3 min read
IBM z15 Mainframe & Secure Key Management for FS Platforms
Cryptomathic : 17. November 2021
Banks continue to feel the profound transformational effects that digital technologies have on their business. This can be seen in the creation and acceleration of new business activities, models, competencies, and processes.
Like many other businesses, banks and other financial institutions must also embrace this digital transformation to remain competitive among their peers and to continue to grow. Adopting agile processes and new technologies will enable them to deliver services and experiences that their customers demand or do not even know that they need just yet.
However, for banks to go through their digital transformation, they must also ensure that infrastructure security is maintained, and the privacy of data remains well-protected. On top of those challenges, they must also adhere to compliance requirements that continuously evolve and maintain 24/7 availability. This puts extreme pressure on IT departments who must securely deliver these transformative services while providing ongoing support and management under tight budget and time constraints.
IBM z15 the Answer to Digital Transformation Challenges
The answer to many of the challenges that banks face during digital transformation is the IBM z15, which offers the enterprise platform they need for moving mission-critical processes to hybrid multi-cloud. It provides scalability with a universally available platform that enables business growth while reducing cost and protecting existing investments. The z15's platform provides the hardware infrastructure needed to balance such capabilities, such as cryptography, to create a fortified perimeter around critical data.
Business continuity is always a concern for businesses, especially for the banking sector. IBM's z15 addresses these concerns by offering:
- System Recovery Boost - allows for faster restoration of services and workload catch up from and after planned and unplanned outages than its Z predecessors without the additional costs of IBM software.
- Integrated Accelerator for z Enterprise Data Compression - reduces the cost to store, transport, and process data without changing applications.
- IBM Z Data Privacy Passports - protects data for, not only the IBM Z, but across multi-cloud environments without application changes.
IBM z15, the Industry-Leading Platform for Banks
The z15 is poised to extend IBM Z's position as the industry-leading platform for mission-critical hybrid cloud.
Data Privacy and Security
IBM z15's pervasive encryption encrypts all data, whether in the cloud, onsite, at rest, or in use with any application, database, or cloud service using:
- IBM Z Data Privacy Passports that allows data to assist in its own protection across platforms
- IBM Z Data Privacy for Diagnostics that protects sensitive data that may appear in diagnostic dumps
- Crypto Express 7S adapter that is newly introduced on the IBM z15 that is designed for blockchain and other highly secure applications that banks use
Business Continuity and Resilience
IBM Z is already known as the market leader for both uptime and resilience. Now the z15 helps banks and other financial institutions adapt to planned or unplanned events by keeping operations running continuously both onsite and in the cloud with:
- IBM System Recovery Boost that allows business to return to normal must faster not only for planned downtime for software maintenance and patching but for disaster recovery, too.
- Enhanced GDPS (Geographically Dispersed Parallel Sysplex). GDPS is an extension of Parallel Sysplex of mainframes located, potentially, in different cities. works with System Recovery Boost to expedite and streamline GDPS recover script execution that allows for easier planning and testing for such activities as:
- Site switches
- Business continuity activities
- Ability to comply with industry regulations
Hybrid Cloud Readiness
With the IBM z15, banks can build a hybrid cloud ecosystem and ensure flexible security, availability, and accessibility and deliver efficient and timely new services in their digital transformation. It provides the availability banks need for their mission-critical workloads and the security that is required in order to protect critical sensitive data.
The z15's comprehensive portfolio of IBM solutions is a perfect fit for banks deploying and supporting cloud environments and expand access to them, including:
- IBM Z software that helps integrate and manage the ideal cloud environment
- IBM Integrated Accelerator for z Enterprise Data Compression is included on each processor chip and uses industry-standard compression formats for compressing files to reduce data size that:
- Saves storage space
- Increases data transfer rates
- Reduces CPU consumption and costs associated with encrypting/decrypting, moving, processing, and manipulating compressed data
- Most importantly, the IBM z15 is designed to be ready for cloud data centers, whether in a colocation or a standardized facility managed environment.
Banking-grade key management for the IBM z/CCA world in the hybrid cloud
Cryptomathic's Crypto Crypto Key Management System (CKMS) fully integrates into the IBM z / CCA world in any location of the hybrid cloud. It allows banks and financial institutions to manage the key life-cycle and distribution of the cryptographic keys in a secure, compliant and automated way.
For 2 decades, Cryptomathic has developed key management solutions to securely manage key life-cycles for banking applications and integrate them seamlessly into the banks’ crypto architecture.
IBM’s opening to hybrid cloud architecture makes banking-grade and centralized key management with comfortable audit features and compliant processes even more important.
CKMS allows embedding IBM’s zSeries into a holistic and integrated crypto across the bank’s hybrid cloud.
The benefits include:
- Securely sharing keys between mainframe, on-premise and cloud applications
- Centrally managing the life-cycle of cryptographic keys at large scale
- Automating key management activities and on-line key distribution
- Reducing the risk of key compromise and human errors
- Providing tamper-evident audit and usage logs for compliance
- Based on industry-standard APIs and key-formats
References
- Selected articles on Key Management (2012-today) by Ashiq JA, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Peter Landrock, Peter Smirnoff, Rob Stubbs, Stefan Hansen and more
- Selected articles on Key Management in the Cloud (2017-today) by Matt Landrock, Rob Stubbs, Stefan Hansen, Ulrich Scholten, Joe Lintzen and more
-
NIST SP800-57 Part 1 Revision 4: A Recommendation for Key Management (2016) by Elaine Barker
- CKMS Product Sheet (2016), by Cryptomathic
-
White Paper – Deploying CKMS Within a Business (2017), by Cryptomathic
- Digital Bank: Strategies to launch or become a digital bank Kindle Edition (2014), by Chris Skinner