WINDOWS AZURE PLATFORM - GSE Belux | Think global - Act local
The valiue of zEnterprise - GSE Belux z...Contact your IBM representative or Business Partner for...
Transcript of The valiue of zEnterprise - GSE Belux z...Contact your IBM representative or Business Partner for...
© 2013 IBM Corporation
OPEN PLATFORM, SECURE FORTRESS
The Value of zEnterprise
Hans Schoone – Chief Architect zSecure and Manager IBM Security Systems Lab NL, STSM
© 2013 IBM Corporation2
Trademarks
Notes: Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.This information provides only general descriptions of the types and portions of workloads that are eligible for execution on Specialty Engines (e.g, zIIPs, zAAPs, and IFLs) ("SEs"). IBM authorizes customers to use IBM SE only to execute the processing of Eligible Workloads of specific Programs expressly authorized by IBM as specified in the “Authorized Use Table for IBM Machines” provided at www.ibm.com/systems/support/machine_warranties/machine_code/aut.html (“AUT”). No other workload processing is authorized for execution on an SE. IBM offers SE at a lower price than General Processors/Central Processors because customers are authorized to use SEs only to process certain types and/or amounts of workloads as specified by IBM in the AUT.
* Registered trademarks of IBM Corporation
The following are trademarks or registered trademarks of other companies.
* Other product and service names might be trademarks of IBM or other companies.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Windows Server and the Windows logo are trademarks of the Microsoft group of countries.ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. UNIX is a registered trademark of The Open Group in the United States and other countries. Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.
The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
© 2013 IBM Corporation3
“All clients are experiencing the phenomena of what we call ‘front office transformation’ – social media, devices, mobility – all reshaping the way they want to engage their customers, and how they capitalize on big data and analytics.”
– Ginni Rometty Chairman, President and CEO IBM
Cloud, analytics and mobile aren’t simply remaking computing … they are revolutionizing business models
A Defining Moment Is Before Us
© 2013 IBM Corporation4
90% of the world’s data was created in the last two years, but 1 in 2 business leaders don’t have access to data they need.
Enterprises see private cloud as the on ramp to cloud for the next 24 months.
BYOD challenges are
top of mind with 58% of users admitting using their own devices to access their employers network every day.
External threats are rated as a
big challenge with
two- thirds of CISOs expect to spend more on security over the next two years.
Business and IT face significant challenges in all of these areas
© 2013 IBM Corporation5
The real question: Will your infrastructure block or enable change?
Only 1 in 5 clients have highly efficient IT infrastructures
allocating 50% more of their IT budget to new projects1
1IBM, Data center operational efficiency best practices, April 2012.
© 2013 IBM Corporation6
Cloud Ready Highly scalable, agile heterogeneous enterprise private cloud
• Elastic, virtually limitless expansion• Shared everything design• Secure hybrid computing with
centralized management• Built on open industry standards
Data Ready Enterprise data repository that integrates operational analytics for accelerated insight• Enterprise data hub• High-volume secure and reliable
transaction processing• Integrated, real-time operational
analytics
Mobile Ready Connecting backend systems to mobile devices to turn each interaction into an opportunity• Build and connect to back end systems• Secure and manage with the highest
level of security• Extend and transform capabilities to
mobile devices
Security ReadyTrusted security and reliability for critical business processes, applications and data
• Ultimate data security protection
• Built-in cryptography• Unmatched resiliency and
availability
IBM continues to redefine and extend the role of the mainframe to deliver new strategic capabilities and deeper client value
© 2013 IBM Corporation7
Banking
Retail
Insurance
Mobile
Government
Healthcare
Education
Building better customer experience provides industry advantage
Financial institutions detect fraudulent money laundering activities and offer reliable and secure mobile applications for anytime, anywhere banking services.
Retailers boost revenue through discovery of customer buying behaviors and ensure compliance with Payment Card Industry (PCI) data security standards.
Healthcare payers and providers secure patient data and comply with HIPAA while creating real-time data insights to deliver more effective, preventative healthcare services at lower costs to patients.
Universities provide students secure, flexible virtual desktops and real-time access to university information systems to improve the student experience.
