Through the lens of a new wave of technological advances built around advanced analytics, artificial intelligence (AI), machine learning, container development, blockchain, cloud and data security, there’s a shift occurring in how IBM Z systems (and LinuxONE systems) are being used and leveraged. These systems are being refreshed with features around Linux, pervasive encryption, virtualization and performance—all integrated on a common hardware platform.
The latest cryptographic hardware in mainframes addresses enterprises that need extra security layers for sensitive data, touting the need to increase data protection and thwart possible hacking attempts. For any enterprise that integrates cloud, AI or other advanced technologies, this fulfills the need for better data security. And with every new mainframe hardware and Linux software update comes more security on top of pervasive, end-to-end data encryption.
SUSE Linux Enterprise Server for z Systems and LinuxONE 12 and delivers virtualization and security enhancements that are essential in today’s security-conscious world. More specifically, by leveraging IBM Z hardware, SUSE Linux Enterprise enables end-to-end data encryption (aka, “pervasive encryption”) today. While the latest crypto hardware in the IBM z14 system is not yet exploited, we can leverage the compatibility mode of the latest crypto cards for hardware acceleration of encryption and decryption. This is not exploiting crypto to its full potential yet, but SUSE is working together with IBM to get this enabled in the future.
Considering that 90 of the top 100 IBM Z Enterprises are running Linux on z as of 2Q17 (based on IBM Z data from July 19, 2017; top 100 is based on total installed MIPS), it is imperative that Linux supports and leverages the key security features of the Z hardware as much as possible.
The combination of SUSE Linux Enterprise and the Z hardware delivers security at every level for maximum, end-to-end data protection:
- Data encryption is built-in, cost-effective, scalable and tamper resistant
- Advanced cryptography is handled at multiple levels, with cryptographic co-processors that are optimized for encryption functions
- Security, including data access and encryption, is integrated across the entire platform and instituted into the software lifecycle
- Consistent, policy-based access and authentication provides a single point of control
- Data is protected with hardware-enforced tenant isolation
- Public Key Infrastructure provides a centralized key repository and management that is built-in, secure and highly available
- Auditing provides granular and detailed tracking of events for accurate and comprehensive reporting
- Network security is enhanced with secure and direct memory communications between partitions, reducing the need for additional secured networks.
Pervasive encryption enablement with negligible impact to performance is core to the IBM Z value. By hosting solutions on SUSE Linux Enterprise Server for z Systems and LinuxONE, customers can reap the benefits of the exceptional levels of security offered by these systems.
Jeff Reser | @JeffReserNC