System z Delivers a Secure Enterprise Information Hub

The exponential explosion in data presents both opportunities and challenges for businesses and government. The opportunity entails increasing revenue and reducing costs through data analytics.

Alternatively, it exposes organizations to the risk of compliance failures because they must retain, manage and secure greater volumes of data for longer periods of time. Failure can result in serious financial and criminal penalties, loss of consumer confidence and brand damage.

While criminals and hackers are responsible for many breaches, IBM’s experience shows attacks can also come from internal threats—malicious or otherwise. The Ponemon Institute’s 2011 study, “U.S. Cost of a Data Breach,” found that an average breach costs an organization more than $5.5 million.

Proactive and Preventative Security

The sheer quantity of structured information (data) and unstructured data (content) managed that needs to be protected can be staggering, but can be broken down into:

  • Security and privacy—preventing disclosure to unauthorized individuals or systems within or outside the enterprise
  • Audit—ensuring compliance with internal requirements and externally influenced legal, government and industry regulations
  • Integrity—striving to ensure data cannot be modified without appropriate and controlled authorization


A Platform for Success

IBM System z servers and software provide a robust, high-availability platform for mainstream operational and analytical computing with powerful workload management capabilities. With so much critical data stored on System z, you need the best protection.

The zEnterprise platform offers both hardware and software protection. In terms of hardware, it supports standard cryptographic hardware as well as optional cryptographic features, namely:

  • Central Processor Assist for Cryptographic Functions (CPACF)
  • Advanced Encryption Standard (AES)
  • Secure Hash Algorithm (SHA), and
  • Configurable Crypto Express3 (CEX3)

Software protection comes in several layers: IBM Resource Access Control Facility (RACF) for managing role-based access to data and services; IBM DB2 10.1 for z/OS for DB2 data encryption; and products from the IBM InfoSphere Optim and InfoSphere Guardium portfolios.

In addition, RACF can be used in conjunction with IBM Tivoli Access Manager as part of a single sign-on architecture. While DB2 for z/OS can protect its information in several ways, with built-in data encryption and decryption functions for sensitive data such as credit card numbers or medical records.

Mark Simmonds is an IT architect and senior product marketing manager z Systems focused on big data, analytics, mobile and information governance for the IBM z Systems portfolio.

Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.

comments powered by Disqus



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

Upgrade Your Mainframe with Operational Business Intelligence

Companies race to transform their businesses by delivering operational insights to their employees


CICS Security With RACF

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters