Pervasive Encryption & Compression: Why z15 Upgrade Activities Are Optimal & Strategic

Social Media Sharing

A recent IBM Security sponsored Cost of a Data Breach report by the Ponemon Institute highlighted an average data breach cost of $3.86 Million.  Personally Identifiable Information (PII) accounted for ~80% of data breaches, exposing a range of between 3,400 & 99,730 compromised records.  The term Mega Breach is becoming more commonplace, classified as the exposure of 1+ Million records, where the average cost for such events increases exponentially, ~$50 Million for exposures up to 10 Million records, rising to ~$392 Million for exposures of 50+ Million records.  From an incident containment viewpoint, organizations typically require 207 days to identify & 73 days to contain a breach, totalling an average lifecycle of 280 days.  Seemingly the majority (I.E. 95%+) of data records breached were not encrypted.  I think we can all agree to agree, prevention is better than cure & the costs of these data breaches are arguably immeasurable to an organization in terms of customer trust & revenue downturn…

With the launch of IBM z14 in 2017, IBM announced its core CPU hardware included the Central Processor Assist for Cryptographic Function (CPACF) encryption feature embedded in the processor chip.  The ability to encrypt data, both at rest & in flight, for a low cost, was good news for IBM Z customers concerned about data security.  Classified as Pervasive Encryption (PE), the capability was designed to universally simplify data encryption processes, eradicating potential sources of data loss due to unwanted data breach scenarios.

It’s patently obvious that encryption inflates data & so we must consider the pros & cons of data compression accordingly.  An obvious downside of z14 data encryption is that it can render storage-level compression ineffective, because once the data is encrypted, it is not easily compressed.  A zEnterprise Data Compression (zEDC) card could be deployed to compress the data before encryption, but with added expense!  Wouldn’t it be good if data compression & encryption were performed on the CPU core?

For the IBM z15, with the Integrated Accelerator for zEnterprise Data Compression (zEDC), the industry standard compression used by zEDC is now built into the z15 core, vis-à-vis encryption via CPACF.  IBM z15 customers can now have the best of both worlds with compression, followed by encryption, delivered by the processor cores.  Therefore encryption becomes even less expensive, because after data compression, there is significantly less data to encrypt!

zEDC can perform compression for the following data classification types:

  • z/OS data (SMF logstreams, BSAM & QSAM data sets, DFSMShsm & DFSMSdss processing)
  • z/OS Distributed File Service (zFS) data
  • z/OS applications, using standard Java packages or zlib APIs
  • z/OS databases (Db2 Large Objects, Db2 Archive Logs, ContentManager OnDemand)
  • Network transmission (Sterling Connect:Direct)

Arguably the increase in remote working due to COVID-19 will increase the likelihood & therefore cost of data breaches & although encryption isn’t the silver bullet to hacking remediation, it goes a long way.  The IBM Z Mainframe might be the most securable platform, but it’s as vulnerable to security breaches as any other platform, primarily due to human beings, whether the obvious external hacker, or other factors, such as the insider threat, social engineering, software bugs, poor security processes, et al.  If it isn’t already obvious, organizations must periodically & proactively perform Security Audit, Penetration Test & Vulnerability Assessment activities, naming but a few, to combat the aforementioned costs of a security breach.

Over the decades, IBM Z Mainframe upgrade opportunities manifest themselves every several years & of course, high end organizations are likely to upgrade each & every time.  With a demonstrable TCO & ROI proposition, why not, but for many organizations, such an approach is not practicable or financially justifiable.  Occasionally, the “stars align” & an IBM Z Mainframe upgrade activity becomes significantly strategic for all users.

The IBM z15 platform is such a timeframe.  Very rarely do significant storage & security functions coincide, in this instance on-board CPU core data compression & encryption, eradicating host resource (I.E. Software, Hardware) usage concerns, safeguarding CPU (I.E. MSU, MIPS) usage optimization.  External factors such as global data privacy standards (E.g. EU GDPR, US PII) & associated data breach penalties, increase the need for strategic proactive security processes, with data encryption, high on the list of requirements.  Add in the IBM Z Tailored Fit Pricing (TFP) option, simplifying software costs, the need to compress & encrypt data without adding to the host CPU baseline, the IBM z15 platform is ideally suited for these converging requirements.  Pervasive Encryption (PE) was introduced on the IBM z14 platform, but on-board CPU core compression was not; GDPR implementation was required by 25 May 2018, with associated significant financial penalties & disclosure requirements; IBM Z Tailored Fit Pricing (TFP) was announced on 14 May 2019, typically based upon an MSU consumption baseline.

Incidentally, the IBM z15 platform can transform your application & data portfolio with enterprise class data privacy, security & cyber resiliency capabilities, delivered via a hybrid cloud.  Mainframe organisations can now get products & ideas to market faster, avoiding cloud security risks & complex migration challenges.  With the Application Discovery & Delivery Intelligence (ADDI) analytical platform, cognitive technologies are deployed to quickly analyse Mainframe applications, discovering & understanding interdependencies, minimizing change risk, for rapid application modernization. In conclusion, a year after the IBM z15 platform was announced in September 2019, field deployments are high, with the majority of promised function delivered & field tested.  With the ever-increasing cybersecurity threat of data breaches & an opportunity to simplify IBM Z software Monthly License Charges (MLC), a z15 upgrade is both strategic & savvy.  Even & maybe especially, if you’re using older IBM Z server hardware (E.g. z13, zxC12, z114/z196, z10, z9, et al), your organization can easily produce a cost justified business case, based upon reduced software costs, Tailored Fit Pricing or not, optimized compression & encryption, delivering the most securable platform for your organization & its customers.  Combined with proactive security processes to eliminate a myriad of risk register items, maybe that’s a proposition your business leaders might just willingly subscribe to…