IBM touts full data encryption in new Z series mainframes

IBM Z mainframe ushers in a new era of data protection with pervasive encryption

As more stringent data protection rules enter into force, increasing enterprise requirements for encryption, IBM is stepping into the breach with an encryption engine based on its Z Systems mainframe aimed at locking down data across applications, cloud platforms and databases.

"We think this will be broadly adopted across financial services, government, retail and travel and transportation", said Ross Mauri, general manager of IBM Z. Under the new law, organizations will have to demonstrate that data is encrypted and keys are protected. The last time IBM respun the mainframe was when it virtualized Linux and open source software about 15 years ago.

In a statement provided by IBM, International Data Corp. analyst Peter Rutten called the Z "the first system with an all-encompassing solution to the security threats and breaches we've been witnessing in the past 24 months".

The bulk encryption at cloud scale is made possible by an increase of seven in cryptographic performance over the previous generation z13 - driven by a increase in silicon dedicated to cryptographic algorithms.

Computer hardware in general and large mainframe-style computers have taken a big hit in the dawning era of cloud computing.

IBM said its new data encryption capabilities are created to address the global epidemic of data breaches, faster, and at a cheaper cost, with container pricing and other payment possibilities. IBM said its six new blockchain service centers in Dallas, London, Frankfurt, Sao Paolo, Tokyo, and Toronto are already using the mainframe's cryptographic technology.

Drawing on 21 years' worth of data about security incidents, the researchers concluded that, "Of the breaches and incursions analyzed, they could reduce the threat surface by 92 percent by having pervasive encryption on IBM Z", said Nick Sardino, IBM's program director for offering management, z Systems Growth Initiatives.

Along with compliance with data governance rules, IBM is also targeting its encryption engine at emerging application such as blockchains, the distributed databases for digital transactions. Mauri said more blockchain centers will be added.

"We can eliminate those classes of users from risk if their IDs get hacked or attacked", he said.

Un-encrypted data is an easier target for hackers than encrypted. The GDPR will require organizations to report data breaches within 72 hours or face fines of up to 4 percent of annual revenue. "Data centers previously had to decide what they would encrypt". APIs are used by developers to connect applications or data to cloud services.

The tamper-responding encryption keys is hardware that makes keys invalid if any sign of intrusion is detected, but can be restored safely.

As for pricing, IBM unveiled three container pricing models.

The company outlined three container pricing models for affordable and flexible cloud-based deployments, including for new microservices and applications, application test and development and payment systems.

IBM cited research that shows only around 2 percent of corporate data today is encrypted, compared to more than 80 percent of mobile device data. "Container pricing is a more flexible approach that should result in system billing more accurately reflecting the amount of work the system is used to accomplish [a given task], thus making the z14 (and z13, since container pricing will also be available for those systems) more cost-effective", King said.

Related news: