IBM Mainframe Ushers in New Era of Data Protection

              IBM Mainframe Ushers in New Era of Data Protection

PR Newswire

ARMONK, N.Y., July 17, 2017

-- Breakthrough: Pervasively encrypts data, all the time at any scale

-- Addresses global data breach epidemic; helps automate compliance for EU
General Data Protection Regulation, Federal Reserve and other emerging
regulations

-- Encrypts data 18x faster than compared x86 platforms, at 5 percent of the
cost [1]

-- Announces six IBM Cloud Blockchain data centers with IBM Z as encryption
engine

-- Delivers groundbreaking Container Pricing for new solutions, such as
instant payments

ARMONK, N.Y., July 17, 2017 /PRNewswire/ -- IBM (NYSE: IBM) today unveiled IBM
Z, the next generation of the world's most powerful transaction system,
capable of running more than 12 billion encrypted transactions per day. The
new system also introduces a breakthrough encryption engine that, for the
first time, makes it possible to pervasively encrypt data associated with any
application, cloud service or database all the time.

Experience the interactive Multichannel News Release here:
https://www.multivu.com/players/English/8013251-ibm-z-mainframe-data-protection/

The IBM Z mainframe is a breakthrough in data protection technology designed
to tackle the epidemic of data breaches. IBM hardware engineer Rhonda Sundlof
(top) and distinguished engineer Karl Casserly test the IBM Z which is
manufactured In Poughkeepsie, NY. Contact: Lori Bosio, IBM, bosiol@us.ibm.com
914-765-2367 (Photo Credit: Connie Zhou for IBM)

IBM Z's new data encryption capabilities are designed to address the global
epidemic of data breaches, a major factor in the $8 trillion cybercrime impact
on the global economy by 2022. Of the more than nine billion data records lost
or stolen since 2013, only four percent were encrypted, making the vast
majority of such data vulnerable to organized cybercrime rings, state actors
and employees misusing access to sensitive information.

In the most significant re-positioning of mainframe technology in more than a
decade, when the platform embraced Linux and open source software, IBM Z now
dramatically expands the protective cryptographic umbrella of the world's most
advanced encryption technology and key protection. The system's advanced
cryptographic capability now extends across any data, networks, external
devices or entire applications – such as the IBM Cloud Blockchain service –
with no application changes and no impact on business service level
agreements.

"The vast majority of stolen or leaked data today is in the open and easy to
use because encryption has been very difficult and expensive to do at scale,"
said Ross Mauri, General Manager, IBM Z. "We created a data protection engine
for the cloud era to have a significant and immediate impact on global data
security."

Technology Breakthrough: Industry-First Pervasive Encryption for the Cloud Era
A recent study found that extensive use of encryption is a top factor in
reducing the business impact and cost of a data breach. To put that in
context, the IBM X-Force Threat Intelligence Index reported that more than
four billion records were leaked in 2016 (a 556 percent increase from 2015). 

However, encryption is often largely absent in corporate and cloud data
centers because current solutions for data encryption in x86 environments can
dramatically degrade performance (and thus user experience), and can be too
complex and expensive to manage. As a result, only about two percent of
corporate data is encrypted today, while more than 80 percent of mobile device
data is encrypted [1].

IBM Z pervasive encryption reflects a call to action on data protection
articulated by Chief Information Security Officers and data security experts
worldwide, and more than 150 IBM clients around the world who participated and
provided feedback in IBM Z's system design over three years.

As a result of this collaboration, IBM Z brings significant advances in
cryptography technology, building on a proven encryption platform that
safeguards the world's banking, healthcare, government and retail systems. IBM
Z pervasive encryption delivers breakthroughs including:

  o Pervasive encryption of data – all the time. IBM Z makes it possible, for
    the first time, for organizations to pervasively encrypt data associated
    with an entire application, cloud service or database in flight or at rest
    with one click. The standard practice today is to encrypt small chunks of
    data at a time, and invest significant labor to select and manage
    individual fields. This bulk encryption at cloud scale is made possible by
    a massive 7x increase in cryptographic performance over the previous
    generation z13 – driven by a 4x increase in silicon dedicated to
    cryptographic algorithms. This is 18x faster than compared x86 systems
    (that today only focus on limited slices of data) and at just five percent
    of the cost of compared x86-based solutions [1].
  o Tamper-responding encryption keys. A top concern for organizations is
    protection of encryption keys. In large organizations, hackers often
    target encryption keys, which are routinely exposed in memory as they are
    used. Only IBM Z can protect millions of keys (as well as the process of
    accessing, generating and recycling them) in "tamper responding" hardware
    that causes keys to be invalidated at any sign of intrusion and can then
    be restored in safety. The IBM Z key management system is designed to meet
    Federal Information Processing Standards (FIPS) Level 4 standards, where
    the norm for high security in the industry is Level 2. This IBM Z
    capability can be extended beyond the mainframe to other devices, such as
    storage systems and servers in the cloud. In addition, IBM Secure Service
    Container protects against insider threats from contractors and privileged
    users, provides automatic encryption of data and code in-flight and
    at-rest, and tamper-resistance during installation and runtime.
  o Encrypted APIs. IBM z/OS Connect technologies make it easy for cloud
    developers to discover and call any IBM Z application or data from a cloud
    service, or for IBM Z developers to call any cloud service. IBM Z now
    allows organizations to encrypt these APIs – the digital glue that links
    services, applications and systems – nearly 3x faster than alternatives
    based on compared x86 systems [2].

