SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
IBM has announced its latest version of its mainframe, the IBM Z14, which it calls "the most significant re-positioning of mainframe technology in more than a decade."
The combination of an explosion in data breaches and increasingly severe regulatory requirements requires a new approach to security: the mainframe is back. IBM has announced its latest mainframe, the IBM z14, in what it calls "the most significant re-positioning of mainframe technology in more than a decade."
Encryption is seen as the best solution for both data loss and regulatory compliance. But encryption is hard, requiring more time and processing power than most companies have at their disposal. At the same time, it is becoming an increasingly attractive solution. More than nine billion data records have been lost or stolen since 2013; and only 4% were encrypted. Next year, the General Data Protection Regulation (GDPR) could, in theory, impose fines of up to 4% of global turnover for the loss of unencrypted personal data.
A second regulation requiring widespread encryption is the NYSDFS cyber security regulation. This states, "As part of its cybersecurity program, based on its Risk Assessment, each Covered Entity shall implement controls, including encryption, to protect Nonpublic Information held or transmitted by the Covered Entity both in transit over external networks and at rest." 'Nonpublic Information' could almost be interpreted as 'everything'. The automatic facility to encrypt everything in transit and at rest -- as does the IBM Z -- will make its capabilities particularly attractive to banks and financial institutions that are governed by the New York State Department of Financial Services.
Source: http://www.securityweek.com/new-ibm-z-mainframe-designed-pervasively-encrypt-enterprise-data
(Score: 2) by MrGuy on Tuesday July 18 2017, @04:41PM (5 children)
BOFH over at El Reg was making fun of the idea of needing some kind of external "encryption processing" platform way back in 2004. [theregister.co.uk]
What's changed that suddenly, we apparently need a standalone Z SERIES MAINFRAME to do our encryption for us? Seems like a multi-million dollar elephant gun to kill a bacterium - is encrypting really so costly now that we can't do it on the fly?
(Score: 4, Insightful) by frojack on Tuesday July 18 2017, @05:35PM (3 children)
You are missing some motivation elements is my guess.
Data encrypted (whenever it is at rest) is pretty much a tacit admission that they have given up on prevention
of intrusion and data theft. They've decided storage isn't safe. And cloud storage is even more unsafe.
Probably also some IBM back doors in the encryption.
Almost certainly some government backdoors.
So with everything encrypted the regulators are happy.
The sue-happy lawyers are baffel-gabbed into silence.
The inevitable data leaks can be pinned on some scapegoated employee.
And IBM sells more mainframes.
But IBM also sells more encryption chips for use in storage devices. Wait and see.
No, you are mistaken. I've always had this sig.
(Score: 2) by bob_super on Tuesday July 18 2017, @06:29PM
> The inevitable data leaks can be pinned on some scapegoated employee.
And no CIO will lose their bonus because John the administrative assistant was somehow not walled off nor flagged when the mainframe decrypted 2TB of data to store on his USB device.
(Score: 3, Insightful) by http on Tuesday July 18 2017, @11:09PM
Thing is, physical intrusion is impossible to prevent, always has been, and nobody's ever said otherwise who's not running a con. If you have a location, it can always be invaded by a resourceful attacker. And no matter how much you increase the cost, it's always possible that someone will be willing to pay it to get there. Encrypting data is risk management, not admission of failure.
I browse at -1 when I have mod points. It's unsettling.
(Score: 2) by JoeMerchant on Wednesday July 19 2017, @02:33AM
Isn't the whole point of encryption algorithms that they are "easy" with the key, and "very hard" without it?
Your cell phone should be able to encrypt everything to a level where it takes a mainframe to break into it - if only the OS and application software cared enough to encrypt your data while at rest and properly manage the keys.
I agree: this is about regulatory compliance, regulations that probably are mandating backdoor access - much easier to feel like that's not a problem if it's implemented on a big expensive mainframe.
🌻🌻 [google.com]
(Score: 2) by driverless on Wednesday July 19 2017, @02:11AM
No, we need encryption as a marketing buzzword to get our mainframes press coverage. Given that the data needs to be transparently decrypted any time it's used for anything, with the keys held in-memory since it's, well, transparent, all it means is that an attack has gone from "SELECT * FROM banking_records" to, well, the exact same "SELECT * FROM banking_records". The en/decryption is transparent, so the attacker doesn't even know it's there.