City Governments expand and coordinate and administer city services through citizen-centric applications.
Insurers rapidly develop and provide new offerings at lower costs and discover suspicious claims before payment to minimize loss.
© 2013 IBM Corporation8
Banking
IBM Smarter Analytics Anti-Fraud Infrastructure for zEnterprise: Architecture for banking fraud prevention on System z.
Insurance
IBM Genelco Insurance Administration Solution: Customer-centric and rules-based core Life, Health and Annuity solution.
Smarter Cities
• Intelligent Operations Center: Integrated data visualization, real-time collaboration and deep analytics to help city agencies.
• Social Services (Curam): Secure end-to-end social program service delivery, meeting citizens’ needs.
• Asset Management (Maximo): Support weapon systems, facilities, transportation and IT assets with a single platform.
Healthcare
• IBM Health Plan Integration Hub: Code and policy management supporting ICD-10 and future transformations.
• IBM Smarter Analytics Signature Solution: Anti-Fraud, Waste and Abuse for Healthcare: Analytics to detect suspicious claims before payment.
Retail
IBM zEnterprise Smarter Analytics for Retail: Customer analysis and business performance management
Enabling solutions that drive business value
© 2013 IBM Corporation9
Organizations embracing these technologies are reshaping the value and customer experience they deliver
What if you could deliver new services
more quickly to enable rapid business growth
while reducing IT system and admin
costs?
What if you could more quickly and nimbly
enrich the customer experience with
increased product personalization?
What if you could use real-time operational analytics to deliver
individualized services and promotions to
customers?
What if you could create the ultimate
security environment, including an enterprise-
wide encryption service?
Secure cloud portal provides flexible
environment that cuts data center costs by
70%, while supporting 24X7 availability.
Cloud and mobile banking solution
brings the branch to the client and enables
personalized client services.
Enhanced data analytics hub
provides fast access to vital insights for
development of new products and services
Cryptographic coprocessors
secure 2B transactions / year
with enterprise-wide encryption services
© 2013 IBM Corporation10
Data Server of ChoiceStack Performance: • Get workload done faster• Scale capacity with workload• Co-optimize HW and SWData-serving:• Deliver more data … fasterBusiness Analytics:• Workload-optimized• Integrated stack• OLTP -> OLTAP
Most Secure & ReliableSecurity• Auditable protection of data• Isolation for multi-tenancy• Simplify management &
complianceSystem Availability• Apply analytics to IT operationsSysplex Availabiity• Enhanced GDPS• Active-active solutions• Asynchronous data replication• Simplification and autonomics
Enterprise Cloud LeadershipEnterprise Cloud• Enable cloud-based delivery • Dynamic shared infrastructure• Common Cloud Open Stack Heterogeneous Workloads• Linux consolidation• Extend platform management • Integrate mobile workloads • Cross-platform integration
1 All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
DB2 for z/OS andIBM DB2 Analytics Accelerator
OLTP Transactions
Operational analytics
Real time data ingestion
High concurrency
Advanced analytics*
DB2 Native Processing
Standard reports
Complex queries
Historical queries
OLAP
Strategic Priorities for System z
© 2013 IBM Corporation11
Semiconductor Technology
Microprocessor Design
Systems Design
Virtualization & Operating Systems
Compilers, Tools & Java Virtual Machine
Optimized Middleware
Java
Data Ready Security ReadyCloud Ready
Business Analytics
System z: Integrated by design
© 2013 IBM Corporation12
Technology driversSilicon speed and Multi- Core Technology
Accelerators
Virtualization management
Compute needs driven by new combinational workload characteristics
Data access, latency and networks
© 2013 IBM Corporation13
Data Compression Acceleration
High Speed Communication Fabric
Flash Technology Exploitation
Proactive Systems Health Analytics
Hybrid Computing Enhancements
Reduce CP consumption, free up storage & speed cross platform data exchange
Optimize server to server networking with reduced latency and lower CPU overhead
Improve availability and performance during critical workload transitions, now with dynamic reconfiguration; Coupling Facility exploitation (SOD)
Increase availability by detecting unusual application or system behaviors for faster problem resolution before they disrupt business
x86 blade resource optimization; New alert & notification for blade virtual servers; Latest x86 OS support; Expanding future roadmap
zEDC Express
10GbE RoCE Express
IBM Flash Express
IBM zAware
zBX Mod 003; zManager Automate; Ensemble Availability Manager
zEnterprise compilers (COBOL, PL/I, C/C++) provide an optimized application infrastructure for increased software performance
New innovations available on zEC12Do a Proof of Concept today!!!
