The System z Ecosystem Protects Vital Enterprise Information Assets

Illustration by Brad Yeo

The lifeblood of business and government, data is growing exponentially, flooding organizations. Using it to the company’s advantage presents an opportunity for increased revenue and reduced cost and risk. But misusing it exposes an organization to compliance failure. It’s becoming increasingly difficult to retain, manage and secure greater volumes and more types of information for longer stretches of time. Do it successfully and the rewards can be great:

  • Simpler audit processes
  • Lower costs of compliance
  • Improved response to a dynamic marketplace
  • Enhanced security for production, test and development environments

Failure can result in serious financial and criminal penalties, loss of consumer confidence and brand damage. Therefore, information integrity, availability, protection and governance must be at the heart of organizational strategy and operations.


Information Security

The first question to ask when evaluating information protection is, “What needs to be protected?” Protecting the organization comes down to three related areas:

  1. Corporate governance entails people, processes, policies and technologies used to manage and protect data in order to establish a complete, correct and trusted source of information
  2. Risk management involves activities around the identification, assessment and prioritization of potential threats to the organization, whether operational, financial, reputational or physical
  3. Enterprise compliance addresses issues regarding adherence to regulatory and industry standards

The sheer quantity of structured information (data) and unstructured data (content) that must be protected can be staggering. Information protection can be broken down into:

  • Security and privacy—preventing disclosure to unauthorized individuals or systems within or outside the enterprise
  • Audits—ensuring compliance with internal requirements and externally influenced legal, government and industry regulations
  • Integrity—striving to ensure data cannot be modified without appropriate and controlled authorization


A Holistic Strategy

Information must be protected throughout its lifecycle. A holistic strategy includes defining a vision for protecting information, defining acceptable risk tolerance, identifying roles, and establishing a reporting framework for internal and external bodies that adhere to regulatory requirements or organizational policy.

This effort includes enforcing protection policies for data in use, in motion and at rest, and can begin in a limited fashion and expand to include additional systems, processes, organizational units or business entities.

The final—and perhaps most central—element of information protection is deploying capable technology that enables all of the above.

Mark Simmonds is an IT architect and senior product marketing manager z Systems focused on big data, analytics, mobile and information governance for the IBM z Systems portfolio.

comments powered by Disqus



2018 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters