IBM’s latest z Series mainframe, unveiled today, has a novel security feature the company says users have long wanted but couldn’t get: the ability to easily encrypt all their data, at rest or in motion, with just one click.
The 14th-generation mainframe, called IBM Z, introduces a new encryption engine that for the first time will allow organizations to encrypt all data in their databases, applications, or cloud services, with no performance hit, said Mike Perera, VP of IBM’s z Systems Software unit, in an interview with Data Center Knowledge.
“It’s a security breakthrough that now makes it possible to protect all the data, all the time,” he said. “And we’re really doing it for the first time at scale, which has not been done up to this point, because it’s been incredibly challenging and expensive to do.”
Cybersecurity has become a top priority for IBM’s mainframe customers in recent years. This group includes government agencies and many of the world’s largest financial institutions, retailers, healthcare organizations, and insurance firms — in other words, primary targets for professional hackers.
While much of the IT infrastructure conversation today revolves around cloud, mainframes are still a $3 to $4 billion business for IBM, according to the market research firm IDC.
“This is a significant technology that they are bringing to the market,” Peter Rutten, analyst for IDC’s Servers and Compute Platforms Group, said about the new encryption capabilities. “Data centers previously had to decide what they would encrypt. Everything was not encrypted because it was a manual process. But as attacks on data increasingly become more frequent and intense, it has become more important to encrypt all the data, wherever they go – at rest or in flight. With this technology, the whole system in its entirety is .”
The technology will also help mainframe users meet new data compliance requirements, such as the European Union’s General Data Protection Regulation, pointed out Judith Hurwitz, president of the market research and consulting firm Hurwitz & Associates.
Besides working for its existing customer base, IBM is hoping the new IBM Z will attract new customers, such as companies that have traditionally used x86 servers (the bulk of the market) and companies that want to provide cloud services, Hurwitz said.
For example, it also announced today the launch of IBM Cloud BlockChain data centers in six cities worldwide. These data centers are securing the cloud service using IBM Z’s encryption technology.
The company says IBM Z handles encryption 18 times faster than do x86 systems and runs Java workloads 50 percent faster. A single system can support more than 12 billion encrypted transactions per day.
“For quite a long time, people have looked at Intel as a convenient platform, but IBM would love to break that stranglehold and have people take a look at the mainframe,” Hurwitz said. “There are companies that need that level of strength and transaction management.”
Better Encryption through Software and Hardware Changes
Customers of the previous z13 mainframe can take advantage of the new pervasive encryption features by upgrading the operating system and software, but they won’t get the performance boost that the new IBM Z mainframe provides, Perera said. IBM advanced its cryptographic technology through a combination of hardware and software innovations
They include four times more silicon dedicated to cryptographic algorithms over the previous z13 mainframe. It also includes new processor designs and upgrades to the operating system, middleware, and databases. The result is a sevenfold increase in cryptographic performance over the z13 mainframe, he said.
To further beef up security, IBM has also encrypted APIs and encryption keys. “If someone were to get access to the keys, they can’t do anything with them,” Perera said.
The company expects to ship the mainframe in the third quarter.