been made in terms of encrypting data on a massive scale, IBM said. In responding to this problem, the company enlisted 150 clients to advise in the development of the IBM Z, which represents one of the biggest overhauls in 15 years.

“The pervasive encryption that is built into — and is designed to extend beyond — the new IBM Z really makes this the first system with an all-encompassing solution to the security threats and breaches we’ve been witnessing in the past 24 months,” said Peter Rutten, analyst at IDC’s Servers and Compute Platforms Group, in a statement.

Above: IBM Z Server

Image Credit: Connie Zhou for IBM

IBM dedicated 400 percent more silicon to cryptographic algorithms in the processors for the IBM Z. Until now, companies have had to selectively encrypt small chunks of data at a time, which is a time- and labor-intensive task

The system is designed to deal with huge data breaches, and it automates compliance for the European Union’s General Data Protection Regulation. IBM claimed that it encrypts data 18 times faster than Intel-based (x86) platforms, at 5 percent of the cost.

The company is also announcing new IBM blockchain cloud data centers, using IBM Z as the encryption engine. The engine makes it possible to encrypt all data associated with any application, cloud service, or database, all of the time. That means that when data is transferred from one place to another, it isn’t in a form that can be easily stolen by malicious hackers.

The IBM Z features the industry’s fastest microprocessor and a new scalable system structure that delivers a 35 percent capacity increase for traditional workloads and a 50 percent capacity increase for Linux workloads, compared to the previous generation IBM z13.

Encryption is largely absent in corporate data centers, and even in cloud data centers, because current solutions for data encryption in the x86 environment dramatically degrade performance and user experience and are too complex and expensive to manage for regulatory compliance, IBM said. As a result, only about 2 percent of corporate data is encrypted today. By contrast, more than 80 percent of mobile device data is encrypted.

The recent IBM study found that extensive use of encryption is a top factor in reducing the cost of a data breach, resulting in a $ 16 reduction in cost per lost or stolen record.

IBM Z is aimed at protecting the world’s banking, health care, government, and retail systems. It can protect millions of keys (as well as the process of accessing, generating, and recycling them) in “tamper responding” hardware that causes keys to self-destruct at any sign of intrusion and then reconstituted in safety. The IBM Z key management system is designed to meet Federal Information Processing Standards (FIPS) Level 4 standards, well exceeding the industry norm of Level 2.

This IBM Z capability can be extended beyond the mainframe to other devices, such as storage systems and servers in the cloud. In addition, the company said the IBM Secure Service Container protects against “Snowden-style” insider threats from contractors and privileged users. It provides automatic encryption of data and code in-flight and at-rest, and tamper resistance during installation and runtime.

IBM Z builds on top of what IBM’s transaction engine can already do, which includes handling 87 percent of all credit card transactions and nearly $ 8 trillion payments a year, 29 billion ATM transactions each year (worth nearly $ 5 billion per day), 4 billion passenger flights each year, and more than 30 billion transactions a day.

Security – VentureBeat