The IBM System z mainframe is designed to combine the power of industry-leading security features with the simplicity of centralized management to deliver a comprehensive and flexible phalanx of security safeguards and capabilities. These features help to protect against hackers, keep data secure and allow for easy management of complex security issues. Given the abundance of information technology security issues that impact businesses -- including identity theft, regulatory compliance concerns, and firewall intrusions -- the "fortress-like" security offered by the IBM System z mainframe have never been more critical.
"Leading retailers as well as governmental and financial institutions have historically selected the mainframe as a secure repository and transaction hub for their most critical data," said Jim Stallings, general manager for IBM System z. "As more and more mid-sized businesses choose the mainframe, we want to be certain that they can make use of security features available to larger businesses."
New System z security advancements include:
Lowering the costs of network and data protection:
Enhancement to System z9 end-to-end network encryption with new IPSec use of zIIP specialty engines. Customers transacting business over the Internet need a highly secure connection between their mainframe and remote servers and devices. zIIP Assisted IPSec can provide a cost effective high speed encryption engine for customers requiring end-to-end encryption over the Internet.
Lower entry cost of secure-key encryption with new single port CryptoExpress2 card for the System z9 Business Class mainframe. CryptoExpress2 can provide secure-key cryptography and key management, and protect encryption keys from disclosure, modification and misuse. It holds the industry's top hardware rating -- FIPS 140-2 Level 4. CryptoExpress can also provide acceleration for SSL encryption, the most popular Internet security protocol. With secure-key processing on System z9 with CryptoExpress2, encryption keys are protected in a tamper-resistant cryptographic hardware device, and never appear in the clear, not even in system memory.
Planned System z operating system support for new mid-range 3400 Tape Library featuring encrypting drives.
Extending IBM mainframe security for Linux:
New support for secure-key encryption with CryptoExpress2. With this enhancement, customers' Linux encryption applications can benefit from the mainframe's tamper-resistant encryption processing.
Multilevel Security support with new RedHat support for Security Enhanced Linux for System z (SELinux).
Enabling customers to meet regulatory compliance requirements:
InSight and zSecure product suites from Consul risk management, Inc. -- an IBM company.
New DB2 9 features to help improve security management, data encryption and auditing.
Svenska Handelsbanken -- a prominent financial institution with a business focused in the Nordic countries -- is an example of an IBM client that has leveraged the System z9 mainframe security architecture. The IBM mainframe has been a key element of Svenska Handelsbanken's infrastructure for many years, hosting their critical applications and data. Historically the company's mainframe connections were secured end-to-end with SNA connections. When the bank shifts to conducting transactions via the Internet, it plans to implement end-to-end encryption with IPsec, taking advantage of the advances IBM has made on mainframe security to provide ironclad network and data protection to customers.
According to a recent IBM survey, 64 % of CIOs surveyed see security compliance and data protection as one of the most significant challenges facing IT organizations. Today's mainframe environment speaks to these industry concerns by providing security built into all system layers as well as consolidation and simplification of security management, encryption options for protecting sensitive data and cryptographic acceleration with centralized key management.
For more information about IBM, visit www.ibm.com