Reality: Tape virtualization and encryption processing workloads are well-positioned to take advantage of IBM’s System z9 Integrated Information Processor (zIIP) and offload those tasks from a mainframe’s general-purpose processors.
Best practice: The extension of zIIP-eligible workloads enables IT organizations to fully protect growing volumes of business-critical data by using the zIIP processor to reduce Million Service Units (MSU) requirements and tape storage management costs. managing keys—especially as more devices that require key management are acquired over time. Other encryption key management challenges include: • The potential need to remount every tape created during the entire year to change keys or address expired ones • Administering responsibilities for controlling and updating keys in a multi-vendor tape encryption and distributed environments—as well as ensuring appropriate tracking and backup • Ensuring encryption keys used to protect historical data haven’t expired if the time comes to read the data • Keeping track of keys in the event of a change in hardware vendors.
Myth 8: Tape encryption provides no business value.
Reality: The business value provided by encryption can be measured in terms of protection from the negative publicity, loss of customers, fines and other consequences of a data breach. According to a 2006 study by the Ponemon Institute, the remediation of compromised data cost businesses an average of $182 per record—totaling as high as $22 million, $4.7 million on average, and no less than $226,000. Costs include legal fees, investigative and administrative expenses, stock performance, customer defections, opportunity loss, public relations, and customer support costs.
Best practice: Implementing a data encryption policy protects the business against the potential serious consequences of a data breach.
Myth 9: Encryption key management provides no business value.
Reality: The business value of encryption key management can be measured in terms of protection from application outages that result from the inability to access encrypted data due to lost or corrupted encryption keys. While businesses can likely tolerate four to five hours of downtime before experiencing significant revenue loss, each hour of downtime can cost up to $25,000 or more when all costs associated with lost sales, wages, and production are considered.
Best practice: By implementing an automated encryption key policy, IT organizations can reduce the risk of application outages and data inaccessibility due to missing or corrupted encryption keys by ensuring protection and availability of keys and digital certificates— and most important, fast recovery of encrypted data.
Myth 10: Encryption keys are easy to manage.
Reality: Encryption key management using manual methods can be difficult. A simple keystroke error can be disastrous—as can a skipped or improperly followed procedure. Such mistakes can lead to the inability to access mission- critical data and keep essential applications down for hours or days. So, while the management of encryption keys may not be a huge burden in terms of hours or difficulty, it’s essential that it be done systematically and consistently. IT organizations also can consider the long-term implication of manually managing keys—especially as more devices that require key management are acquired over time. Other encryption key management challenges include: