Pervasive Encryption on IBM Z Is the Gold Standard in Data Protection
With pervasive encryption on IBM Z, you can encrypt data faster and less expensively than traditional encryption methods.
By Karen E Lewis11/01/2019
Security and trust are what consumers expect—businesses depend on it, and regulations require it. But, “cybercrime represents big money and equates to even more significant losses for business,” says Wendi Whitmore, global lead for IBM X-Force* Incident Response and Intelligence Services. The 2019 IBM Security Report reveals the global average cost of a breach hovers at $3.92 million, with the U.S. topping the charts with an average breach costing $8.19 million—a whopping 130% jump over 14 years.
As the frequency, severity and sophistication of incursions increase, organizations must be proactive and vigilant in their approach to security. No one is immune, and the long tail costs—loss of reputation, customers, penalties and fines—are felt for years after an incident. Encryption is one of the best ways to protect data. It renders stolen data useless. However, since 2013, only 4% of the 15 billion records breached were encrypted.
Pervasive Encryption on IBM Z Is a Game Changer
With the stakes so high, why aren’t companies encrypting more of their data? “Selective data encryption is costly, resource-intensive and forces risky decisions about what data is encrypted, where encryption will take place and who’s responsible for encryption,” says Jessica Doherty, IBM Z* Security offering manager.
“The availability of pervasive encryption on IBM Z dovetailed with advances in the platform—including the underlying calculations, algorithms and highly proprietary and valuable intellectual capital that runs it—mitigating the objectional costs of encrypting everything,” explains Solitaire Interglobal (SIL) Chief Systems Engineer Kat Lind.
Measuring the Impact of Pervasive Encryption
Since its introduction in 2014, SIL has been studying the effects of pervasive encryption on businesses. Drawing on the experiences of its 12 million Global Security Watch subscribers, SIL can see that IBM Z pervasive encryption capabilities deliver integrated security that’s more effective at preventing incursions, requires less effort to secure, while being much less expensive than competitive alternatives.
By comparing the hacking profiles of pervasive encryption users and non-users, SIL can see organizations that aren’t using pervasive encryption experience more damage and higher costs from hacks (in addition to their expenses to secure their operations). “With pervasive encryption on IBM Z, the chances of being hacked successfully are two orders of magnitude smaller than without it. Without pervasive encryption, organizations need more people to keep things secure and more tools to do the job,” explains Lind.
Testing the Theory
Test cases and proof of concepts (POCs) are a great place to start when measuring the potential impact of pervasive encryption. “We’re seeing a steady stream of clients moving toward pervasive encryption. Every POC we’ve managed has gone well with each POC providing a cost-benefit analysis that convinces the business decision-makers,” says Lind.
Medium- and large-sized businesses can reap the benefits because the cost of putting pervasive encryption in place is less expensive than a breach. Even organizations that migrated away from IBM Z are taking a second look. “Once they look at the full business cost plus the cost of security, they can see their savings aren’t real,” adds Lind. When IBM Z and x86 systems supporting the same overall level of business performance are compared, the IBM Z encryption system delivers 18x the performance for one-twentieth the cost of the selective encryption systems in the x86 systems studied.1
Real-World Pervasive Encryption Use Cases
Who stands to gain from pervasive encryption? Here are six use cases where pervasive encryption steals the show:
1. Government and the public sector
Government regulations and compliance directives require increased oversight of data privacy. When organizations can quickly and easily demonstrate to auditors that all of their data is encrypted, the cost and complexity are significantly reduced. IBM Z pervasive encryption capabilities make it easy for organizations like the Department of Treasury of Puerto Rico to demonstrate compliance with regulations that mandate data security.
