Coming up with strategies to protect data and meet security regulations is getting to be more challenging and complex. The modes of attack are more sophisticated, they seem to occur more regularly, and they can be costly and time-consuming to recover.
For example, last July shipping giant A.P. Moller-Maersk was hit by a cyberattack that cost the company between $250 million and $300 million in lost revenue and affected 1,500 applications and 49,000 end users. It’s likely the number of these outsider attacks will continue to increase including attacks from inside where sensitive content is easily accessed.
There is an urgent need to secure corporate data and protect sensitive information creating a rising demand for encryption. Government regulations like GPDR require an increased oversight of data privacy, and many others such as HIPAA strongly suggest data encryption. Protecting mainframe customer and transactional data is more important than ever for regulatory and corporate privacy and security reasons. Because of this, you may want to add pervasive encryption to your overall security strategy. Pervasive encryption is the ability to encrypt data automatically and decrypt it only when valid access from an authorized party is required. When you implement pervasive encryption, unauthorized users will not be able to understand your data if it is accidentally exposed.
Fortunately, IBM has developed z Systems Pervasive Encryption (zSPE) to protect critical mainframe data in response to the growing need for tighter encryption. To ensure the highest level of protection of your data, BMC has enhanced our products to work seamlessly with the IBM I/O methods that support data encryption. We have tested the changes extensively both in-house and with customers.
BMC products enable decryption of data by authorized users, prevent unauthorized access, and ensure that encryption is maintained when objects are changed. While pervasive encryption applies to the data itself (in Db2 and IMS databases), we are enhancing our MainView products to limit the visibility of that protected data as well.
To meet your growing security needs, pervasive encryption support has been built into many of the BMC products and is seamless to you. The products run the way they always have. The fact that the data is encrypted is totally invisible in your day to day operations. Because the data is encrypted at the database, data set or disk level, you are not required to change or adjust any applications. It’s business as usual – no need to make any changes to your existing workflows and operations.
However, decrypting and re-encrypting data before and after it is used by applications can add overhead, particularly on the z13. Encryption costs on the z14 are much lower than those on the z13. But there is good news – you can offset those costs by running more efficient products such as BMC Next Generation Technology products for Db2. Application performance can improve by up to 5-10% with NGT reorgs. You could say that with NGT, encryption is free.
The threats facing you in your modern business landscape demand data protection. It is critical with today’s security and compliance initiatives to take advantage of the latest mainframe technologies. Pervasive encryption can enhance your security, help you stay ahead of cyberthreats, and keep your customers safe and secure.