Taking the Fear Out of Information Sharing: IBM z9 and Mainframe Encryption Products Solve Security Woes
Reading the newspaper can be scary for mainframe data center managers. Headlines shout about the theft of millions of names from credit card company databases or the loss of tapes containing sensitive records of hundreds of thousands of government employees. The scariest part may be that these data losses and the myriad problems associated with them could have been avoided. All these organizations needed was widespread encryption of stored data.
If the stored data had been encrypted, it wouldn’t matter if a tape fell off the back of a truck. With the data encrypted, the company doesn’t have to worry about notifying angry customers, employees, and regulators or the liability and litigation that can often accompany a breach of sensitive data. The company also doesn’t have to fret over the potential loss of customers and competitive advantage when sensitive data falls into the wrong hands.
The mainframe data center, protected by systems such as RACF, has been held as the gold standard for data and systems security. But, suddenly, mainframe security isn’t sufficient. Businesses face a new, extended environment where information sharing is common. Yet customers, employees and regulators still require protecting the privacy of an individual’s information, especially as awareness of the pain and cost of identity theft grows. Together, these factors substantially raise the security ante. RACF can’t stop payroll tapes from disappearing off a truck on the way to Iron Mountain.
Of course, IBM has long offered data encryption for the mainframe. Now with the z9, IBM has enhanced and expanded mainframe encryption capabilities, making the mainframe the core of an enterprise encryption, security, and compliance strategy. Sensing an opportunity, other vendors are jumping in with a new generation of mainframe encryption products to meet the demands of this new environment.
The New Security Environment
According to the Reconnex Insider Threat Index August 2005, more than 90 percent of companies regularly expose employee and customer data. That isn’t surprising. In today’s interconnected world, companies incessantly share information with other companies. But it does increase the risk of compromising sensitive data.
ICMA Retirement Corp., a not-for-profit provider of retirement investment services for public sector employees, decided to encrypt the backup tapes it was shipping offsite.
“We saw the headlines and knew the latest privacy regulations,” says Steven Janssen, ICMA’s director of technology infrastructure. The company already runs RACF on its mainframe, so it was comfortable with its internal security. “[With encryption], we’ll feel more in control when we send data offsite,” he adds.
All enterprises today find themselves in an ironic security situation. Demands of the new extended, interconnected environment to share data and the demands of many stakeholders for fast, easy access to data on corporate systems conflict with the organization’s tendency to secure, protect, and restrict information access. They also conflict with regulations that require organizations to guard certain personal information.
Wayne Kernochan, president, Infostructure Associates, describes this situation in a recent report titled, “IBM Mainframe Encryption: The Gold Standard for Security Does An Upgrade”: “Business compliance is primarily about ensuring rapid access to information required by regulatory or legal authorities—all kinds of information and access no matter how old the data is.”