© 2013 IBM Corporation14
The Ultimate Virtualized System
Massive, robust consolidation platform
60 logical partitions, 100’s to 1000’s of virtual servers under z/VM
Virtualization is built in, not added on (Processor and I/O)
HiperSockets for memory-speed communication, as well asVirtual Hipersockets via Guest LANs in z/VM
Most efficient hypervisor function available
Sysplex (Single System Image Clustering)
Intelligent and autonomic management of diverse workloads and system resources based on business policies and workload performance objectives:
IBM Mainframe
CPU 1 CPU 2 CPU 3 CPU 4
Partitioning Firmware
z/VM z/VM z/VM
• Utilization often > 80%
• Handles peak workload utilization of up to 100% without service degradation for high priority workloads
Linux
ERP JavaAppl.
WebSphere®LegacyNative Linux
DB2IMS CIC
SIMS
Busine ss
Object s
JVMz/OS z/VM
DB2
Linux
z/OS
SAPUNIX®
Systemservices
JVM
Business Objects
z/VM
Java Appl
Java Appl C++Java
DB2
Linux forSystem z Linux
for System z
Linuxfor
System z
CICS®
DB2®
IMS™
HiperSockets
© 2013 IBM Corporation15
Delivering to Smarter Computing with zEnterprise Hybrid computing on System z keeps getting smarter
Current FocusMonitor and management of heterogeneous resources.DataPower XI50z appliance can help simplify, govern, and enhance the security of XML, Web and IT services Support for AIX on POWER7, and Linux and Windows on System x.Extending mgt functions of Unified Resource Manager with APIsSupport of zBX on zEC12Enhanced Tivoli monitoring, discovery and availability/automation for zBX resourcesImage mgmt support for x86 and power blades though ISD
CPU Management for x86 blades (Automate Bundle)GDPS automated site recovery for zBXSupport of next generation hardware technologies in the zBXEnsemble Availability Manager –monitoring and reportingSupport for additional versions of Windows Server and Linux zBX firmware currencyStand-alone zBX nodeSupport for next generation DataPower Appliance
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Support of zBX with the next generation serverTechnology configuration extensions in the zBXCEC and zBX
– Continued investment in proving the virtualization and management capabilities for hybrid computing environment
– Enablement of Infrastructure as a Service (IAAS) for Cloud
Unified Resource Manager Improvements and extensions
– Guest Mobility– Monitoring Instrumentation– Autonomic Management
functionsIntegration with STG PortfoliozEnterprise and STG will continue to leverage the Tivoli portfolio to deliver enterprise wide mgmt capabilities across all STG systems
Delivery of new hybrid function
Future Vision
15
Vision:zEnterprise is a hybrid system and always will be zEnterprise will continue to invest in improving the virtualization and management capabilitieszEnterprise will seamlessly integrate with emerging Cloud-based IT management paradigmszEnterprise will more tightly integrate with STG Portfolio over time zEnterprise and STG will continue to leverage the Tivoli® portfolio to deliver enterprise wide management capabilities across all STG systems including PureSystems
© 2013 IBM Corporation16
When paying bills on-line all my account information is available
to only those authorized
My personal data is safeguarded when dealing with my healthcare
provider
For businesses: The threats are real, and the cost can be dramatic
94%Of 599 companies surveyed had security breaches and only 7% were aware they had been breached
60,000 per dayThe average number of times an
IT infrastructure is attacked
An integrated environment provides protection against threats…
How can you be sure your personal information is security ready?
