Address your data security challenges with pervasive encryption
As an IT manager, you likely face several critical challenges related to your enterprise data:
- Internal and external data breach threats necessitate protecting all potentially sensitive data. Yet identifying and classifying this data can be a challenge.
- Encrypting data at the field level often requires significant costs, resources and application changes – yet still leaves data vulnerable to cyberattacks.[i]
- Shifting regulatory requirements create a moving target of data to protect and report.
How can you effectively juggle these often-competing needs? Here’s a closer look at a comprehensive data protection solution that can help to address your challenges.
The pervasive encryption solution
Pervasive encryption positions your organization to simply and cost-effectively encrypt enterprise data. By encrypting at the file system rather than at field level, pervasive encryption protects all enterprise data. This includes data ranging from full disk and tape, to database, all the way up to applications and cloud service. By simplifying the encryption process, pervasive encryption addresses the challenges stated above.
Pervasive encryption is designed so that you will not need to identify and implement encryption needs at the field level. Instead of manually searching for and classifying data records, you simply encrypt across the entire file system. This also allows you to minimize administrator access to sensitive data, reducing the possibility of insider attacks.[ii]- Pervasive encryption can be less resource-intensive than selective encryption. [iii] With pervasive encryption you can encrypt all data while requiring minimal processing resources and no changes to applications or SLAs.[iv] You can also reduce your risk of a damaging data breach, since an attacker stealing your encrypted data will be unable to access it without the encryption key.[v]
- Pervasive encryption helps you to simplify your compliance protocols. Shifting compliance mandates change which data you’re required to encrypt. With pervasive encryption, you may not need to modify encryption strategy as mandates change because your strategy is always the same: encrypt everything.
Available only on enterprise computing platforms
Despite its many advantages, pervasive encryption is extremely challenging to implement on traditional x86 architectures. The cost and performance overhead required of pervasive encryption on these systems can be viewed as simply impractical.[vi] Enterprise computing platforms such as IBM LinuxONE
have the innovative processing power and technology required to pervasively encrypt all data.[vii] An IBM-sponsored study by Solitaire Interglobal Ltd. found that on an enterprise platform you can encrypt fully for 93 percent less cost and 81 percent less effort than on compared competing x86 platforms.[viii]
Final thoughts
Enterprise data security is one of the top challenges facing IT managers today. Pervasive encryption addresses this challenge by helping you to protect data, minimize costs and required changes, and simplify your data compliance. As a result, you can spend less time spent on data security and more on creating excellent customer experiences.
Discover enterprise security on LinuxONE
Read previous blog posts in this series:
- Three ways to collaborate to improve cybersecurity
- Three ways to intelligently scale your IT systems
[i] Taking the average load for each platform within the study group, that deployment would result in the addition of up to 12.2 times the number of current servers. Such an increase in platform count would substantially raise the cost of operations. The impact on the organization adopting this solution would be considerable, with sharply rising hardware, software, and personnel expenses.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 21, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&
[ii] “It provides policy-based encryption tied to access control and encourages a separation of roles, ensuring that security stays within control of security administrators (as opposed to storage admins or other actors). Increased granularity allows for a higher level of specificity in applying encryption, so users can better determine what data get protected and how. The ability to encrypt data in bulk for lower overhead further mitigates exposures caused by misidentification or misclassification of sensitive data and simplifies the audit process (by pervasively encrypting and by lowering the number of auditable human actors who can view data in the clear). – statement from IBM Journal of Research & Development R&D Volume 62 No 2/3 Paper 2 “Enabling pervasive encryption through IBM Z stack innovations”, page 4, URL: https://ieeexplore.ieee.org/document/8270590/
[iii] – Graph from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 21, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&
[iv] 1- “For the analyzed organizations in a recent SIL study, organizations that deploy pervasive encryption on IBM Z can reduce overall processing overhead by as much as 91.7%.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 22, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&
2 – “Innovations in the software stack, in turn, leverage these encryption capabilities to allow organizations to protect corporate and client data from internal and external threats, with no need for application changes and no impact on service-level agreements (SLAs).” – statement from IBM Journal of Research & Development R&D Volume 62 No 2/3 Paper 2 “Enabling pervasive encryption through IBM Z stack innovations”, page 2, URL: https://ieeexplore.ieee.org/document/8270590/
[v] Encryption Concepts, IBM
[vi]Taking the average load for each platform within the study group, that deployment would result in the addition of up to 12.2 times the number of current servers. Such an increase in platform count would substantially raise the cost of operations. The impact on the organization adopting this solution would be considerable, with sharply rising hardware, software, and personnel expenses.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 21, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&
[vii] 1- “For the analyzed organizations in a recent SIL study, organizations that deploy pervasive encryption on IBM Z can reduce overall processing overhead by as much as 91.7%.” – statement from Solitaire research paper “Pervasive Encryption – A New Paradigm for Protection”, page 22, https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&
2 – “Innovations in the software stack, in turn, leverage these encryption capabilities to allow organizations to protect corporate and client data from internal and external threats, with no need for application changes and no impact on service-level agreements (SLAs).” – statement from IBM Journal of Research & Development R&D Volume 62 No 2/3 Paper 2 “Enabling pervasive encryption through IBM Z stack innovations”, page 2, URL: https://ieeexplore.ieee.org/document/8270590/
[viii]Based on initial installations, the foundation Z security solution provides as much as 8.5 times the interception level of alternative platform solutions at 93% less cost in overall expenditure, and with 81% less effort.”, statement from Solitaire research paper “Pervasive Encryption, the New Paradigm for Protection”, page 28 on https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSL03452USEN&
The post Address your data security challenges with pervasive encryption appeared first on IBM IT Infrastructure Blog.