Submit Search
Upload
Z110932 strengthen-security-jburg-v1909c
•
0 likes
•
114 views
Tony Pearson
Follow
Strengthen your security with Pervasive Encryption on IBM Z
Read less
Read more
Technology
Report
Share
Report
Share
1 of 47
Download now
Download to read offline
Recommended
Fortinet
Fortinet
Asifur Rahman Asif
Threat Landscape for Education
Threat Landscape for Education
ColloqueRISQ
SafeNet overview 2014
SafeNet overview 2014
Sectricity
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017
Novosco
Secure channels main deck
Secure channels main deck
Richard Blech
SafeNet - Data Protection Company
SafeNet - Data Protection Company
ASBIS SK
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
African Cyber Security Summit
Fortinet Tanıtım
Fortinet Tanıtım
Güney Bilişim
Recommended
Fortinet
Fortinet
Asifur Rahman Asif
Threat Landscape for Education
Threat Landscape for Education
ColloqueRISQ
SafeNet overview 2014
SafeNet overview 2014
Sectricity
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017
Novosco
Secure channels main deck
Secure channels main deck
Richard Blech
SafeNet - Data Protection Company
SafeNet - Data Protection Company
ASBIS SK
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
African Cyber Security Summit
Fortinet Tanıtım
Fortinet Tanıtım
Güney Bilişim
Introduction to Security Fabric
Introduction to Security Fabric
Francisco Ordillano
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)
Michael DeLaGarza
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
Sectricity
Fortinet Broşür
Fortinet Broşür
Güney Bilişim
CCNA Security - Chapter 1
CCNA Security - Chapter 1
Irsandi Hasan
Web Application Security
Web Application Security
MarketingArrowECS_CZ
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
GARL
High end security for low-end microcontrollers
High end security for low-end microcontrollers
Milosch Meriac
SecurePass at OpenBrighton
SecurePass at OpenBrighton
Giuseppe Paterno'
Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosanti
PrivateWave Italia SpA
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?
Rahul Neel Mani
Protect Your Sensitive Data with Gemalto Guidebook
Protect Your Sensitive Data with Gemalto Guidebook
Exclusive Networks ME
Fortinet Icon Library
Fortinet Icon Library
Fortinet
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
Crypkit 1
Crypkit 1
ncct
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
ShilaThak
Fg80 series
Fg80 series
patchs
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
SafeNet
What i learned at gartner summit 2019
What i learned at gartner summit 2019
Ulf Mattsson
CCNA Security - Chapter 9
CCNA Security - Chapter 9
Irsandi Hasan
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
Luigi Perrone
More Related Content
What's hot
Introduction to Security Fabric
Introduction to Security Fabric
Francisco Ordillano
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)
Michael DeLaGarza
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
Sectricity
Fortinet Broşür
Fortinet Broşür
Güney Bilişim
CCNA Security - Chapter 1
CCNA Security - Chapter 1
Irsandi Hasan
Web Application Security
Web Application Security
MarketingArrowECS_CZ
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
GARL
High end security for low-end microcontrollers
High end security for low-end microcontrollers
Milosch Meriac
SecurePass at OpenBrighton
SecurePass at OpenBrighton
Giuseppe Paterno'
Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosanti
PrivateWave Italia SpA
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?
Rahul Neel Mani
Protect Your Sensitive Data with Gemalto Guidebook
Protect Your Sensitive Data with Gemalto Guidebook
Exclusive Networks ME
Fortinet Icon Library
Fortinet Icon Library
Fortinet
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Paul Stevens
Crypkit 1
Crypkit 1
ncct
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
ShilaThak
Fg80 series
Fg80 series
patchs
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
SafeNet
What i learned at gartner summit 2019
What i learned at gartner summit 2019
Ulf Mattsson
CCNA Security - Chapter 9
CCNA Security - Chapter 9
Irsandi Hasan
What's hot
(20)
Introduction to Security Fabric
Introduction to Security Fabric
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
Fortinet Broşür
Fortinet Broşür
CCNA Security - Chapter 1
CCNA Security - Chapter 1
Web Application Security
Web Application Security
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
Enterprise secure identity in the cloud with Single Sign On and Strong Authen...
