Sergey Nivens - Fotolia


What to expect with pervasive encryption on IBM mainframes

Increased IBM mainframe security comes by way of pervasive encryption. Understand this new feature, and consider cost and performance concerns before you use it.

There are many reasons to embrace encryption. Equifax's security breach is one example of what happens when hackers...

breach firewalls and access unencrypted data. Financial enterprises want to use blockchain technology to record and manage monetary transactions, and Payment Card Industry compliance becomes stricter every year. To position the mainframe in this environment, IBM introduced pervasive encryption to its z14.

The basics of pervasive encryption

Pervasive encryption, which, in some ways, is an extension of existing mainframe security functions, requires IBM's latest processor, the z14, and version 2.3 of z/OS. Pervasive encryption acts as an extension to existing mainframe facilities, except that there is embedded cryptographic functionality. This makes the system seamless, ubiquitous and easy to control.

The new z14 processors have a Central Processor Assist for Cryptographic Functions (CPACF) on every core, which makes cryptographic functionality relatively quick and cheap. Users should buy a Crypto Express6S Peripheral Component Interconnect Express hardware security module (HSM). The HSM, in contrast to the CPACF, is outboard from the processor, which implies a certain amount of latency and overhead. Both facilities work together to support pervasive encryption.

IBM implemented part of pervasive encryption, called data set encryption, in data access methods and system-managed storage (SMS) facilities. This enables data set encryption at the individual data set level through SMS policy.

Data set encryption requires extended format files and encompasses most basic sequential files and all forms of Virtual Storage Access Method (VSAM) data sets. It does leave a couple curious holes by excluding partitioned data sets and tapes. Information Management System v14 allows data set encryption for a subset of data sets, while IMS v15 will have full support.

Users can encrypt the Coupling Facility cache and list structures as well through CF Resource Manager policy. IBM's z/OS encrypts the data for protection both in flight and at rest in the CF.

The z/OS's System Authorization Facility controls access to encryption keys and functions to very granular levels. This could lead to situations where someone may be authorized to read a data set but unable to decrypt it. This is the perfect setup for storage and database administrators.

Encrypted data doesn't compress well, according to IBM. Customers with z Data Encryption Cards should compress data before encrypting it. The system will do this automatically if a shop implements compression and encryption through SMS policy.

Cost, performance concerns

Cryptography is computationally intense, and customers should be legitimately concerned about the added cost.

IBM improved the z14's CPACF performance, surpassing the z13 version. A CPACF is also paired with each core, so you can invoke cryptographic functions at processor speed through a specialized set of machine instructions.

To boost performance without compromising security, IBM offers a secure key/protected key scheme. Secure keys live in tamper-proof hardware that users can only access through the HSM feature. When something needs a secure key, the system retrieves it through the HSM, wraps it in a unique private key generated for that OS instance and stores the protected key in the hardware system area, where only the CPACF and microcode can access it.

This implementation streamlines and hides crypto-operations from applications. When a program opens an encrypted file, the access method asks the system to retrieve the protected key. As the application asks for data, the access method retrieves and decrypts the physical record and presents a clear buffer to the caller. As the application writes information, the access method collects data into a buffer and encrypts the entire physical record as it goes to disk. In either case, working with data in blocks minimizes the number of cryptographic operations and CPU cycles.

IBM claims a lower than 5% overhead in encryption but recognizes that everyone's data is different. Therefore, it provides a version of z Batch Network Analyzer to estimate the cost based on actual customer data and z/OS Encryption Readiness Technology that tracks security standards with communication partners.

Additional limitations of pervasive encryption

Encryption is easy; managing keys is not. Most shops with cryptography experience are likely to have mature key management processes in place. For pervasive encryption, IBM has introduced and enhanced some tools to make it easier for the mainframe.

The lack of data set encryption for tapes is an interesting issue. Some utilities, such as data facility data set services and HSMs, will move data as encrypted, but other utilities, such as Access Method Services and Iebgener, do not. Make sure that you choose the correct tools because it's pointless to encrypt a VSAM master file only to Repro it to tape in the clear.

Is pervasive encryption right for you?

Enterprises with regulatory and confidentiality requirements should take advantage of data set encryption. The relatively easy implementation and transparency of data set encryption offers the least path of resistance to issues such as PCI compliance. Also, a well-deployed data set encryption policy will protect otherwise overlooked sensitive data.

CF encryption may be overkill with the exception of CF structures for log streams that contain sensitive data, such as a VSAM forward recovery log stream for a banking VSAM file.

Dig Deeper on IBM system z and mainframe systems