IBM Z Data Encryption

IBM Z Data Encryption

On July 17, 2017, IBM unveiled IBM Z, a transaction system capable of running more than 12 billion encrypted transactions per day. The new system also introduces an encryption engine that makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time.

IBM Z's new data encryption capabilities are designed to address the global epidemic of data breaches, a major factor in the $8 trillion cybercrime impact on the global economy by 2022. Of the more than nine billion data records lost or stolen since 2013, only four percent were encrypted, making the vast majority of such data vulnerable to organized cybercrime rings, state actors and employees misusing access to sensitive information.

Encryption is often largely absent in corporate and cloud data centers because current solutions for data encryption in x86 environments can dramatically degrade performance and can be too complex and expensive to manage. As a result, only about two percent of corporate data is encrypted today, while more than 80 percent of mobile device data is encrypted.

This bulk encryption at cloud scale is made possible by a 7x increase in cryptographic performance over the previous generation z13 – driven by a 4x increase in silicon dedicated to cryptographic algorithms. This is 18x faster than compared x86 systems (that today only focus on limited slices of data) and at just five percent of the cost of compared x86-based solutions.

IBM Z can protect millions of keys (as well as the process of accessing, generating and recycling them) in tamper-responding hardware that causes keys to be invalidated at any sign of intrusion and can then be restored in safety. The IBM Z key management system is designed to meet Federal Information Processing Standards (FIPS) Level 4 standards, where the norm for high security in the industry is Level 2.