High end security for low-end microcontrollers
High end security for low-end microcontrollers
SecurePass at OpenBrighton
SecurePass at OpenBrighton
Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosanti
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?
Protect Your Sensitive Data with Gemalto Guidebook
Protect Your Sensitive Data with Gemalto Guidebook
Fortinet Icon Library
Fortinet Icon Library
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
Crypkit 1
Crypkit 1
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
Fg80 series
Fg80 series
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
What i learned at gartner summit 2019
What i learned at gartner summit 2019
CCNA Security - Chapter 9
CCNA Security - Chapter 9
Similar to Z110932 strengthen-security-jburg-v1909c
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
Luigi Perrone
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
LennartF
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
NRB
IBM Cloud Data Encryption Services
IBM Cloud Data Encryption Services
Isabel Sanz
Hardwar based Security of Systems
Hardwar based Security of Systems
Jamal Jamali
Confidential Computing overview
Confidential Computing overview
Mark Argent
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
ITSitio.com
The NRB Group mainframe day 2021 - Security On Z - Guillaume Hoareau
The NRB Group mainframe day 2021 - Security On Z - Guillaume Hoareau
NRB
Sklm webinar
Sklm webinar
Luigi Perrone
z/OS V2R3 Communications Server Content Preview
z/OS V2R3 Communications Server Content Preview
zOSCommserver
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
Linaro
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
MarketingArrowECS_CZ
120019_top5_security
120019_top5_security
Jessica Hirst
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
Steven Russo
Software potential code protector
Software potential code protector
InishTech
General Version 9 21 09
General Version 9 21 09
tverbeck
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
Mukesh Chinta
How to Hack a Cryptographic Key
How to Hack a Cryptographic Key
IBM Security
Similar to Z110932 strengthen-security-jburg-v1909c
(20)
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
IBM Cloud Data Encryption Services
IBM Cloud Data Encryption Services
Hardwar based Security of Systems
Hardwar based Security of Systems
Confidential Computing overview
Confidential Computing overview
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
The NRB Group mainframe day 2021 - Security On Z - Guillaume Hoareau
The NRB Group mainframe day 2021 - Security On Z - Guillaume Hoareau
Sklm webinar
Sklm webinar
z/OS V2R3 Communications Server Content Preview
z/OS V2R3 Communications Server Content Preview
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
120019_top5_security
120019_top5_security
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
Software potential code protector
Software potential code protector
General Version 9 21 09
General Version 9 21 09
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
How to Hack a Cryptographic Key
How to Hack a Cryptographic Key
More from Tony Pearson
Rapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdf
Tony Pearson
L203326 intro-maria db-techu2020-v9
L203326 intro-maria db-techu2020-v9
Tony Pearson
S200743 storage-announcements-ist2020-v2001a
S200743 storage-announcements-ist2020-v2001a
Tony Pearson
S200516 copy-data-management-ist2020-v2001c
S200516 copy-data-management-ist2020-v2001c
Tony Pearson
S200515 storage-insights-ist2020-v2001d
S200515 storage-insights-ist2020-v2001d
Tony Pearson
F200612 deliver-message-ist2020-v2001c
F200612 deliver-message-ist2020-v2001c
Tony Pearson
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
Tony Pearson
G111614 top-trends-sydney2019-v1910a
G111614 top-trends-sydney2019-v1910a
Tony Pearson
G111416 personal-brand-sydney-v1910b
G111416 personal-brand-sydney-v1910b
Tony Pearson
Z109889 z4 r-storage-dfsms-vegas-v1910b
Z109889 z4 r-storage-dfsms-vegas-v1910b
Tony Pearson
