Security Blog Shield




Bookmark and Share

Recent Posts

Taking Pervasive Encryption Beyond IBM Z

February 6, 2019

There has been a lot of conversation about the value of pervasive encryption on the IBM Z platform. But let’s take a moment to broaden the scope and consider the ramifications of data beyond the boundaries of the IBM Z platform itself.
 
Let me start by first mentioning an invaluable report published recently by IDC. This report discusses the business value of the mainframe and notes that IBM Z is at an inflection point in terms of transforming from a revenue-supporting platform to a revenue-generating platform. This is playing an important role in organizations’ ability to digitally transform themselves. The report also details how organizations that modernize and integrate their mainframes fully into their internal and external processing can realize $200 million in additional revenue per year and see a 300 percent ROI over five years.
 
So, let’s examine some ways that you can open and connect your mainframe while continuing to reap the benefits of pervasive encryption. 

Cloud Computing

Let’s start with cloud computing, which is essential for digital transformation. Moving data off-premises to a public cloud can be risky and may not meet compliance and regulatory restrictions. Is the connection secure? Is the data encrypted while in flight? Is the data as secure on the cloud as on IBM Z? IBM Z data is arguably your most sensitive and confidential data. Rather than moving data off the platform, a better solution is to keep data on IBM Z where it is most safe. And instead of using a purely public cloud approach, embrace a hybrid approach to cloud.
 
One of the primary reasons why hybrid cloud solutions are becoming so popular is that executives understand this security issue. A majority of executives recognize the security limitations of the cloud and feel that security is the top barrier to moving completely to the cloud. This is why we are seeing private clouds becoming increasingly popular. They enable businesses to extend their traditional applications for cloud-native applications, yet still keep their data on-premises, fully-compliant and regulated, and safe.
 
Today, 72 percent of businesses have adopted private clouds, with the average being over two private clouds per enterprise. Combining public clouds with private clouds and traditional data center systems gives us an all-encompassing hybrid cloud solution.

IBM Cloud Private  

IBM Z workloads have long supported connectivity to the web and cloud-based applications, at first through application-specific protocols, but now through a single interface—z/OS Connect—that supports the REST and JSON standards and fully implements encryption for data in-flight. z/OS Connect can also be used to connect IBM Z-based assets and microservices with a private cloud—specifically IBM Cloud Private.
 
This brings cloud capability to your IBM Z platform and limits your security exposure to the external world. IBM Cloud Private runs on Linux on IBM Z, colocated alongside your z/OS assets. This enables you to create a wealth of cloud-based, cloud-native applications while effectively shielding the back-end services through the IBM Cloud Private interface. In other words, IBM Cloud Private lets you connect the mainframe and transform your business while maintaining the high levels of security for your IBM Z data and assets on-premises.

Data Movement  

Another potential security exposure is when data is moved off the IBM Z platform to other systems within the data center. While we often think that most security breaches are via external attacks, three quarters of all breaches are from insiders. So, you have to consider this: Is the data clear or encrypted when it’s moved? Is the data exposed to a possible breach by some nefarious person elsewhere in the data center? 
 
We have done a lot of analysis with customers over the years to calculate the costs of data movement, and customers have come to the realization that they are spending millions of dollars doing this. But we can also add security to the argument. If you move data off IBM Z, it is most likely not as secure as it was on the platform. Can you afford that?
 
IBM Z has several analytics products that can run on z/OS or on Linux on IBM Z, from Cognos, SPSS and Spark on Linux on IBM Z, to the Db2 Analytics Accelerator, to Machine Learning and Operational Analytics on z/OS. Take the cost and the risk out of data movement, and instead bring the analytics to the secure data on IBM Z.

Emily Farmer is an IBM Z and LinuxONE evangelist and enablement lead in the IBM IT Economics and Research team.

 

Posted February 6, 2019| Permalink

comments powered by Disqus