IBM's next-generation Z14 mainframe systems have arrived, and the watch-phrase is "full encryption." That means everything associated with a Z14—from applications to cloud services and databases—can be encrypted at all times with no appreciable performance hit, according to Big Blue.
It's a hook that should prove enticing to IBM's mainframe installed base, which tends to buy systems and then wait a few years for the next hardware release to refresh. (The Z13 arrived in early 2015). But the Z14's positioning also adds fuel to the online privacy debate, coming just a few weeks after the Five Eyes nations—the U.S., U.K. Australia, Canada and New Zealand—met to discuss encryption and national security.
"There is this clear trend among tech companies and cloud providers to basically stay the hell out of their clients' business, and this is what IBM's 'full Encryption' is all about," says Constellation Research VP and principal analyst Steve Wilson. "The company is saying that while they are providing sophisticated managed services, they are not watching or tracking how those services are used. They are promising that 'we cannot see your data, even if we wanted to.'"
This is the same promise being made by others, like Apple, which famously resisted the FBI's demand for a backdoor to an alleged terrorist's encrypted iPhone. "It's colliding with the interests of law enforcement, who are not accustomed to these absolute security features," Wilson says.
IBM's full encryption appears to be more sophisticated than cloud encryption to date, offering containers engineered to military-grade security standards. "This is a bit like a 'smart bank safety deposit box,'" Wilson adds. "The IBM containers don't just store secret data, they allow tenants to use the data and run their own processes, but still in complete secrecy, like a Swiss Bank.
Big Blue "has been promoting the quality and certification of its crypto, which I think is great to see," Wilson adds. "Every company needs to lift its game on behalf of clients. We need to see more systems built to standards like FIPS 140 level 3+ and Common Criteria level EAL 5+. IBM is in that league."
What will be interesting to see is how national security interests react to IBM's move. "I don't suppose terrorists will be buying main frames or renting space in IBM's cloud, so there is no need to panic," Wilson says. "And perhaps governments can try to negotiate with cloud providers some governance mechanisms that would keep bad actors out of the action, rather than banning this sort of capability for all businesses. We shall see."