IBM claims breakthrough in mainframe encryption

IBM says its new mainframe ushers in a new era of data protection in response to a call to action from chief information security officers and security experts worldwide

The latest IBM Z mainframe enables organisations to encrypt all data all the time, and is capable of running more than 12 billion encrypted transactions a day, according to IBM.

The mainframe’s new cryptographic capability now extends across any data, networks, or applications – such as the IBM Cloud Blockchain service – without any application changes or impact on performance, the company said.

This means it is possible to encrypt data associated with any application, cloud service or data base all the time, which IBM is claiming as a world first.

According to IBM, the new system is capable of encrypting data 18 times faster than x86 platforms, at 5% of the cost.

The IBM Z’s encryption system is designed to address data breaches that are driving the global cyber crime industry and help organisations comply with new data protection regulations.

It is becoming increasingly important for organisations to be able to prove that data is protected in the face of regulations like the EU’s General Data Protection Regulation (GDPR) and encryption requirements set for financial institutions by regulators in the Singapore, Hong Kong, and the US at a federal and state level.

The new IBM Z encryption system automates and streamlines security and compliance processes, said IBM, enabling organisations to demonstrate to auditors that data within the scope of compliance is protected and the keys are secure. The system also provides an audit trail showing if and when permissioned insiders accessed data.

Read more about encryption

A recent Ponemon Institute study found that extensive use of encryption is a top factor in reducing the business impact and cost of a data breach, reducing cost on average by $125 per record.

According to IBM, only 4% of the more than 9 billion data records lost or stolen since 2013 were encrypted, indicating that most data is vulnerable to cyber attackers.

IBM ascribes the fact that encryption is often largely absent in corporate and cloud datacentres to the fact that data encryption in x86 environments can dramatically degrade performance and be too complex and expensive to manage.

As a result, IBM said only about 2% of corporate data is encrypted today, while more than 80% of mobile device data is encrypted.

“The vast majority of stolen or leaked data today is out in the open and easy to use because encryption has been very difficult and expensive to do at scale,” said Ross Mauri, general manager, IBM Z. “We created a data protection engine for the cloud era to have a significant and immediate impact on global data security.”

Organisations able to encrypt APIs

In addition to pervasive encryption, the new IBM Z’s encryption system protects encryption keys from attacker tampering by invalidating keys at any sign of intrusion and enables organisations to encrypt application program interfaces (APIs).

“The pervasive encryption that is built into, and is designed to extend beyond, the new IBM Z makes this the first system with an all-encompassing solution to the security threats and breaches we’ve been witnessing in the past 24 months,” said Peter Rutten, analyst at IDC’s servers and compute platforms group.

Although there is a small chance that determined attackers will find a way of breaking the 256-bit AES encryption to access the stolen data, security commentators say that if the technology lives up to IBM’s claims, it could be a big step forward in terms of data protection.

Read more on Hackers and cybercrime prevention

Data Center
Data Management