IBM Systems

Pervasive protection

January 30, 2018 | Written by:

Perhaps as many as 45,000 cyberattacks occur around the world each day.[1] It’s easy to understand why cybersecurity is the top IT spending priority for businesses large and small, and has been for years.[2]

Data breaches are costly. In the United States, the average cost of lost business from a data protection failure reached $4.13 million per incident in 2017. Around the world, the average cost for a single lost or stolen record containing sensitive and confidential information topped $141 dollars, with some companies losing tens of thousands of records at a time, if not millions. Increased customer turnover, additional customer acquisition activities, damaged reputation and diminished goodwill all contribute to the cost of a data breach. And don’t kid yourself; security analysts estimate there’s more than a 27 percent chance that your organization will have a material data breach in the next 24 months.[3]

Recognizing the need and the opportunity, IBM Z has developed a new suite of data protection technologies collectively labeled “pervasive encryption.” Essentially, pervasive encryption means that IBM Z mainframes now encrypt data at the host level, in-flight across the network, and at rest in storage. The benefits can be significant. Pervasive encryption can:

  • Decouple encryption from data classification
  • Reduce the risks associated with undiscovered or misclassified sensitive data
  • Make it more difficult for attackers to identify sensitive data
  • Help protect an organization’s digital assets

Pervasive encryption provides a transparent approach to enable extensive encryption of data. IBM DS8880 data systems and the IBM TS7700 family of virtual tape solutions both provide transparent encryption. Because of their integration with IBM Z and their abilities to access IBM internal integration capabilities, cross-teaming, testing, and design resources, DS8880 and TS7700 storage solutions can offer powerful advantages over non-IBM storage systems.

TS7700 virtual tape solutions offer excellent examples of how IBM Storage complements the IBM Z pervasive encryption strategy. TS7700 is now in the fifth generation of IBM tape virtualization products for mainframes. TS7700 solutions help mainframe users to implement a fully-integrated tiered storage hierarchy of disk and tape and leverage the benefits of virtualization. Powerful grid architecture capabilities offer interconnection of TS7700 tape systems to form a variety of grid configurations that can provide availability and disaster recovery.

TS7700 systems provide a number of additional data protection features such as support for an external encryption key manager or internal encryption key management, encryption-enabled disk drives, encryption-capable tape drives and the ability to manage the use of encryption and keys down to the individual storage pool level. TS7700 systems also offer Secure Data Erase to help manage the security of old data. And of course, tape offers the advantages of portability and encryption, which allows for an “air gap” between data and online hackers, providing an effective safeguard against cyberattacks.

Data protection is a key component in creating business value, supporting business growth and enabling consistent worker productivity. IBM mainframe users are already starting to implement pervasive encryption as part of their corporate data protection strategies.

Thanks to their data protection and encryption features, plus their unique integration with IBM Z, TS7700 and DS8880 systems offer powerful complements on the storage side for mainframe-based enterprises moving ahead with the latest data protection solutions.

Find more information here.

[1] SparkCognition: SparkSecure (

[2] ESG Research Report: 2017 IT Spending Intentions Survey, March 2017

[3] Ponemon Institute: 2017 Cost of Data Breach Study: Global Overview, June 2017 (