Mainframe > Trends > Security

The Mainframe Delivers Reliability, Safety and Cost-Effectiveness


Illustration by Dan Matutina

An organization needs to not only deliver products and services, but also be able to manage risks. How well a company can deliver on its promises to customers in a secure way is critical. Managing the dual risks to business and data is a marker of a successful company. How is it that so many organizations are getting it wrong, then?

“If you have a mission-critical workload with a lot of work to do, the last place you should put it is on an x86 server. It belongs on a secure, highly reliable, high-utilization server.”
—Joe Clabby, president, Clabby Analytics

If your only tool is a hammer, the saying goes, every problem looks like a nail. In the past two decades, the divide-and-conquer x86 server-farm approach has become increasingly popular. So much so that for many IT shops, it’s all they know—the x86 has become their hammer. The problem is that not every workload is a nail, and trying to tackle those workloads with a hammer not only fails to effectively drive the task at hand, it can cause issues like security breaches.

The x86 was never designed to deliver the performance, availability and security required by high-reliability applications like financial services, government and retail. The executives at those organizations know what your IT shop may not—the mainframe is the single most powerful tool you can buy for managing risk. And compared to the overall x86 cost, it comes at a bargain.

Safety First

At its core, risk management is about security. Whether your applications involve financial transactions, corporate intelligence or the operation of critical machinery, you must keep your system safe. IBM mainframe designers have focused on protection just as much as performance, and it has paid off. No security breaches of the mainframe architecture have been reported for any system configured as recommended by IBM, according to the report “IBM System z—When Failures and Breaches Are NOT Options” bit.ly/1mVuiO9.

With System z*, security isn’t an afterthought managed with software. IBM designs security in from the silicon up using a two-pronged approach. At the hardware level, the microprocessor features built-in cryptographic acceleration functions that speed the process and support algorithms like Data Encryption Standard (DES), Triple DES and Advances Encryption Standard, as well as secure hash algorithms (SHA) such as SHA-1 and SHA-2. In addition to these on-chip offerings, users can leverage tamper-resistant, programmable PCI Express Gen2-based Crypto Express 4S cards as add-ins. The hot pluggable cards can be configured to act as co-processors to increase the throughput of encryption/decryption or as accelerators to speed it up.

Additional benefits include scalability and cost. A mainframe chassis can host up to 16 cards, and requires only a single update, compared to an x86 implementation that could involve dozens or even hundreds of servers that all require updates and maintenance.

Securing data requires encrypting the outgoing transmissions and decrypting the incoming transmissions. It can gobble up vast amounts of processing cycles, particularly if the data has to go to off-chip memory. The System z server incorporates a significant amount of on-chip cache, which speeds operations. Keeping the data on chip also helps prevent side-channel attacks. Meanwhile, because the virtualization layer of System z is intrinsic rather than a bolt-on afterthought like VMware, virtual machines can access cryptographic services without explicit authorization, raising the level of security while reducing the workload for system administrators.

Kristin Lewotsky is a freelance technology writer based in Amherst, N.H.


comments powered by Disqus
Buyers Guide

Advertisement

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

Ch–ch–ch–ch–changes

The Payment Card Industry Data Security Standard has changed, and so should you

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
AIX News Sign Up Today! Past News Letters

Advertisement