IBM announces breakthrough in encryption and data protection for enterprises

Data Protection Encryption

IBM Z mainframe ushers in a new era of data protection with pervasive encryption

IBM's general manager of z Systems Ross Mauri says the company spent two years talking to 150 customers to get a grip on exactly what it would take for them to upgrade their current mainframe technology, and what they kept hearing was "encrypt everything so we don't have to worry about it".

"The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very hard and expensive to do at scale", says Ross Mauri, GM for IBM Z. IBM Z makes it possible, for the first time, for organizations to pervasively encrypt data associated with an entire application, cloud service or database in flight or at rest with one click.

The IBM Z key management system is created to meet Federal Information Processing Standards Level 4, where the norm for high security in the industry is Level 2.

IBM's Z mainframe is set to be most significant system overhaul from IBM in more than 15 years and has been designed with involvement from more than 100 financial services and other industry mainframe clients and users.

In addition to pervasive encryption, the new IBM Z's encryption system protects encryption keys from attacker tampering by invalidating keys at any sign of intrusion and enables organisations to encrypt application program interfaces (APIs).

IBM also said plans to build six data centres with IBM Z systems carrying out encryption tasks for blockchain services, which provide encrypted records of secure transactions and are aimed primarily at financial services companies. This group includes government agencies and numerous world's largest financial institutions, retailers, healthcare organizations, and insurance firms - in other words, primary targets for professional hackers. This bulk encryption at cloud scale is made possible by a massive 7-times increase in cryptographic performance over the previous generation z13 - driven by a 4x increase in silicon dedicated to cryptographic algorithms.

The company says that it's found a way to encrypt every level of a network, applications, databases, cloud services and so on. They will face fines of up to 4pc of annual worldwide revenues, or €20m, unless the organisation can demonstrate that data was encrypted and the keys were protected.

Applications that do need to decrypt the data will run under a special user ID that can access the decryption key - but such user IDs typically cannot be used to log in to the system, making it harder for hackers to both grab a file and decrypt it.

Application development and test with the freedom to triple capacity of all development environments on z/OS to support latest DevOps tooling and processes. And there's pricing model for payment systems, which is based on the volume of payments not capacity.

IBM Z builds on top of what IBM's transaction engine can already do, which includes handling 87 percent of all credit card transactions and almost $8 trillion payments a year, 29 billion ATM transactions each year (worth almost $5 billion per day), 4 billion passenger flights each year, and more than 30 billion transactions a day.

Big Blue burbles it can run the world's largest MongoDB instance with 2.5x faster NodeJS performance compared to paltry x86-based platforms.

Of course, IBM is promising this, and has revealed a new pricing strategy called a "container pricing model", but Mauri wouldn't discuss details, so it's hard to know exactly how the company defines "cost-effective".

1 000 concurrent NoSQL databases. The Z also has three times the memory for faster response times and analytics performance and three times faster data movement.

As part of the announcement, IBM also previewed new z/OS software that provides foundational capabilities for private cloud service delivery, enabling a transformation from an IT cost center to a value-generating service provider.

Latest News