image

IBM’s security game-changer reverberates through the Z world — and beyond

With IBM’s announcement of new Pervasive Encryption capabilities, the Z world meets the modern reality of cybersecurity head on, with all its myriad threats and opportunities.

The huge potential of Pervasive Encryption is clear, and I think financial institutions in particular will race to deploy it. Facing GDPR or PCI-DSS requirements, or HIPAA in the USA? No problem. You can now encrypt your enterprise business data relatively quickly and simply, transparently, at scale and with minimal overheads, both at rest and in flight. Why wouldn’t you? When you consider the data breaches over the last few years, the worrying fact is that only four percent of the data stolen was encrypted. 96 percent was clear and unencrypted, meaning it was free and available for use.

IBM said the new features “usher in a new era of game-changing security capabilities” and I tend to agree. The IBM security team explained the new system introduces “a breakthrough encryption engine that, for the first time, makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time,” adding that these new capabilities are intended to address “the global epidemic of data breaches, a major factor in the US$8 trillion cybercrime impact on the global economy by 2022.”

Indeed, the implications extend way beyond Z into the non-mainframe security world – which is why this development is so exciting for me. If we can do this on the mainframe at high speeds and at such quality, pervasive encryption could really represent a changing role for the mainframe in terms of becoming a security service provider for the wider enterprise: crypto as a service, anyone?

It’s great to see that IBM has taken the time to do proper job with this: they’ve really thought it through, giving us application transparent encryption and a way to do it fairly quickly. But this new world comes with a few caveats, as you’d expect: game changer it may be, but you shouldn’t just rush into it. For instance, managing encryption keys to avoid their theft is important: there’s quite a piece of work around ensuring you have robust procedures in place to manage the keys used to protect your data.

Editors Note:  Mark Wilson is the author of this blog post, his official byline is “A global thought leader and international speaker in mainframe technology and security, Mark Wilson heads RSM Partners’ Technical and Security teams. www.rsmpartners.com”  I know Mark as a thoroughly good bloke who hails from the epicenter of the know universe, namely the Black Country in the UK, and that he is partial to the occasional curry and a accompanying beer, but his official byline is probably the best one to go with here…