The new z14 mainframe computer offers a chance to re-evaluate what a mainframe can do for an organization. Gone are the days when the mainframe was the only way to do computing. Today, there are new and different choices, and the z14 can make those choices practical.

The z14 features standard improvements that users have come to expect, such as faster, more efficient hardware chips. It also includes a pervasive encryption scheme that may prove to be as important as anything that was done to the computing hardware.

Introducing Pervasive Encryption

Transitioning away from selective encryption toward end-to-end protection will help organizations secure enterprise data while reducing the cost and complexity of meeting emerging compliance mandates. It is a far more general approach that applies to data in transit and at rest. This routine and pervasive use of cryptography is performed all the time to all data, except that which is immediately processed inside the mainframe.

The details of the new cryptography system start with the z14’s new coprocessor, the Central Processor Assist for Cryptographic Function (CPACF). This high-performance, low-latency coprocessor performs symmetric key encoding and calculates message digests (hashes) in hardware. It is standard on every core, directly supports cryptography and offers hardware acceleration for all encryption operations that occur on the core processor.

According to IBM Systems Magazine, a Solitaire Interglobal report found that this cryptographic acceleration provides six times more performance than the previous z13 model. Additionally, z14 is more than 18 times faster than competing platforms.

The CPACF also has extended key and hash sizes used in the Advanced Encryption Standard (AES) and Secure Hash Algorithm (SHA), as well as support for UTF8-to-UTF16 conversion. The cryptography hardware is available to all processor types used in the z14.

Optimized Performance

Bulk file and dataset cryptographic operations were specifically placed within the mainframe’s operating system software to maximize transparency to the running files and optimize performance. This is a critical point: All the potential benefits of pervasive encryption are lost if a required intermediary step interferes with getting the work done. With the z14, users can transition DB2 and information management system (IMS) high-availability databases from unencrypted to encrypted without stopping the database or the application.

The ability to seamlessly encrypt is a big deal to users. The data used by an application or database is protected, but no user changes are required. Additionally, this means service-level agreements can be maintained.

Both the financial and data processing businesses need this kind of encryption in all places due to the rush of new regulatory compliance mandates that will soon affect them. Additionally, cloud-based data stored in x86 boxes are encrypted at the source and protected at rest. A business using a z14 platform does not have to depend on the low-throughput encryption of such cloud solutions. Data stored in these boxes will already be in an acceptable state without the need for further processing.

No other platform can do this. And it took both advanced hardware and software to pull this off, not just one or the other.

Security Is a Process

Even with the mainframe doing all it can to keep things secure, bad policy decisions by the user can undercut everything. Users need to maintain security policies and enforce them — not count on the machine alone to wave a magic encryption wand to keep data safe.

The z14 is a unique and effective tool to help organizations achieve their security goals. However, the mainframe cannot do this alone: It needs informed and committed users to maximize its effectiveness.

Read the white paper: Pervasive Encryption, The New Paradigm for Protection

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…