IBM Z mainframe heralds a new era of highly encrypted data security

17 Jul 2017

The Z mainframe. Image: IBM

IBM’s new mainframe brings security to a whole new level with end-to-end encryption.

IBM has revealed its new Z mainframe, which is capable of running more than 12bn encryption transactions per day.

The new breakthrough encryption engine makes it possible to encrypt data associated with any application, cloud service or database, end-to-end, all the time.

‘The pervasive encryption that is built into, and is designed to extend beyond, the new IBM Z really makes this the first system with an all-encompassing solution to the security threats and breaches we’ve been witnessing in the past 24 months’
– PETER RUTTEN

“The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale,” said Ross Mauri, general manager at IBM Z.

“We created a data protection engine for the cloud era to have a significant and immediate impact on global data security.”

A recent study found that extensive use of encryption is a top factor in reducing the business impact and cost of a data breach.

The IBM X-Force Threat Intelligence Index reported that more than 4bn records were leaked in 2016 – a 556pc increase from 2015.

However, encryption is often largely absent in corporate and cloud data centres because current solutions for data encryption in x86 environments can dramatically degrade performance and user experience, and can be too complex and expensive to manage.

As a result, only about 2pc of corporate data is encrypted today, while more than 80pc of mobile device data is encrypted.

System overhaul

IBM’s Z mainframe is set to be most significant system overhaul from IBM in more than 15 years and has been designed with involvement from more than 100 financial services and other industry mainframe clients and users.

At the moment, 92 of the world’s top 100 banks rely on the IBM mainframe because of its ability to efficiently process huge volumes of transactions. The systems handle 87pc of all credit card transactions, nearly $8trn payments a year and 29bn ATM transactions each year, worth nearly $5bn per day.

The bulk encryption at cloud scale is made possible by an increase of seven in cryptographic performance over the previous generation z13 – driven by a increase in silicon dedicated to cryptographic algorithms.

The new IBM Z can protect millions of keys – as well as the process of accessing, generating and recycling them – in ‘tamper responding’ hardware that causes keys to be invalidated at any sign of intrusion and can then be restored safely.

The IBM Z key management system is designed to meet Federal Information Processing Standards Level 4, where the norm for high security in the industry is Level 2.

It also helps organisations to comply with new standards such as the EU’s General Data Protection Regulation (GDPR), which will increase data protection requirements for organisations doing business in Europe, starting next year.

GDPR will require organisations to report data breaches to the regulatory authority within 72 hours. They will face fines of up to 4pc of annual worldwide revenues, or €20m, unless the organisation can demonstrate that data was encrypted and the keys were protected.

“The pervasive encryption that is built into, and is designed to extend beyond, the new IBM Z really makes this the first system with an all-encompassing solution to the security threats and breaches we’ve been witnessing in the past 24 months,” said Peter Rutten, analyst at IDC’s servers and compute platforms group.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com