August 15, 2017 By Larry Loeb 3 min read

The new z14 mainframe computer offers a chance to re-evaluate what a mainframe can do for an organization. Gone are the days when the mainframe was the only way to do computing. Today, there are new and different choices, and the z14 can make those choices practical.

The z14 features standard improvements that users have come to expect, such as faster, more efficient hardware chips. It also includes a pervasive encryption scheme that may prove to be as important as anything that was done to the computing hardware.

Introducing Pervasive Encryption

Transitioning away from selective encryption toward end-to-end protection will help organizations secure enterprise data while reducing the cost and complexity of meeting emerging compliance mandates. It is a far more general approach that applies to data in transit and at rest. This routine and pervasive use of cryptography is performed all the time to all data, except that which is immediately processed inside the mainframe.

The details of the new cryptography system start with the z14’s new coprocessor, the Central Processor Assist for Cryptographic Function (CPACF). This high-performance, low-latency coprocessor performs symmetric key encoding and calculates message digests (hashes) in hardware. It is standard on every core, directly supports cryptography and offers hardware acceleration for all encryption operations that occur on the core processor.

According to IBM Systems Magazine, a Solitaire Interglobal report found that this cryptographic acceleration provides six times more performance than the previous z13 model. Additionally, z14 is more than 18 times faster than competing platforms.

The CPACF also has extended key and hash sizes used in the Advanced Encryption Standard (AES) and Secure Hash Algorithm (SHA), as well as support for UTF8-to-UTF16 conversion. The cryptography hardware is available to all processor types used in the z14.

Optimized Performance

Bulk file and dataset cryptographic operations were specifically placed within the mainframe’s operating system software to maximize transparency to the running files and optimize performance. This is a critical point: All the potential benefits of pervasive encryption are lost if a required intermediary step interferes with getting the work done. With the z14, users can transition DB2 and information management system (IMS) high-availability databases from unencrypted to encrypted without stopping the database or the application.

The ability to seamlessly encrypt is a big deal to users. The data used by an application or database is protected, but no user changes are required. Additionally, this means service-level agreements can be maintained.

Both the financial and data processing businesses need this kind of encryption in all places due to the rush of new regulatory compliance mandates that will soon affect them. Additionally, cloud-based data stored in x86 boxes are encrypted at the source and protected at rest. A business using a z14 platform does not have to depend on the low-throughput encryption of such cloud solutions. Data stored in these boxes will already be in an acceptable state without the need for further processing.

No other platform can do this. And it took both advanced hardware and software to pull this off, not just one or the other.

Security Is a Process

Even with the mainframe doing all it can to keep things secure, bad policy decisions by the user can undercut everything. Users need to maintain security policies and enforce them — not count on the machine alone to wave a magic encryption wand to keep data safe.

The z14 is a unique and effective tool to help organizations achieve their security goals. However, the mainframe cannot do this alone: It needs informed and committed users to maximize its effectiveness.

Read the white paper: Pervasive Encryption, The New Paradigm for Protection

More from Mainframe

How dangerous is the cyberattack risk to transportation?

4 min read - If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware attacks. In one event, attackers breached the New York Metropolitan Transportation Authority (MTA) systems. Thankfully, no one was harmed, but incidents like these are cause…

Low-code is easy, but is it secure?

4 min read - Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry about the risks. The global low-code platform market revenue was valued at nearly $13 billion in 2020. The market is forecast to reach over $47 billion in 2025 and $65 billion in 2027 with a CAGR of 26.1%. Very few,…

Starting From Scratch: How to Build a Small Business Cybersecurity Program

4 min read - When you run a small business, outsourcing for services like IT and security makes a lot of sense. While you might not have the budget for a full-time professional on staff to do these jobs, you still need the services.However, while it might be helpful to have a managed service provider handle your software and computing issues, cybersecurity for small and medium businesses (SMBs) also requires a personal, hands-on approach. While you can continue to outsource some areas of cybersecurity,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today