You are currently on IBM Systems Media’s archival website. Click here to view our new website.

MAINFRAME > Storage > Data Management

Encrypt and Protect

IBM Tivoli Key Lifecycle Manager solves security problems and meets new standards


TKLM Solves Problems

Now securing data automatically against theft or loss can be achieved with the simplest, most secure encryption and key management. Self-encrypting drives encrypt data as it’s written and decrypt data as it’s read. When initially deployed in the disk system and powered on for the first time, each drive is authenticated with the key-management server and only then can data be written and read. IBM’s full-disk encryption model protects data when drives are physically removed from the storage system or even when the storage system is powered down. When this happens, the drives are unreadable and must re-authenticate with the key-management server to become readable again. Furthermore, a self-encrypting drive can be used to perform a virtual secure erase of the drive, meaning the data is completely and permanently erased.

With TKLM, customers can change the encryption key assigned to any drive in a matter of seconds without the help of a third-party vendor. Changing the encryption key erases the previous one, and the data becomes unreadable. This protects against a data breach when a drive falls into the wrong hands and can also minimize costs associated by securely erasing all of the information on a system when the lease expires. IBM self-encrypting storage represents the next generation of encryption, with less than 1-percent impact on performance.

TKLM is simple to install and configure and requires no application or server changes, so there’s minimal impact to a customer’s environment. When evaluating how to protect data at rest in the storage network, it’s important to encrypt as close as possible to the storage: ideally the disk drives, Arnold says. With self-encrypting drives, the key never leaves the drive, eliminating exposure.

“Some of IBM’s competitors in this space are saying you should do this on the host, using host-processor cycles. But there are a lot of problems with that approach: one being it uses the host processor cycles, which are expensive, cause tremendous performance issues and expose the encrypted data on a network,” Arnold says.

Tami Deedrick is the former managing editor of IBM Systems Magazine, Power Systems edition.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Finding the Perfect Fit

IBM System Storage Easy Tier tailors SSDs for your workloads

Encrypt and Protect

IBM Tivoli Key Lifecycle Manager solves security problems and meets new standards

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters