IBM Z and LinuxONE - IBM Z

IBM Z

The enterprise platform for mission-critical applications brings next-level data privacy, security, and resiliency to your hybrid multicloud.

 View Only

Protecting data sets the easy way

By Rebecca Levesque posted Fri December 29, 2023 02:49 PM

  

A large US credit card company had an initiative to encrypt all their data before the end of the year.  The goal was very aggressive based on the amount of data to encrypt, the discovery of data to be accomplished (What data do they have?  How should it be classified?  How many copies are there and where are they?  Who’s the owner of the data?), and the effort to encrypt the data and manage the keys going forward.

The pressure to encrypt for this customer and many others is coming from senior management, internal and external auditors, and increasing regulatory compliance.  The focus for noncompliance penalties and further remediation centers around breaches of non-encrypted or non-redacted personal information breached.  The customer understands encryption is key to their strategy, but they are not alone in the challenge to encrypt.  Ponemon Institute’s 2022 Global Encryption Study states “a barrier to a successful encryption strategy is the ability to discover where sensitive data resides in the organization.”

·       72 percent of respondents experienced at least one data breach

·       47 percent state that employee mistakes continue to be the most significant threats to sensitive data

·       55 percent of respondents say discovering where sensitive data resides in the organization is the number one challenge

·       32 percent cite budget constraints as a barrier

To address the shortcomings and gaps in the current processes the customer was looking for a solution to automate more of the process and provide auditability, with as little application disruption as possible.  Because financial and personal data is most likely to be housed on the customer’s IBM Z system of record, their best approach to data set level encryption was through a complete and easily accomplished systematic software capability.  They leveraged the capabilities of IBM z/OS Data Set Mobility Facility (zDMF) to provide that solution and enhanced it further by pairing it with the IBM Z Batch Resiliency (IZBR) product offering.  IZBR augments the encryption and key rotation process by providing data usage and dependency mapping for easier implementation of data set level encryption and key rotation.

1 comment
19 views

Permalink

https://community.ibm.com/community/user/blogs/rebecca-levesque/2023/12/29/protecting-data-sets-the-easy-way

Comments

Aileen Wynne
Wed January 03, 2024 10:37 AM

The requirement to encrypt data is getting stronger all the time.  I believe it will become mandatory for certain classes of data, sooner rather than later.