IBM has unveiled a new mainframe, bringing the security of data encryption without slowing down system performance to mid-sized organizations.
The new system, IBM z13s, is enabled and optimized for hybrid cloud environments and can help secure critical information and transactions better than before. IBM also announced new security partnerships and highly integrated innovations for the mainframe:
Security embedded into hardware – The new z13s has advanced cryptography features built into the hardware that allow it to encrypt and decrypt data twice as fast as previous generations, protecting information without compromising performance.
Intelligent security capabilities – IBM is integrating mainframe technology with IBM Security software solutions to create a more secure foundation for a hybrid cloud infrastructure. IBM also is offering a new Cyber Security Analytics service to z Systems customers that can help identify malicious activity by learning user behavior over time.
Expanded partner ecosystem – IBM is working with leaders in the cyber security industry through the "Ready for IBM Security Intelligence" partner program to help deliver enterprise-wide solutions and offerings tailored to specific client needs. The new partners for z Systems are BlackRidgeTechnology, Forcepoint (a joint venture of Raytheon and Vista Equity Partners) and RSM Partners.
As digital business becomes the standard and transactions increase, the need for increased security has become paramount. The typical enterprise can face an average of 81 million security incidents annually.1 The incidents and threats are escalating and evolving as companies increase interactions to their network through mobile devices and cloud networks, with industry analyst IDC forecasting 80% enterprise hybrid cloud adoption by 2017.2 Cyber criminals nowadays are manipulating data, rather than stealing it, compromising its accuracy and reliability.3 The z13s provides access to APIs and microservices in a hybrid cloud setting while keeping data integrity intact.
"Fast and secure transaction processing is core to the IBM mainframe, helping clients grow their digital business in a hybrid cloud environment," said Tom Rosamilia, senior vice president, IBM Systems. "With the new IBM z13s, clients no longer have to choose between security and performance. This speed of secure transactions, coupled with new analytics technology helping to detect malicious activity and integrated IBM Security offerings, will help mid-sized clients grow their organization with peace of mind."
Mainframe portfolio deepens security capabilities
IBM's z13s, the new entry point to the z Systems portfolio for enterprises of all sizes, is packed with security innovations.
z Systems can encrypt sensitive data without compromising transactional throughput and response time, eliminating what has traditionally been a barrier for IT departments in implementing encryption. The z13s includes an updated cryptographic and tamper-resistant hardware-accelerated cryptographic coprocessor cards with faster processors and more memory, providing encryption at twice the speed as previous mid-range systems. This means clients can process twice as many high-volume, cryptographically-protected transactions as before without compromising performance. This equates to processing twice as many online or mobile device purchases in the same time helping to lower the cost per transaction.
z Systems clients can take advantage of the z Systems Cyber Security Analytics offering, which delivers an advanced level of threat monitoring based on behavior analytics. The solution, being developed by IBM Research, learns user behaviors and is then able to detect anomalous patterns on the platform, alerting administrators to potential malicious activity. Along with IBM® Security QRadar® security software, which can correlate data from more than 500 sources to help organizations determine if security-related events are simply anomalies or potential threats, z Systems now delivers breakthrough intelligent security solutions that offer end-to-end protection based on advanced analytics. z Systems Cyber Security Analytics service will be available as a no-charge, beta offering for z13 and z13s customers.
IBM Multi-factor Authentication for z/OS (MFA) is now available on z/OS. The solution adds another layer of security by requiring privileged users to enter a second form of identification, such as a PIN or randomly generated token, to gain access to the system. This is the first time MFA has been tightly integrated in the operating system, rather than through an add-on software solution. This level of integration is expected to deliver more streamlined configuration and better stability and performance.
Enhanced security for the hybrid cloud
Hybrid cloud infrastructure offers advantages in flexibility but can also present new vulnerabilities. With more than half of all attackers coming from the inside, organizations must automate monitoring, removing human error or meddling.4 To address this, IBM is integrating the mainframe with IBM Security solutions that address privileged identity management, sensitive data protection and integrated security intelligence. When paired with z Systems, these solutions can allow clients to establish end-to-end security in their hybrid cloud environment.
IBM Security Identity Governance and Intelligence can help prevent inadvertent or malicious internal data loss by governing and auditing access based on known policies while granting access to those who have been cleared as need-to-know users. IBM® Security Guardium uses analytics to help ensure data integrity by providing intelligent data monitoring, which tracks which users are accessing what specific data, helping quickly identify threat sources in the event of a breach. IBM Security zSecure and QRadar use real-time alerts to focus on the identified critical security threats that matter the most to the business.
Security partner ecosystem expands to mainframe platform
Total system security requires deep knowledge of specific industries and threats. That is why IBM is working with other leaders in the field to augment its own solutions. IBM's strategic partnership program for security, "Ready for IBM Security Intelligence," now includes more software applications from key ISVs integrating their solutions for z Systems. As the program extends to z Systems, it will provide an additional layer of protection and access governance to critical applications, resources and data that reside on the mainframe.
BlackRidge Technology delivers identity-based network security that operates before network connections are established and security defenses engage at the application layer. BlackRidge determines and authenticates user or device identity on the first packet before network connections are established. This provides the equivalent of secure caller ID for the network that allows only identified and authorized users or devices access to enterprise systems, stopping known and even unknown threats.
Forcepoint's Trusted Thin Client® secures sensitive and mission critical data at the endpoint – where it is most at risk. With a read-only endpoint device, there is no residual data on the device – if compromised nothing can be stolen or leaked.
RSM Partners offers deep expertise in application readiness, penetration testing and security reviews. It also has software products that help ease security administration and provide dashboards that give a view into an organization's overall mainframe security posture.
Banco do Nordeste, Latin America's largest regional development bank, has purchased two new z Systems to support its growing mobile and banking automation transformations. Security, and specifically fraud prevention, is a primary concern for the bank. With z Systems as a core part of its technology infrastructure, it can use analytics capabilities to detect anomalies and prevent fraud.
"As our business continues to grow, we need a computing platform that can grow with us – while at the same time offering the security and reliability banks require," said Claudio Freire, Superintendent of Information Technology, Banco do Nordeste. "The combination of performance and security on the mainframe with the openness of Linux provides us with an optimal platform to analyze user engagement and manage massive amounts of sensitive client data while keeping it secure."
The new z13s' planned availability will be March of this year. IBM Global Financing leases and payment plans are available from IBM and IBM Business Partners and provide flexible terms and conditions that can be tailored to meet each customer's needs to upgrade from older models to z13s, convert an owned z system to leasing while upgrading or acquiring a net new z13s. Promotional offers include 90 days deferred payment for new credit-qualified customers.
1 Based on "IBM 2015 Cyber Security Intelligence Index"
2 IDC, "IDC FutureScape – Worldwide Cloud 2015 Predictions – Mastering the Raw Material of Digital Transformation," Doc # 259840, November, 2015.
3 Based on National Security Administration testimony, September 2015.
4 Based on IBM 2015 Cyber Security Intelligence Index.
This article was originally posted “IBM Unveils New Mainframe For Encrypted Hybrid Clouds” from Cloud Strategy Magazine.