IBM Z mainframe brings end-to-end encryption to all your data

Big Blue announced that its latest IBM Z mainframe computer will be able to encrypt all of the data in an enterprise all of the time, bringing encryption to everything from cloud services to databases. The IBM Z can run more than 12 billion encrypted transactions per day.

This kind of encryption makes sense for security, but it wasn’t done in the past because it is very expensive to do and takes a lot of computing cycles. It represents IBM’s response to the problem of data breaches and enterprise compliance. The company noted that, in 2016, more than 4 billion data records were compromised, a 556 percent increase over 2015. Of the 9 billion records breached the past 5 years, only 4 percent were encrypted.

Despite these staggering statistics, compounded by a wave of new regulations, no significant progress has been made to encrypt data on a massive scale, IBM said. The IBM Z addresses this problem, and it’s a response to input from 150 clients who advised in the development of the IBM Z, which is one of the biggest overhauls in 15 years.

“The pervasive encryption that is built into, and is designed to extend beyond, the new IBM Z really makes this the first system with an all-encompassing solution to the security threats and breaches we’ve been witnessing in the past 24 months,” said Peter Rutten, analyst at IDC’s Servers and Compute Platforms Group, in a statement.

Above: IBM Z Server

Image Credit: Connie Zhou for IBM

IBM dedicated 400 percent more silicon to cryptographic algorithms in the processors for the IBM Z. Until now, companies have had to selectively encrypt small chunks of data at a time, a time and labor-intensive task

The system is designed to deal with huge data breaches, and it automates compliance for the European Union’s General Data Protection Regulation. IBM claimed that it encrypts data 18 times faster than Intel-based (x86) platforms at 5 percent of the cost.

IBM is also announcing new IBM blockchain cloud data centers using IBM Z as the encryption engine. The engine makes it possible to encrypt all data associated with any application, cloud service or database, all of the time. That means that when data is transferred from one place to another, it isn’t in a form that can be easily stolen by malicious hackers.

The IBM Z features the industry’s fastest microprocessor and a new scalable system structure that delivers a 35 percent capacity increase for traditional workloads and a 50 percent capacity increase for Linux workloads compared to the previous generation IBM z13.

Encryption is largely absent in corporate data centers and even in cloud data centers because current solutions for data encryption in the x86 environment dramatically degrade performance and user experience, and are too complex and expensive to manage for regulatory compliance, IBM said. As a result, only about two percent of corporate data is encrypted today. By contrast, more than 80 percent of mobile device data is encrypted.

The recent IBM study found that extensive use of encryption is a top factor in reducing the cost of a data breach, resulting in a $16 reduction in cost per lost or stolen record.

IBM Z is aimed at protecting the world’s banking, healthcare, government and retail systems. IBM Z can protect millions of keys (as well as the process of accessing, generating and recycling them) in “tamper responding” hardware that causes keys to self-destruct at any sign of intrusion and then reconstituted in safety. The IBM Z key management system is designed to meet Federal Information Processing Standards (FIPS) Level 4 standards, where the norm for high security in the industry is Level 2.

This IBM Z capability can be extended beyond the mainframe to other devices, such as storage systems and servers in the cloud. In addition, the company said the IBM Secure Service Container protects against “Snowden-style” insider threats from contractors and privileged users. It provides automatic encryption of data and code in-flight and at-rest, and tamper-resistance during installation and runtime.

IBM Z builds on top of what IBM’s transaction engine can already do, which includes handling 87 percent of all credit card transactions and nearly $8 trillion payments a year; 29 billion ATM transactions each year, worth nearly $5 billion per day; 4 billion passenger flights each year, and more than 30 billion transactions a day.