IBM focuses on security with new mainframe operating system

IBM has made security a core theme in the latest version of its z/OS mainframe operating system, which was announced last week.

IBM has made security a core theme in the latest version of its z/OS mainframe operating system, which was announced last week.

With the release of z/OS 1.3, users of IBM's 64-bit zSeries mainframes now have the ability to issue and manage hundreds of thousands of digital certificates for authenticating user identities, according to the company.

The operating system also supports the new Advanced Encryption Standard that replaced the Data Encryption Standard as the high-level standard for encrypting data.

Also supported on z/OS 1.3 is the Derived Unique Key Per Transaction standard, an encryption technique that is used with point-of-sale terminals.

Such enhancements are key to meeting the security requirements of large financial institutions and other organisations that use the power and scalability of IBM mainframes to host critical applications, said Linda Distel, director of IBM's eServer's security program.

"The security needs of our customers have been greatly increasing because of e-business and the Internet," Distel said.

Danske Bank in Copenhagen, for example, is currently using IBM-branded Windows NT servers to issue digital certificates to nearly one million of its business and personal customers. The bank plans to move this function to IBM's zSeries mainframes because of the greater scalability and security offered by the technology, said Claus Jensen, a vice-president and head of systems architecture at Danske Bank.

Native support for digital certificate technology on the z/OS means the bank has better control and autonomy when it comes to managing, adding, revising and removing certificates for customers, said Jensen. So far, the bank has used digital certificates only within its own network.

Danske Bank also plans to extend the network to external partners. As a result, "we are looking forward to having standardised and scalable digital certificate support integrated into the z/OS," Jensen said.

The new version of z/OS builds on the strong security features such as the Resource Access Control Facility and Kerberos network authentication capabilities that have long characterised IBM's mainframe hardware and software, said Bob Simko, president of analysts International Technology Group. "In that sense, this is an evolutionary release," he said.

IBM is also responding to what it thinks will be a growing demand for more secure platforms as companies push into collaborative commerce and other Internet-based applications, said John Phelps, an analyst at Gartner Group.

"If you are going to use the [zSeries] as an e-commerce platform, these are the sort of things IBM believes are definitely going to be needed," Phelps said.

Read more on Antivirus, firewall and IDS products