IBM Revamps Mainframes With Eye On Data Protection

The IBM Z mainframe uses dedicated silicon to boost cryptographic performance, meaning organisations can encrypt all their data, all the time

IBM has rolled out what it called the biggest revamp of mainframe technology in more than a decade with a system that aims to stem the damage caused by data breaches through pervasive encryption.

The next-generation mainframe, called the IBM Z, is capable of handling 12 billion encrypted transactions a day, meaning businesses can encrypt all the data associated with an application, cloud service or database.

‘Data protection engine for the cloud’

It’s the latest addition to the company’s established system z range of mainframes, and the most significant repositioning of the technology since IBM embraced Linux and open source on the platform about 15 years ago.

“The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale,” stated Ross Mauri, general manager for IBM Z. “We created a data protection engine for the cloud era to have a significant and immediate impact on global data security.”

The IBM Z mainframe.

At the moment only about 2 percent of business data is encrypted, IBM estimates, in part because doing so can be expensive and can cause significant performance decreases.

IBM Z approaches the issue by introducing a seven-fold increase in cryptographic performance compared to the previous-generation z13, made possible by a four-fold increase in silicon dedicated to cryptographic tasks. IBM said the dedicated silicon means cryptographic performance is about 18 times faster than current x86 systems.

Mainframes are widely used in sectors such as financial services, government, retail and travel and transportation, and IBM says its transaction engine handles 87 percent of all credit card transactions, 29 billion ATM transactions per year and four billion passenger flights per year.

Regulatory pressure

The new system arrives following a number of major data breaches, with only four percent of the 9 billion records lost or stolen since 2013 being encrypted. Broader use of encryption could reduce the damage to enteprises from such leaks by about 92 percent, IBM estimates.

New regulations including the EU’s General Data Protection Regulation (GDPR), set to take effect next year, are also forcing companies to take more care with the data they handle.

IBM said it designed IBM Z collaboratively with 150 clients, including security experts and chief security officers.

The system has been in development for five years, more than the usual three, with customers involved for more than two years, IBM said.

The system encrypts data at rest or in flight wherever it is located, and can be encrypted in bulk rather than in small chunks as is usual today.

cloud data protectionEncryption keys can be protected with “tamper responding” hardware that causes keys to be invalidated at any sign of intrusion, so that they can be securely restored.

Blockchain data centres

IBM Z allows organisations to encrypt the application programming interfaces (APIs) used to call data from a cloud service, for an additional layer of security, IBM said.

The mainframe can support 12 billion encrypted transactions per day, two million Docker containers and 1,000 concurrent NoSQL databases, supported by three times the memory of its predecessor, the z13, and three times the I/O and transaction processing capabilities.

The company outlined three container pricing models for affordable and flexible cloud-based deployments, including for new microservices and applications, application test and development and payment systems.

The pricing models are set to be available by the end of this year for IBM’s z/OS V2.2 and z/OS V2.3 mainframe operating systems, IBM said.

IBM also said plans to build six data centres with IBM Z systems carrying out encryption tasks for blockchain services, which provide encrypted records of secure transactions and are aimed primarily at financial services companies. The centres are to be built in Dallas, London, Frankfurt, Sao Paolo, Tokyo and Toronto, with more planned.

IBM is distributing the data centres broadly in order to reduce latency and to cater to those who need data stored within their country due to regulatory constraints.

How well do you know the cloud? Try our quiz!