© 2013 IBM Corporation17
As a result, the Security market is shifting
Source: Client Insights 27-Jun-11, An Evaluation of the Security & Risk Opportunity; Assessing a New Approach to Competitive Differentiation, Ari Sheinkin
Traditional FocusGovernance and Compliance
Emerging FocusRisk Management
Security strategy React when breached Continual management
Speed to react Weeks/months Realtime
Executive reporting None Operational KPIs
Data tracking Thousands of events Millions of events
Network monitoring Server All devices
Employee devices Company issued Bring your own
Desktop environment Standard build Virtualization
Security enforcement Policy Audit
Endpoint devices Annual physical inventory Automatically managed
Security technology Point products Integrated
Security operations Cost Center Value Driver
17
© 2013 IBM Corporation18
Intelligence Integration ExpertiseIBM’s security framework…
Data Understand, deploy, and properly test controls for access to and usage of sensitive data
Data Understand, deploy, and properly test controls for access to and usage of sensitive data
People Mitigate the risks associated with user provisioning and access to corporate resources
People Mitigate the risks associated with user provisioning and access to corporate resources
Applications Keep applications secure, protected from malicious or fraudulent use, and hardened against failure
Applications Keep applications secure, protected from malicious or fraudulent use, and hardened against failure
Infrastructure Help protect and maintain compliance of networks, servers, storage, endpoints and mobile devices
Infrastructure Help protect and maintain compliance of networks, servers, storage, endpoints and mobile devices
Security Intelligence and Analytics Optimize security management with additional context, automation and integration across domains
Security Intelligence and Analytics Optimize security management with additional context, automation and integration across domains
18
© 2013 IBM Corporation19
System z Security Infrastructure: Architected and IntegratedIntegrated security server provides the foundation for consistent identity and access mgmt across the stack
One policy across z/OS resource managersIntegrated Public key infrastructure reduces cost and risk of managing digital ids
Integrates w/RACF and utilize HW crypto for the security of keys
Integrated accelerated tamper proof Hardware Cryptography Open standards with Enterprise IBM PKCS #11 targeted to the public sector
– IBM’s Common Crypto Architecture (CCA) supporting needs of banking and financeEnterprise management of keys and certificates targeting for financial customers
Memory protection to protect your most critical transactional systemsUse Application Transparent Transport Layer Security to secure sensitive communications without incurring costly application changes
Secured connection with Linux® virtual servers (Linux for IBM System z®) in the boxIntra-Ensemble Data Network point to point and non-sniffable
Consistent auditing and reporting using a centralized model Strong focus on crypto functions required by the Banking/Finance industriesCentralized hardware based key management
Middleware
EAL5 certified
Network
Hardware
z/OS – RACF, z/OS PKI Services, ICSF,
SSL
Architecture
Administration
Virtualization
19
“The IBM Crypto Express3 coprocessors are very fast—we get an average execution time of less than 50 microseconds, equating to 2,000 transactions per second. They cut down on latency so much that data can be moved almost in real time.” - —Tom Kesselring, Vice President for Mainframe and Non-stop Systems at Vantiv
© 2013 IBM Corporation20
Centralized Integrated Security Authentication / Authorization / Administration / Auditing– Application and database security without modifying applications– Use WebSphere® with RACF® for end-to-end, authentication and
authorization
Granular security implementation for DB2®, CICS®, IMS™, WAS, MQSeries®
and z/OS® resourcesProtecting data InfoSphere™ Guardium® Data EncryptionLabeled DB2 and z/OS security for secured multi-tenancy
Integrated LDAP capabilities provide enterprise application registryOptimized Java environment permits transparent use of platform securityOpen PKCS#11 Crypto facilitates the porting of applications
Support of System Secure Sockets Layer (SSL), digital certificates, and key repositoriesBuilt-in defenses to ensure high availability of the system against denial-of-service attacks Network IPS front end fraud and threat detection
Granular and detailed logging provided by z/OS Resource Mangers – eg -DB2, CICS, IMS, MQ and z/OS
Provides the basis for capabilities with zSecure and Guardium®20
Middleware
EAL5 certified
Network
Hardware
CICS, IMS, WAS Applications
DB2, IMS, VSAMMessages&Queues
Architecture
Administration
Virtualization
© 2013 IBM Corporation21
Consolidation onto the mainframe can improve security High assurance
– Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standardized fashion.
