Mainframe > Trends > Security

The System z Ecosystem Protects Vital Enterprise Information Assets


Illustration by Brad Yeo

The lifeblood of business and government, data is growing exponentially, flooding organizations. Using it to the company’s advantage presents an opportunity for increased revenue and reduced cost and risk. But misusing it exposes an organization to compliance failure. It’s becoming increasingly difficult to retain, manage and secure greater volumes and more types of information for longer stretches of time. Do it successfully and the rewards can be great:

  • Simpler audit processes
  • Lower costs of compliance
  • Improved response to a dynamic marketplace
  • Enhanced security for production, test and development environments

Failure can result in serious financial and criminal penalties, loss of consumer confidence and brand damage. Therefore, information integrity, availability, protection and governance must be at the heart of organizational strategy and operations.

 

Information Security

The first question to ask when evaluating information protection is, “What needs to be protected?” Protecting the organization comes down to three related areas:

  1. Corporate governance entails people, processes, policies and technologies used to manage and protect data in order to establish a complete, correct and trusted source of information
  2. Risk management involves activities around the identification, assessment and prioritization of potential threats to the organization, whether operational, financial, reputational or physical
  3. Enterprise compliance addresses issues regarding adherence to regulatory and industry standards

The sheer quantity of structured information (data) and unstructured data (content) that must be protected can be staggering. Information protection can be broken down into:

  • Security and privacy—preventing disclosure to unauthorized individuals or systems within or outside the enterprise
  • Audits—ensuring compliance with internal requirements and externally influenced legal, government and industry regulations
  • Integrity—striving to ensure data cannot be modified without appropriate and controlled authorization

 

A Holistic Strategy

Information must be protected throughout its lifecycle. A holistic strategy includes defining a vision for protecting information, defining acceptable risk tolerance, identifying roles, and establishing a reporting framework for internal and external bodies that adhere to regulatory requirements or organizational policy.

This effort includes enforcing protection policies for data in use, in motion and at rest, and can begin in a limited fashion and expand to include additional systems, processes, organizational units or business entities.

The final—and perhaps most central—element of information protection is deploying capable technology that enables all of the above.

Mark Simmonds is a senior product marketing manager within the IBM Software Group Information Management division focused on information governance, master data management and SOA for the System z portfolio.


comments powered by Disqus
Buyers Guide

Advertisement

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

Ch–ch–ch–ch–changes

The Payment Card Industry Data Security Standard has changed, and so should you

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
AIX News Sign Up Today! Past News Letters

Advertisement