IBM z15 sets a new cloud security standard
From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IBM Systems IT Infrastructure blog. The opinions in these posts are their own, and do not necessarily reflect the views of IBM.
On September 12, 2019, in New York City, IBM set a new and very impressive standard in the protection of data. With the launch of the IBM z15, IBM Data Privacy Passports technology builds upon pervasive encryption to help clients protect and provision data and revoke access to that data at any time from any location — even for data not housed on the z15.
This solution embeds data security policies and encryption with the data, enforcing data privacy by policy across the whole of your enterprise, even when that data leaves your data center. All this happens on the same platform that enables you to use hybrid cloud services, modernize z/OS applications in place and integrate with Linux apps on and off premises.
Protect data and ensure privacy
Pervasive encryption enables customers to encrypt data at the database, data set or disk level. The most crucial benefit of pervasive encryption is that it does not require customers to change or adjust applications. Each app contains an internal encryption-decryption mechanism, allowing clients to apply cryptography without altering the app itself. These functions go a long way towards addressing data protection and privacy management challenges that often arise throughout an enterprise transition to the use of hybrid IT and composable infrastructures.
Composable infrastructures deliver compute, storage and network resources as services from multiple logical resource pools. The approach treats infrastructure like applications. It gives technology teams the ability to construct new systems using software code to manipulate collections of software-defined building blocks. Infrastructure automation tools are used to provision required infrastructure on demand.
Achieve encryption everywhere with IBM z15
Security and data protection is a significant operational challenge for enterprise IT organizations. The IBM z15 meets this challenge through a variety of data-centric audit and protection mechanisms:
- Ability to track the location of all your data and status of all applicable security mechanisms;
- Capability to build data protection and privacy into all applications and data platforms instead of relying on an assortment of third-party tools;
- Security of having data protection and privacy controls embedded into every layer of the computing stack;
- Reliability of having a consistent identity management process in place across your hybrid cloud environment;
- Predictability delivered by consistently deploying all computing platform elements;
- Flexibility to securely move data between composable infrastructure components and third parties; and
- Comfort enjoyed by being able to meet new data privacy regulations and data sovereignty laws without fearing risk and economic loss associated with data security and privacy failures;
Secure your hybrid multicloud
According to the 2018 Ponemon and Opus annual study on data risk, 59 percent of businesses reported that they suffered a data breach caused by a vendor or third party. This growing operational challenge also positions the IBM Z mainframe as a key platform within any hybrid cloud transition strategy. Cloud-specific security services, referred to as IBM Cloud Hyper Protect Services, provides:
- A complete set of encryption and key management services within a dedicated namespace.
- A database on-demand service that features the ability to store data in a fully encrypted database without needing specialized skills; and
- A secure Kubernetes cluster container service that enables a standardized, portable and scalable process for packaging applications.
 2018 Data Risk in the Third-Party Ecosystem: Third Annual Study. Ponemon Institute, 2018.