– Third party scrutiny
Integrated Secure Virtualization– Isolation between workloads, virtual servers and tenants
Integrated Secure Networking – Traffic that stays within the box to reduce the potential for network data leakage– Protecting data in flight, protect system resources from network attacks
Integrated Data Protection– Strong access controls – Integrated data protection with encryption technologies
Security Centralization – Single point of controls to simplify configuration and management– Collapse multiple tiers to reduce attack surface – Centralized Security services – "Security as a Service"
Choice – Solutions that grow the value of System z HW & SW and facilitate consolidation and improve security posture
© 2013 IBM Corporation22
Digital certificate hosting with z/OS PKI ServicesA Certificate Authority solution built into z/OSCan provide significant TCO advantage over third party hostingProvides full certificate life cycle mgmt– User requests driven via Web pages– Browser or server certificates– Automatic or administrator approval
process– End user/administrator revocation process
• Supports CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol)
– Supports SCEP (Simple Certificate Enrollment Protocol) for network device certificate lifecycle management
– New with z/OS R13 Support for the Certificate Management Protocol (CMP)
User requests certificate
Administrator generates and
distributes certificate
Requestor signs
message
Receiver verifies requestor’s signature
Administrator revokes
signature
Certificate expires
Banco do Brasil saves an estimated $16 M a year in digital certificate costs by using the PKI services on z/OS
22
© 2013 IBM Corporation23
IBM Enterprise Key Management Foundation for Integrated Key Management
IBM Enterprise Key Management Foundation powered by DKMS Centralized key lifecycle management with single point of control, policy, reporting, and standardized processes for compliance
– EMV & PCI Standards
EKMF provides proven experience in the enterprise key managementspace
– Capabilities tailored to the needs of the banking and finance community
– Adherence to key banking and finance standards
Trusted Key Entry (TKE) workstation provides a secure environment for the management of crypto hardware and host master keys
ISKLM for z/OS provides proven key serving and management for self encrypting tape and disk storage capabilities to devices
The capabilities of EKMF, TKE, and ISKLM provides an optimum solution that addresses the needs of multiple client and marketplace needs
Disk Storage
Array
Enterprise Tape Library
TKE for Crypto Express Hardware
managementEKMF for application
key management
Tape devices
EKMF ISKLM
2323
Delivers customers a security-as-a-service offering that efficiently manages millions of keys and quickly processes payments at extreme scale, while meeting the latest industry standards.
© 2013 IBM Corporation24
IBM Security zSecure suite Overview
IBM SecurityzSecure Suite
IBM Security zSecure AdministrationzSecure Admin:
• Improves security at lower labor cost• Also saves cost by:
o Avoiding configuration errorso Improving directory mergeso Efficient group management
zSecure Visual:• Permits changes in minutes vs. overnight• Provides access for only current employees &
contractors (better business control)• Enables segregation of duties (minimizing
business risk)• Aids in reducing labor cost and errors
© 2013 IBM Corporation25
IBM Security zSecure suite OverviewIBM Security
zSecure Suite
IBM Security zSecure Compliance and Audit
zSecure Audit:– Reports can match business model/requirements– Prioritizes tasks (optimize labor utilization)– Helps find “segregation of duties” exposures (reduces
risk)
zSecure Alert:– Allows capture of unauthorized “back door” changes to
RACF / security policies– Addresses real time audit control points
zSecure Command Verifier– Audits RACF admins’ changes– Offers security monitoring without additional CPU/cost– Audit in seconds vs. days– Prevention instead of after the fact
© 2013 IBM Corporation26Note: ACF2 and Top Secret are either registered trademarks or trademarks of CA, Inc. or one of its subsidiaries.
IBM Security zSecure suite Overview
Permits you to perform queries and administration manually or by API from a CICS environment, freeing up native-RACF resources
Combined audit and administration for RACF in the VM environmentIBM Security
zSecure Suite
© 2013 IBM Corporation27
Key Characteristics
Single Integrated ApplianceNon-invasive/disruptive, cross-platform architectureDynamically scalableSOD enforcement for DBA accessAuto discover sensitive resources and dataDetect or block unauthorized and suspicious activityGranular, real-time policies
– Who, what, when, how
Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc.