"The pervasive encryption that is built into, and is designed to extend
beyond, the new IBM Z really makes this the first system with an
all-encompassing solution to the security threats and breaches we've been
witnessing in the past 24 months," said Peter Rutten, analyst at IDC's Servers
and Compute Platforms Group.

Designed for Tough New Data Protection Regulations
The IBM Z also helps clients build trust with consumers and comply with new
standards such as the EU's General Data Protection Regulation (GDPR) that will
increase data protection requirements for organizations doing business in
Europe starting next year. GDPR will require organizations to report data
breaches to the regulatory authority within 72 hours and face fines of up to
four percent of annual worldwide revenues or 20 million Euro, unless the
organization can demonstrate that data was encrypted and the keys were
protected. At the U.S. Federal level, the Federal Financial Institutions
Examination Council (FFIEC), which includes the five banking regulators,
provides guidance on the use of encryption in the financial services industry.
Singapore and Hong Kong have published similar guidance. More recently, the
New York State Department of Financial Services published requirements
regarding encryption in the Cybersecurity Requirements for Financial Services
Companies.

IBM Z, deeply integrated with IBM Security software, automates and
dramatically streamlines security and compliance processes. For example,
auditors are expected to manually inspect and validate the security of
databases, applications and systems. Organizations can now immediately
demonstrate that data within the scope of compliance is protected and the keys
are secure. This can significantly reduce the mounting complexity and cost of
compliance for auditors. The system also provides an audit trail showing if
and when permissioned insiders accessed data.

Creating the Most Secure Blockchain Service
As blockchain applications become increasingly integrated into core business
processes, client's concerns are naturally shifting to security, encryption,
and resiliency. The IBM Cloud is constantly evolving with industry leading
compute options. Now it is evolving again to bring IBM Z onto the IBM Cloud,
launching initially as an encryption engine for cloud services and to run IBM
Blockchain services to provide the highest commercially available levels of
cryptographic hardware. New blockchain services in centers in Dallas, London,
Frankfurt, Sao Paolo, Tokyo and Toronto are secured using IBM Z's
industry-leading cryptography technology.

"The powerful combination of IBM Z encryption and secure containers
differentiates IBM Blockchain services on the cloud by supporting the trust
models new blockchain networks require," said Marie Wieck, general manager,
IBM Blockchain. "Enterprise clients also benefit from the ease of use making
management transparent to the application and the user."

AngelHack, in collaboration with IBM, today launched "Unchain the Frame," a
global virtual hackathon with more than $50,000 USD in prizes. Developers from
around the world are invited to show off their skills and creativity using
technologies such as blockchain, open source applications, financial industry
APIs and machine learning on IBM Z.

New: Predictable and Transparent Container Pricing
IBM also announced three groundbreaking new Container Pricing models for IBM
Z, providing clients greatly simplified software pricing that combines
flexible deployment with competitive economics vs. public clouds and
on-premises x86 environments:

  o New microservices and applications that enable clients to maximize the
    value from security-rich on-premises enterprise systems in real time.
    Clients can now co-locate applications to optimize qualities of services
    that are priced competitively with public cloud and on-premises platforms.
  o Application development and test with the freedom to triple capacity of
    all development environments on z/OS to support latest DevOps tooling and
    processes. Clients can triple capacity with no increase in monthly license
    charge.
  o Payment systems pricing based on the business metric of payments volume a
    bank processes, not the available capacity. This gives clients much
    greater flexibility to innovate affordably in a competitive environment,
    particularly in the fast-growing Instant Payment segment.

These precedent-setting Container Pricing options are designed to give clients
the predictability and transparency they require for their business. The
pricing models are scalable both within and across logical partitions (LPARs)
and deliver greatly enhanced metering, capping and billing capabilities.
Container Pricing for IBM Z is planned to be available by year-end 2017 and
enabled in z/OS V2.2 and z/OS V2.3.