Z109889 z4 r-storage-dfsms-jburg-v1909d
Z109889 z4 r-storage-dfsms-jburg-v1909d
Tony Pearson
S111477 scale-in-cloud-jburg-v1909d
S111477 scale-in-cloud-jburg-v1909d
Tony Pearson
S110646 storage-for-ai-jburg-v1909c
S110646 storage-for-ai-jburg-v1909c
Tony Pearson
G108263 personal-brand-berlin-v1904a
G108263 personal-brand-berlin-v1904a
Tony Pearson
S108283 svc-storwize-lagos-v1905d
S108283 svc-storwize-lagos-v1905d
Tony Pearson
G108277 ds8000-resiliency-lagos-v1905c
G108277 ds8000-resiliency-lagos-v1905c
Tony Pearson
G108276 public-speaking-lagos-v1905b
G108276 public-speaking-lagos-v1905b
Tony Pearson
G108266 stack-the-deck-lagos-v1905c
G108266 stack-the-deck-lagos-v1905c
Tony Pearson
G107984 personal-brand-atlanta-v1904a
G107984 personal-brand-atlanta-v1904a
Tony Pearson
G107980 top-it-trends-atlanta-v1904b
G107980 top-it-trends-atlanta-v1904b
Tony Pearson
More from Tony Pearson
(20)
Rapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdf
L203326 intro-maria db-techu2020-v9
L203326 intro-maria db-techu2020-v9
S200743 storage-announcements-ist2020-v2001a
S200743 storage-announcements-ist2020-v2001a
S200516 copy-data-management-ist2020-v2001c
S200516 copy-data-management-ist2020-v2001c
S200515 storage-insights-ist2020-v2001d
S200515 storage-insights-ist2020-v2001d
F200612 deliver-message-ist2020-v2001c
F200612 deliver-message-ist2020-v2001c
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
G111614 top-trends-sydney2019-v1910a
G111614 top-trends-sydney2019-v1910a
G111416 personal-brand-sydney-v1910b
G111416 personal-brand-sydney-v1910b
Z109889 z4 r-storage-dfsms-vegas-v1910b
Z109889 z4 r-storage-dfsms-vegas-v1910b
Z109889 z4 r-storage-dfsms-jburg-v1909d
Z109889 z4 r-storage-dfsms-jburg-v1909d
S111477 scale-in-cloud-jburg-v1909d
S111477 scale-in-cloud-jburg-v1909d
S110646 storage-for-ai-jburg-v1909c
S110646 storage-for-ai-jburg-v1909c
G108263 personal-brand-berlin-v1904a
G108263 personal-brand-berlin-v1904a
S108283 svc-storwize-lagos-v1905d
S108283 svc-storwize-lagos-v1905d
G108277 ds8000-resiliency-lagos-v1905c
G108277 ds8000-resiliency-lagos-v1905c
G108276 public-speaking-lagos-v1905b
G108276 public-speaking-lagos-v1905b
G108266 stack-the-deck-lagos-v1905c
G108266 stack-the-deck-lagos-v1905c
G107984 personal-brand-atlanta-v1904a
G107984 personal-brand-atlanta-v1904a
G107980 top-it-trends-atlanta-v1904b
G107980 top-it-trends-atlanta-v1904b
Recently uploaded
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Recently uploaded
(20)
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
How to write a Business Continuity Plan
How to write a Business Continuity Plan
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Z110932 strengthen-security-jburg-v1909c
1.
Strengthen your security posture!
Getting started with IBM Z Pervasive Encryption Tony Pearson IBM Master Inventor, Senior IT Management Consultant, TechU Content Manager 2019 IBM Systems Technical University 10-12 Sep 2019 | Johannesburg, SA
2.
Agenda IBM Systems Technical
University © Copyright IBM Corporation 2019 2 What is Pervasive Encryption? Understanding IBM Z Crypto How to Get Started with z/OS Data Set Encryption
3.
Data protection and
compliance are business imperatives 13 Billion 4% Of the only breached since 2013 were encrypted 3 records $3.6MAverage cost of a data breach in 2017 2 Likelihood of an organization having a data breach in the next 24 months 1 28% “It’s no longer a matter of if, but when …” Health Insurance Portability and Accountability Act (HIPAA) European Union General Data Protection Regulation (GDPR) Payment Card Industry Data Security Standard (PCI-DSS) 1, 2 Source: 2017 Ponemon Cost of Data Breach Study: Global Overview -- http://www.ibm.com/security/data-breach/ 3 Source: Breach Level Index -- http://breachlevelindex.com/ Extensive use of encryption is one of the most impactful ways to help reduce the risks and financial losses of a data breach and help meet complex compliance mandates. IBM Systems Technical University © Copyright IBM Corporation 2019 3
4.
