The zEnterprise EC12 Raises Enterprise Security While Boosting Analytics and Cloud Performance
Illustration by Peter Crowther
While many industry pundits dubbed 2011 the year of the targeted enterprise attack, 2012 may be more deserving of that distinction. From RSA’s March 2012 SecurID hack to attacks on U.S. government computers and financial institutions, cyber security was a constant presence in the news.
And while the IBM mainframe is extremely secure, some still worry breaches may occur. The statistics are clear: With 90 percent of critical applications and 65 percent of the world’s data running on mainframe technology, the need for bulletproof systems has never been greater.
A new IBM offering, the IBM zEnterprise* EC12 (zEC12), in conjunction with several software improvements, is poised to enhance mainframe security to help protect enterprise data and applications. The best part: The new zEnterprise platform will also help IT improve data analytics and create more secure hybrid cloud offerings.
An Even Stronger Lock
The zEC12, announced in August, consists of a Central Processor Complex (CPC), the BladeCenter* Extension (zBX) Model 003, and the Unified Resource Manager. The System z* PR/SM* is designed for Common Criteria Evaluation Assurance Level 5+ (EAL 5+) certification for security, so an application running on one partition can’t access another application on a different partition, providing essentially the same security as an air-gapped system. Combined, the system provides 25 percent more performance per core, which means some workloads may see performance gains of as much as 45 percent, according to IBM. It’s also the first general-purpose large-scale enterprise server with a Transactional Execution Facility, designed to help eliminate software locking overhead that can impact performance—increasing scalability and parallelism to drive higher transaction throughput.
Many of the improvements and upgrades can make it easier for governments, financial institutions and retailers to do business and conduct transactions. Several new security improvements and additions, in particular, will help boost Web and cloud security, giving organizations peace of mind, especially those concerned about transactions sent across networks or collected on a Web storefront.
The tamper-resistant Crypto Express 4S card, for instance, provides privacy for transactions and other sensitive data transfers, says Anne Lescher, who handles Worldwide Security Marketing for IBM mainframes. “We like to joke and say they self-destroy, but there’s some truth to that,” she notes. “They are tamper-resistant and will zero out if tampered with. You can’t mess with System z.” Users won’t see any degradation of processing power either, since the cards are capable of handling 19,000 SSL transactions per second, offloading the transactions and leaving processing power available for applications and data.
A new security element of the Crypto Express 4S card is the security extension for Public-Key Cryptography Standards (PKCS) #11 compliance for cryptographic token interfaces, a standard that provides the highest level of protection. This enables U.S. federal and European Union organizations to satisfy new industry security requirements because it enables high-quality electronic signatures, according to Barbara Sannerud of IBM z/OS* marketing. “This is crucial for some of the new national ID programs, for passports, and for the new healthcare program,” she explains. “The standard is already being used overseas for things like ‘smart passports,’ so this is something CIOs need to be thinking about.”
The zEC12 also supports Elliptic Curve Cryptography (ECC), a public-key algorithm that some experts say rivals or exceeds RSA keys due to its shorter key lengths and less processing overhead.
Search our new 2013 Buyer's Guide.
Technical Corner | The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.
Trends | The Payment Card Industry Data Security Standard has changed, and so should you