Eighty percent of the data on mobile phones is encrypted, according to a 2017 Solitaire Interglobal study, because it’s easier to encrypt data on millions of identical devices. Encryption is often largely absent in corporate and cloud data centers because current solutions for data encryption in x86 environments can dramatically degrade performance (and user experiences), and can be too complex and expensive to manage.
A recent study found that extensive use of encryption is a top factor in reducing the business impact and cost of a data breach. To put that in context, the IBM X-Force Threat Intelligence Index reported that more than four billion records were leaked in 2016, which was a 556 percent increase from 2015.
Regulatory bodies are establishing standards in response to growing security concerns. These include:
- · The European Union, for example, has established the General Data Protection Regulation (GDPR), that will increase data protection requirements for organizations doing business in Europe starting next year. GDPR will require organizations to report data breaches to the regulatory authority within 72 hours and face fines of up to four percent of annual worldwide revenues or 20 million Euro, unless the organization can demonstrate that data was encrypted and the keys were protected.
- · At the U.S. Federal level, the Federal Financial Institutions Examination Council (FFIEC), which includes the five banking regulators, has provided guidance on the use of encryption in the financial services industry.
- · Recently, the New York State Department of Financial Services published requirements regarding encryption in the Cybersecurity Requirements for Financial Services Companies.
Three years ago, as it began the design process for the next generation of its iconic mainframe, our customers — representing the banking, retail, insurance and healthcare industries — asked if the massive scale of the world’s biggest transaction engine could be extended at the same massive scale for data security. In the end, more than 150 companies had a say in the development of IBM Z.
The new system is capable of running more than 12 billion encrypted transactions per day and also introduces a breakthrough encryption engine that, for the first time, makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time. The system’s advanced cryptographic capability now extends across any data, networks, external devices or entire applications – such as the IBM Cloud Blockchain service – with no application changes and no impact on business service level agreements.
Building on the capabilities of the world’s most powerful transaction engine at the center of global commerce today, the IBM Z supports:
- · 87 percent of all credit card transactions and nearly $8 trillion in payments a year.
- · 29 billion ATM transactions each year, worth nearly $5 billion per day.
- · Four billion passenger flights each year.
- · More than 30 billion transactions per day, or more than the number of Google searches every day.
- · 68 percent of the world’s production workloads at only six percent of the total information technology (IT) cost.
Banks and others in the financial services industry process thousands of transactions per second to keep the world’s financial systems running. The mainframe is more critical than ever for reliably handling high volumes of transaction data. Today, 92 of the world’s top 100 banks rely on the IBM mainframe because of its ability to efficiently process huge volumes of transactions.
Addie Buissinne, Executive for Financial Solutions at Emid, a subsidiary of EOH, says they took their retail banking and lending platform (C4) to the cloud 15 years ago, using IBM Z because it is highly efficient, scalable and offers unrivalled stability. They for example took a client from first engagement, to opening and transacting on 160,000 accounts in just a few months, and this had no impact on the performance level of the mainframe. Given the resilience of IBM Z, they have achieved uptime and stability rates unmatched by any other alternative.
My company believes that organizations should not wait to assess data risks and obligations, and instead, should proactively secure vital data. Businesses should prepare through a broad range of capabilities, which not only include technology, data governance, security and policy, but also people and processes.
Securing data should be seen as an opportunity. The process can accelerate digital transformation, if done properly, by introducing more efficient and integrated data processing. IBM has long held the position that privacy is foundational to trust and investing in a sustainable, governed data asset and data security can be a competitive advantage for businesses.