Growing integration with broader security and compliance management vision
IBM Guardium Provides Real-Time Database Security and Compliance
Continuous, policy-based, real-time monitoring of all database activities, including actions by privileged users
Database infrastructure scanning for missing patches, misconfigured privileges and other vulnerabilities
Data protection compliance automation
Integration with LDAP, IAM, SIEM,
TSM, Remedy, …
27
© 2013 IBM Corporation28
zSecurez/OSRACFACF2, Top SecretCICS, DB2
Event Correlation
Activity Baselining & Anomaly Detection
User Activity
Threat Intelligence
Configuration Info
Offense Identification
Security Devices
Network/Virtual Activity
Application Activity
Vulnerability Information
Servers & Mainframes
Database Activity
Network/Virtual Activity
Extensive Data Sources Deep Intelligence
Exceptionally Accurate and Actionable Insight+ =
Centralized view of mainframe and distributed network security incidents, activities and trendsBetter real-time threat identification and prioritization correlating vulnerabilities with zSecureSMF and logger data feeds with zSecure Audit and AlertProduces increase accuracy of risk levels and offense scores, and simplified compliance reporting
zSecure and QRadar improve your Security Intelligence
zSecure on z/OSz/OSRACFACF2, Top Secret
TCPIPFTPTN3270
CICS, DB2
Offense Identification
Event Correlation
Offense Identification
Activity Baselining & Anomaly Detection
Event Correlation
Offense Identification
• IP Reputation• Geo Location
© 2013 IBM Corporation29
Component Mainframe Distributed
Data Encryption Built in, scalable, tamper resistant encryption – bullet proof Typically third party appliances requires integration - more expensive and potentially more vulnerable
Integrated Security across the lifecycleof data
From transaction to archive, from access to network to storage, data access and encryption is integrated into the platform
Requires multiple components and add on SW solutions with different key's, policies, and procedures.
Consistent Policy Based Access
Consistent policy based access and authentication with a single point of control for accountability
Multiple tools with different access controls, & different repositories increases risk of unauthorized access
Secured Isolation Workload protection of customer data with hardware enforced isolation
Multiple isolated solutions without the advantages of central control making data on cloud more vulnerable to interception
Public Key Infrastructure
Built in secure, highly available centralized key repository
and management
Appliances can create single points of failure and be difficult to achieve highly scalable configurations
Auditing Granular auditing using extremely detailed records for accurate and comprehensive reporting
Multiple often inconsistent audit systems making regulatory compliance difficult
Network Security Network security built-in – secured HiperSockets™ and networks also provides economic, secure communication to IBM zEnterprise® BladeCenter® Extension (zBX) and within the CPC
Lack of built in security requires more firewalls and additional secured network infrastructure
System z “built in” at every level provides maximum protection - x86 bolted on security provides opportunities for vulnerabilities and complexity
29
© 2013 IBM Corporation30
IBM System z has Secured Systems for over 40 Years. IBM is Security Ready.
Security, Built-in, by Design “The mainframe has survived many challenges …. IBM has done this by keeping the IBM System z platform up to date with the changing times, while retaining the fundamental characteristics such as security that define enterprise-class computing at the highest level.”* *Masabi Group, David Hill, Analyst, November 14, 2012
Security Innovation Spanning Four Decades1970
Hardware Cryptography
1977DES Encryption
Unit
1985Crypto Operating
System
2013Enterprise
Key ManagementFoundation
2004Multilevel
Security MLS
2012RACF Evaluated
at EAL5+
30
© 2013 IBM Corporation31
Enterprise data hub
High-volume transaction processing
Process complex analytics queries up to 2000x faster
Manage tens of thousands of virtual servers in a single system
Elastic, scalable, virtually limitless expansion
Shared everything design
Hybrid computing
Ultimate security
Built-in cryptography
Unmatched resiliency and availability
Delivers the highest certification level for enterprise-class servers
Real-time operational analytics
IBM zEnterprise: The modern mainframe