Healthcare breaches rank as the costliest, averaging $6.45 million2, and they carry the longest-term effects. In 2018, the U.S. healthcare sector experienced 1,244 data breaches with over 446.5 million records exposed. The sector is a lucrative target due to the number of participants across the value chain and the sensitivity of the data being transmitted. “Data relationships in the healthcare sector are more complex and require multiple kinds of records storing a customer’s or patient’s data. It’s the selecting and deselecting of data that drives up the cost, time and labor needed,” says Lind. “When you have to decide to encrypt each record, some of them won’t get encrypted. When that happens, you’re open to hacking.”
3. Banking and finance
Data encryption is a hot topic for financial institutions. As transaction volumes increase, there’s more pressure to ensure data is protected and security isn’t breached. At the Bank of New York Mellon, the safety of customer data and personal information is priority. Before using IBM Z pervasive encryption, encrypting everything was a chore—everything sent, gathered or received needed encrypting. Just keeping the different encryption products running while securing the bank’s data required phenomenal effort. Pervasive encryption on IBM Z simplifies the task, helping solidify customer trust.
Managed service providers (MSPs) are prime candidates for pervasive encryption. An MSP using infrastructures like IBM Z systems can be confident they’re giving their clients the best coverage. According to Lind, MSPs that incrementally add more staff to chase security issues won't be able to perceive the risks. As the cost to protect client data creeps up, their efficiency and profit levels plunge. “MSPs that move to pervasive encryption can find immense savings,” adds Lind.
5. Hyper secure containers
Containers are virtual machines or a type of VM. Sure, your container can be moved from place to place, but you’re still renting the room. How secure is that room? When pervasive computing is combined with the IBM Z platform's exclusive Secure Service Container plus multifactor authentication, your data is safeguarded with layers of protection against internal threats and external incursions. Hyper secure containers are a significantly less expensive way of protecting both business operations and the data within it. If you’re using a hyper-secure environment, everything you do in that hyper-secure environment is safer.
6. Development, test and production environments
According to Michael Jordan, Distinguished Engineer, IBM Z Systems Security, if a business is running development, test and production environments on the same machine, the cryptographic separation between the environments prevents the hacker from decrypting production data, even if they take over the test environment and gain access to its encryption keys.
With pervasive encryption on IBM Z, the chances of being hacked successfully are two orders of magnitude smaller than without it. Without pervasive encryption, organizations need more people to keep things secure and more tools to do the job.
The Star That Steals the Show
Pervasive encryption on IBM Z is “the star that steals the show ... the silver bullet that will revolutionize the industry,” says Tom Connolly, managing director, Bank of New York Mellon. This is true for the following reasons:
- No application changes. Pervasive encryption enables you to encrypt data at the database, application, data set or disk level. “This is a huge advantage. Each app will have an internal encryption-decryption mechanism, allowing clients to apply cryptography without altering the app itself,” explains Doherty.
- Restricted key access makes it harder for hackers to succeed. When you implement pervasive encryption, unauthorized users will not be able to understand your data if it’s accidentally exposed. Unlike traditional encryption methods, “privileged users such as storage administrators will be able to move or copy files to do their job, but won’t be able to decrypt them, effectively eliminating those classes of users from risk if their IDs get hacked or attacked,” says Jordan.
- Layered protection. Pervasive encryption capabilities—disk and tape encryption, data set and file encryption, database encryption, and application encryption—can be layered to ensure broad coverage and protect data from different attack vectors. Each level provides a different scope and type of protection.
Avoid the Risk of Selective Encryption
“Without pervasive encryption, your security team needs to address every application, modification, new data structure or storage point,” notes Lind. “If something gets missed or if there’s an inconsistency, data is at risk.” With pervasive encryption on IBM Z, you can encrypt all of your data—on-prem and in-flight—faster and less expensively than traditional encryption methods.
Karen E. Lewis is a global market segment manager with the IBM Systems and Technology Group. She has more than 20 years experience.
Sponsored ContentAchieve Compliance Without Impacting Productivity
Post a Comment
Note: Comments are moderated and will not appear until approvedcomments powered by Disqus