Encrypt everything should be the mantra but hardly anybody is doing it.
The ability to encrypt data holds great value for businesses but research shows hardly anyone is doing it.
Un-encrypted data is an easier target for hackers than encrypted. Should a hacker gain access to your systems and your data is un-encrypted then it’s a free for all, but encrypted data provides another layer of defence, at worst slowing down the attacker, at best thwarting them.
Not every business has a security strategy, and it’s highly likely that not every business has encrypted its data, but IBM thinks it can solve this problem with its Z mainframe.
The company says that it’s found a way to encrypt every level of a network, applications, databases, cloud services and so on.
Big Blue is saying that this mainframe is ‘ushering in a new era of data protection’ due to its ability to encrypt data, all the time, and at any scale.
According to the company, the IBM Z mainframe is capable of running more than 12 billion encrypted transactions per day, and introduces a “breakthrough encryption engine” that IBM says is capable of pervasively encrypting data associated with any application, cloud service or database all the time.
IBM say’s that the system is designed to address the “global epidemic of data breaches” where of the nine billion data records lost or stolen since 2013, only 4% were encrypted.
The company certainly isn’t playing down how important it views the new mainframe, calling it. “the most significant re-positioning of mainframe technology in more than a decade, when the platform embraced Linux and open source software, IBM Z now dramatically expands the protective cryptographic umbrella of the world’s most advanced encryption technology and key protection.”
Over 150 IBM clients, CISOs, and data security experts are said to have contributed feedback for the design of the system over a three year period. The result being: pervasive encryption of data all the time, tamper-responding encryption keys, and encrypted APIs.
The tamper-responding encryption keys is hardware that makes keys invalid if any sign of intrusion is detected, but can be restored safely. The capability can be extended to other devices such as storage systems and servers in the cloud.
“The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale,” said Ross Mauri, General Manager, IBM Z. “We created a data protection engine for the cloud era to have a significant and immediate impact on global data security.”
The IBM Z mainframe also offers encrypted APIs with IBM z/OS Connect that is said to make it easy for cloud developers to discover and call any IBM Z application or data from a cloud service, or for IBM Z developers to call any cloud service. These APIs can now be encrypted with the company claiming it’s around three times faster than alternatives based on compared X86 systems.