For anyone who, mistakenly, thinks the mainframe is a dying breed, there's a new kid on the block, the IBM z13s system. What this enables, for middle-sized companies, is hardware-assisted encryption for all of their data on the Cloud - and this addresses some perceived barriers to cloud adoption (that data on the cloud is easily stolen, and that encrypting it will slow response times).
Personally, I suspect that on-premises solutions often aren't as secure as people think (because access controls and security policies often aren't enforced effectively) and that Cloud solutions (where security is professionally managed as part of a service) may be more secure in practice - but, in both cases, encryption of important data is a key part (but not the whole) of being able to attain, and demonstrate, good security of that data.
What this new "enterprise-class server" brings is:
- Cryptographic co-processors built into every microprocessor core; plus hardware cryptography accelerator cards in the I/O unit.
- More intelligent security capabilities, including integration with IBM software security products and a new Cyber Security Analytics service that can help z Systems customers identify malicious behaviour patterns.
- An expanded partner ecosystem, including organisations like BlackRidge Technology, the Forcepoint joint venture between Raytheon and Vista Equity Partners, and RSM Partners.
Read more about IBM's views on using such a machine to secure cloud computing here. And, IBM certainly isn't the only company that sees a future in the mainframe; see my blog about CA Technologies here, for example.
As I've already implied, I think that encryption on the cloud is probably necessary for good governance and Cloud assurance, if your data is important and you can afford to do it; but it is not sufficient. You also have to have good management of identity and of authorised users (your strongly encrypted cloud data isn't at all secure, if your Sales Manager, with authorised access, is moving to a new job and taking a handwritten list of the salient points of your 10 best customers with her). You need good security policies, which cover cloud data, and which all your staff know about, understand, and buy into (you need a good security culture). And there's more to "good governance" of cloud resources generally than just encryption.
Nevertheless, strong encryption of data that is stored outside of your immediate control provides a very good foundation for Cloud assurance - if you can afford the technology to let you do it without impacting the user experience (encryption can involve quite a lot of computer processing). And IBM's z series has a proven ability to offload CPU-intensive processing, such as encryption/decryption, into hardware.
The cost? Ah well, if you have to ask.... But probably a lot less than having all of your company-confidential and sensitive personal data posted on the public Internet. And probably rather less than maintaining expensive legacy on-premises solutions because you are scared to move to cost-effective hybrid cloud because of the perceived Cloud security risk (the risk is real enough if just some customers perceive you as being insecure, whether you are or not). What IBM says, in its press release, is: "IBM Global Financing leases and payment plans are available from IBM and IBM Business Partners and provide flexible terms and conditions that can be tailored to meet each customer's needs to upgrade from older models to z13s, convert an owned z system to leasing while upgrading or acquiring a new z13s. Promotional offers include 90 days deferred payment for new credit-qualified customers" - I'm guessing, this will possibly end up as "not as expensive as some people expect" - if they are good at negotiating with IBM.