IBM Goes All Out On Encryption With New ‘IBM Z’ Mainframe

IBM announced its new mainframe, called “IBM Z,” (or Z14), which promises to deliver 12 billion encrypted transactions per day and to “pervasively encrypt data associated with any application, cloud service or database all the time.”

Encrypting Everything

The idea of “encrypting everything” seems to have caught momentum after Snowden’s revelations, when organizations such as the EFF and technology companies such as Google and Apple decided to more aggressively adopt the use of encryption across their products and services.

According to a recent study, extensive use of encryption in a company is one of the top factors in reducing the cost of data breaches. That makes sense, considering that if all or most of the data is properly encrypted, then the attackers wouldn't be able to gain access to much of the data. Alternatively, they would be forced to deploy more complex hacking solutions that could, early on, alert companies that a hack is in progress.

Increasing Trust Through Encryption

IBM is betting that encryption is vital for the digital economy, because the digital economy requires trust for transactions to happen, and encryption is at the core of that trust. IBM wants to be one of the leading providers of encryption solutions for corporate customers.

According to the company, of the nine billion data records stolen since 2013, only 4% were encrypted, making that data vulnerable to organized cybercrime groups, nation-states, and employees who misuse access to sensitive information. IBM Z’s new encryption capabilities promise to tackle all of these issues.

"The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale," said Ross Mauri, General Manager, IBM Z. "We created a data protection engine for the cloud era to have a significant and immediate impact on global data security,” he added.

IBM Z Encryption Technology

IBM claimed that one of the main reasons why only 2% of corporate data is encrypted while 80% of mobile data is encrypted is because solutions for encryption in x86 environments can degrade performance. The company added that its new mainframe brings three main technological advantages over competition.

Pervasive Encryption Solutions

The company said that the new IBM Z makes it possible for the first time to encrypt data associated with an application, cloud service, or database in flight or at rest, with a single click. Compared to today’s standard practice of encrypting data in chunks, the IBM Z mainframe can encrypt data in bulk and at scale.

This is made possible by a 4x increase in silicon dedicated to cryptographic algorithms, which results in a 7x increase in overall encryption performance, compared to IBM’s previous mainframe generation. The company noted that this is 18x faster than comparable x86 systems that still encrypt only slices of data at a time.

Tamper-Responding Encryption Keys

Although the main problem in the corporate environment remains that the companies don’t encrypt their data, even the ones that do have to worry about hackers stealing their encryption keys and then using them to decrypt everything.

The new IBM Z comes with “tamper-responding” hardware, which can handle millions of encryption keys that can be invalidated at any sign of intrusion. The key management system is also designed to meet Federal Information Processing Standards (FIPS) Level 4 standards, even though the current norm for high security in the industry is Level 2.

Encrypted APIs

IBM Z allows organizations to encrypt the APIs they use at 3x the performance of comparable x86 systems, according to IBM.

Designed With EU’s GDPR In Mind

The European Union’s new General Data Protection Regulation (GDPR), which will go into effect by mid-2018, will bring strict data protection rules to larger companies. Failing to comply with those rules can result in fines of up to 4% of the companies’ global annual revenue.

The GDPR makes companies much more accountable for data breaches if they experience one and if it's discovered that a given company wasn’t using security best practices. The new IBM Z looks like it could be an almost turn-key solution for companies that are still scrambling to comply with the data protection regulations by the time they go into effect.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • John_561
    This is gonna be a rough year for hackers, and for good from there on out...This coupled with new AI solutions is going to cripple hackers efforts in the long run. All they'll be left with is phishing - and then in a couple of years that'll be gone too. But all users and businesses really need to take precautions NOW. Use something like lastpass coupled with two-step verification. We STILL need to go back to paper ballots for political voting at ALL levels, and remove utilities such as power companies from the grid permanently.

    <Edited by Moderator>