The Most Powerful Transaction System for the Cloud Era
IBM Z builds on the capabilities of the world's most powerful transaction
engine at the center of global commerce today supporting:

  o 87 percent of all credit card transactions and nearly $8 trillion payments
    a year.
  o 29 billion ATM transactions each year, worth nearly $5 billion per day.
  o Four billion passenger flights each year.
  o More than 30 billion transactions per day – more than the number of Google
    searches every day.
  o 68 percent of the world's production workloads at only six percent of the
    total IT cost.

Banks and others in the financial services industry process thousands of
transactions per second to keep the world's financial systems running. The
mainframe is more critical than ever for reliably handling high volumes of
transaction data.

Ninety-two of the world's top 100 banks rely on the IBM mainframe because of
its ability to efficiently process huge volumes of transactions. To help
financial services organizations more effectively compete in the cloud era,
enormous amounts of sensitive data produced by transactions can now be better
protected against fraud and cybercrime, analyzed, and monetized using IBM Z –
without causing disruption of day-to-day operations. For banks, this means
encryption at the click of a button -- even while applications are running --
and the ability to migrate data from unencrypted to encrypted with no impact
to service level agreements.

The IBM Z, the next generation of IBM's industry-leading CMOS mainframe
technology, features the industry's fastest microprocessor, running at 5.2GHz,
and a new scalable system structure that delivers up to a 35 percent capacity
increase for traditional workloads and a up to a 35 percent capacity increase
for Linux workloads compared to the previous generation z13. The system can
support:

  o More than 12 billion encrypted transactions per day on a single system.
  o The world's largest MongoDB instance with 2.5x faster NodeJS performance
    than compared x86-based platforms.
  o Two million Docker Containers.
  o 1,000 concurrent NoSQL databases.

Other new available capabilities announced today include:

  o Three times the memory of the z13 for faster response times, greater
    throughput and accelerated analytics performance. With 32TB of memory, IBM
    Z offers one of the largest memory footprints in the industry.
  o Three times faster I/O and accelerated transaction processing compared to
    the z13 to drive growth in data, transaction throughput and lower response
    time.
  o The ability to run Java workloads 50 percent faster than x86 alternatives
    [3].
  o Industry-leading Storage Area Network response time with zHyperLink,
    delivering 10x latency reduction compared to the z13 and cutting
    application response time in half – enabling businesses to do much more
    work such as real-time analytics or interact with Internet of Things (IoT)
    devices and cloud applications within the same transaction, without
    changing a single line of application code [4].

As part of today's announcement, IBM also previewed new z/OS software that
provides foundational capabilities for private cloud service delivery,
enabling a transformation from an IT cost center to a value-generating service
provider. When available, these capabilities will include the support of
workflow extensions for IBM Cloud Provisioning and Management for z/OS and
real-time SMF analytics infrastructure support.

IBM Global Financing can help credit-qualified clients acquire the new IBM Z,
lower their total cost of ownership, and accelerate return on investment. IBM
Global Financing offerings for IBM mainframe solutions are available from IBM
and IBM Business Partners, and provide flexible terms and conditions that can
be customized to align cost to project benefits or other client needs.

Learn more about the IBM Z portfolio , the new IBM z14 mainframe  or  IBM Z
enterprise security.

