Sep 7

IBM’s Pervasive Encryption: A Game-Changer With Big Implications Beyond the Z World

by Mark Wilson 

What IBM has done, to and for hardware environments, is a watershed moment in the industry, with implications that reach far beyond mainframe security alone.

With IBM’s announcement of new pervasive encryption capabilities, the Z world has finally woken up to security, with its myriad of threats and opportunities. This was a very hot topic at the SHARE user group meeting in Rhode Island a few weeks ago. Its potential was clear to all, and financial institutions in particular will race to deploy it. Facing PCI-DSS or GDPR requirements, or HIPAA in the U.S.? No problem. If you’ve got a mainframe you can now encrypt your data relatively quickly and simply, at rest and in flight. So, why wouldn’t you?

What is especially exciting, for me, are the implications for the non-mainframe security world. If we can do this on the mainframe at high speeds and to such a high degree of quality, pervasive encryption could actually represent a changing role for the mainframe in terms of becoming a security service provider for the wider enterprise. "Crypto as a service," if you like. It gives a whole additional meaning to "pervasive."

It’s easy to see why IBM has taken the time to do this properly, thinking long and hard about the issues and delivering a proper solution to move from selective to pervasive encryption. IBM reports a 26 percent likelihood of an organization having a data breach in the next two years, and reckons the average cost of a breach is US$4 million. When you look at data breaches over the last few years, the sobering fact is that only 4% of the data stolen was encrypted. Ninety six percent was completely clear and unencrypted—meaning it was free and available for use. Before, part of the problem was that you’d need to make application code changes to encrypt the data. But IBM has given us application transparent encryption and a way to do it fairly quickly. But this new world does come with some caveats: Game changer it may be, but it’s something you shouldn’t just rush into. For example, managing encryption keys to avoid their theft. There’s quite a piece of work around making sure you have robust procedures to manage the keys you use to protect your data.

That’s just one example from a list of issues, and one reason why RSM is collaborating with IBM to provide thought leadership in this area. As you’d expect, we’re planning ways to help our clients embrace pervasive encryption as soon as possible, and understand its implications for the rest of their business. Exciting times.