IBM Rolls ‘Pervasive’ Encryption As Threats Grow
As more stringent data protection rules enter into force, increasing enterprise requirements for encryption, IBM is stepping into the breach with an encryption engine based on its Z Systems mainframe aimed at locking down data across applications, cloud platforms and databases.
The "pervasive" encryption capability leverages Z Systems quality of service features like scaling and available, the company stressed.
"We saw the need to build encryption engines within our microprocessors to really help with being able to do the encryption and not affect the overall processing of the workloads on the platform," explained Mike Desens, vice president of IBM's Z Systems unit. "To be able to do encryption, we knew early you had to have engines in your microprocessors."
The target, Desens added in an interview, is the "rate and pace of hacking and breaching that's occurring out there in the world," including an estimated 9 million security breaches over the last five years. Add to that the looming data governance regulations such as the European Union's General Data Protection Regulation that takes effect next year.
The combination of stricter data governance rules and sophisticated hacks is placing a premium on encrypted data at rest and in motion as well as tighter management of encryption keys. IBM touts its approach as a way to reduce the cost of data encryption at scale as more data and applications are hosted in the cloud.
IBM advertises its Z Systems encryption engine as delivers an 18-fold speed increase over x86 platforms with a 95 percent reduction in cost for data in motion or at rest. The cloud-scale bulk encryption capability is based on hardware and cryptographic algorithm improvements, the company said Monday (July 17).
IBM's pervasive crypto approach is designed as an upgrade to current approaches that encrypt only small chunks of data that require laborious management. The bulk encryption approach is touted as delivering seven-fold increase in cryptographic performance over its previous Z Systems generation. Performance also was boosted by a four-fold increase in the number of transistors in the dedicated silicon running the cryptographic algorithms, IBM said.
Desens noted that current cat-and-mouse security approaches tend to focus heavily on "perimeter defenses" that are being breached by sophisticated hackers. "Encryption is the perfect defense because it brings the [security] back to the data itself." Even if perimeter defenses are defeated, encrypted data is useless to hackers with out the cryptographic keys, he added.
The pervasive encryption approach allows full encryption with no changes in applications or response times.
The company also said its encryption engine and key management system comply with Level 4 of the Federal Information Processing Standards. Level 2 is the current industry standard for high security, IBM noted. Among other things, the federal standard is used to remove unauthorized encryption keys.
Along with compliance with data governance rules, IBM is also targeting its encryption engine at emerging application such as blockchains, the distributed databases for digital transactions. Desens said IBM sees another opportunity for its encryption engine as analytics are combined with blockchain code deployments.
IBM also said this week it would offer blockchain services based on its Z Systems encryption engine at six datacenters in Asia and Europe along with North and South America.