 1. Source: "Pervasive Encryption: A New Paradigm for Protection," K. R. E.
    Lind, Chief Systems Engineer, Solitaire Interglobal Ltd., June 30, 2017.
 2. Customers running WebSphere Liberty on z14 Linux on z using clear key
    encryption AES_128_GCM cipher can get up to 2.6X improvement in throughput
    per core with IBM Java 8 SR5 compared to x86. Performance results based on
    IBM internal tests running DayTrader 3 with WebSphere Liberty 8.5.5.9
    using SSL clear key and TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher.
    Liberty DayTrader 3 measurements were performed on a standalone dedicated
    LPAR on IBM z14 running SLES 12 SP1 with 4 IFLs configured with SMT for a
    total of 8 hardware threads. Liberty used IBM 64-bit SDK for z/OS, Java
    Technology Edition, Version 8 Service Refresh 5 (Java 8 SR5). The compared
    x86 DayTrader 3 on Liberty measurements were performed on a standalone
    WebSphere Liberty 8.5.5.9 server on Intel(R) Xeon(R) CPU E5-2690 v4 @
    2.60GHz, HyperThreading enabled, 4 cores/8 hardware threads, 97GB of
    memory, RHEL 7.2, and HugePages enabled. Liberty used OpenJDK 8_131.  A
    second x86 system ran DB2 V10.1 used to persist application data. This
    second x86 system was an Intel(R) Xeon(R) CPU E7- 2830 @ 2.13GHz, No
    HyperThreading, CPUs: 8 physical cores and 8 logical cores, 16GB of
    memory, and RHEL 5.7. A third x86 system ran JMeter-2.12 to drive the
    DayTrader 3 workload. This third x86 system was an Intel(R) Xeon(R) CPU
    E5-2650 v2 @ 2.60GHz, HyperThreading enabled, CPUs: 16 physical cores & 32
    logical cores, 197GB of memory, RHEL 7 GA x86-64. All network traffic was
    over 10GB Network.
 3. Customers running WebSphere Liberty on z14 Linux on z without encryption
    can get up to 1.6X improvement in throughput per core with IBM Java 8 SR5
    compared to x86. Performance results based on IBM internal tests running
    DayTrader 3 with WebSphere Liberty 8.5.5.9 using SSL clear key and
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher.  Liberty DayTrader 3
    measurements were performed on a standalone dedicated LPAR on IBM z14
    running SLES 12 SP1 with 4 IFLs configured with SMT for a total of 8
    hardware threads. Liberty used IBM 64-bit SDK for z/OS, Java Technology
    Edition, Version 8 Service Refresh 5 (Java 8 SR5). The compared x86
    DayTrader 3 on Liberty measurements were performed on a standalone
    WebSphere Liberty 8.5.5.9 server on Intel(R) Xeon(R) CPU E5-2690 v4 @
    2.60GHz, HyperThreading enabled, 4 cores/8 hardware threads, 97GB of
    memory, RHEL 7.2, and HugePages enabled. Liberty used OpenJDK 8_131.  A
    second x86 system ran DB2 V10.1 used to persist application data. This
    second x86 system was an Intel(R) Xeon(R) CPU E7- 2830 @ 2.13GHz, No
    HyperThreading, CPUs: 8 physical cores and 8 logical cores, 16GB of
    memory, and RHEL 5.7. A third x86 system ran JMeter-2.12 to drive the
    DayTrader 3 workload. This third x86 system was an Intel(R) Xeon(R) CPU
    E5-2650 v2 @ 2.60GHz, HyperThreading enabled, CPUs: 16 physical cores & 32
    logical cores, 197GB of memory, RHEL 7 GA x86-64. All network traffic was
    over 10GB Network.
 4. The 10x lower read latency projection was based on z14 and zHyperLink
    results with DS8886 and z13 measurements that provided results for I/O
    interrupt and dispatching. This response time projection was based on IBM
    internal measurements and projections that contrasted zHyperLink Express
    with a similar configuration using zHPF.  The measurements and projections
    assume that assume 75% or more of the workload response time is associated
    with read DASD I/O and the storage system random read cache hit ratio is
    above 80%.  The execution environment for both scenarios was a z14 with 10
    CPs. The zHPF tests used FICON Express 16S+ connected to a DS8886. The
    zHyperLink tests were also conducted using DS8886. The actual performance
    that any user will experience may vary.

IBM Global Financing offerings are provided through IBM subsidiaries and
divisions worldwide to qualified commercial and government clients. Rates and
availability are based on a client's credit rating, financing terms, offering
type, equipment and product type and options, and may vary by country.
Non-hardware items must be one-time, non-recurring charges and are financed by
means of loans. Other restrictions may apply. Rates and offerings are subject
to change, extension or withdrawal without notice and may not be available in
all countries. IBM and IBM Global Financing do not, nor intend to, offer or
provide accounting, tax or legal advice to clients. Clients should consult
with their own financial, tax and legal advisors. Any tax or accounting
treatment decisions made by or on behalf of the client are the sole
responsibility of the client.

IBM, the IBM logo, ibm.com, IBM Z and z14 are trademarks of International
Business Machines Corporation, registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies.
For a current list of IBM trademarks, please see
http://www.ibm.com/legal/copytrade.shtml

All other company, product or service names may be trademarks or registered
trademarks of others. Statements concerning IBM's future development plans and
schedules are made for planning purposes only, and are subject to change or
withdrawal without notice. Reseller prices may vary.

 

The IBM Z mainframe is a breakthrough in data protection technology designed
to tackle the epidemic of data breaches. Contact: Lori Bosio, IBM,
bosiol@us.ibm.com 914-765-2367 (Photo Credit: Connie Zhou for IBM)

 

The IBM Z mainframe is a breakthrough in data protection technology designed
to tackle the epidemic of data breaches. Contact: Lori Bosio, IBM,
bosiol@us.ibm.com 914-765-2367 (Photo Credit: Connie Zhou for IBM)

 

IBM Corporation logo.

 

View original
content:http://www.prnewswire.com/news-releases/ibm-mainframe-ushers-in-new-era-of-data-protection-300488819.html

SOURCE IBM

Website: http://www.ibm.com
Press spacebar to pause and continue. Press esc to stop.