Implementing Encryption can
be complex IBM Systems Technical University © Copyright IBM Corporation 2019 4 — Michael Jordan — IBM Distinguished Engineer, IBM Z Security
5.
Focus on eliminating
barriers: • Decouple encryption from classification • Extensive application changes • Encryption of database indexes and/or key fields • High cost associated with processor overhead Protecting only enough data to achieve compliance should be the bare minimum, not a best practice. Pervasive encryption: A paradigm shift in data protection IBM Systems Technical University © Copyright IBM Corporation 2019 5
6.
Unrivaled Data Protection —No
Application Changes —No Impact to SLAs IBM Z and LinuxONE are the world’s most secure servers Protect your data with encryption in-flight and at-rest with new capabilities in hardware, OS, and middleware. IBM Systems Technical University © Copyright IBM Corporation 2019 6
7.
How does encryption
and decryption work? Supply a cryptographic key value and clear text to a cryptography algorithm to produce cipher text (i.e. encryption) Cipher TextClear Text Encrypt But what are cryptographic keys? IBM Systems Technical University © Copyright IBM Corporation 2019 7 Supply a cryptographic key value and cipher text to a cryptography algorithm to produce clear text (i.e. decryption) Cipher TextClear Text Decrypt
8.
Security Strength is
based on Algorithm and Number of Bits in Key AES RSA ECC Years 1024 160 106 2048 224 109 128 3072 256 1015 192 7680 384 1033 256 15360 512 1051 Data*Data Data* Data * * Symmetric Key (AES 256) • Same key is used to encrypt/decrypt • Fast, ideal for large amounts of data • Must keep the key secret Encryption “Public” Key Decryption “Private” Key Pairs of different keys are used to encrypt & decrypt data Encrypt with “Public” key; it may be distributed widely available without fear of compromise Decrypt with “Private” key; must keep this key secret Asymmetric Key (RSA 2048) ED Key Pair Data Data Data Data E DAES – Advanced Encryption Standard RSA – Rivest Shamir Adleman ECC – Elliptical Curve Cryptography IBM Systems Technical University © Copyright IBM Corporation 2019 8
9.
Two-Tier Encryption Scheme Problem: Realtors,
Landlords, and Apartment managers must carry hundreds of keys, one unique to each dwelling unit Solution: All units have their unique key kept inside a locked box hanging on the door knob. Realtors, Landlords, and Apartment managers carry a single master key that opens every lockbox Data A E D A Data B B Encryption: Each flash, disk, or tape assigned a unique symmetric “Operational Data Key” Data key itself is encrypted or “wrapped” with Master “encrypting key” Decryption: Operational Data key is decrypted with Master “decrypting key” Unique Operational data key is then used as needed IBM Systems Technical University © Copyright IBM Corporation 2019 9
10.
Broadly protect Linux
file systems and z/OS data sets using policy controlled encryption that is transparent to applications and databasesData at Rest Integrated Crypto Hardware Hardware accelerated encryption on every core, CPACF performance improvements of 7x Crypto Express6S – PCIe Hardware Security Module (HSM) & Cryptographic Coprocessor Protect z/OS Coupling Facility data end-to-end, using encryption that’s transparent to applicationsClustering Protect network traffic using standards based encryption from end to end, including encryption readiness technology to ensure that z/OS systems meet approved encryption criteriaNetwork Secure deployment of software appliances including tamper protection during installation and runtime, restricted administrator access, and encryption of data and code in-flight and at-rest Secure Service Container 10 The IBM Enterprise Key Management Foundation (EKMF) provides real-time, centralized secure management of keys and certificates with a variety of cryptographic devices and key stores Key Management z14 Unrivaled data protection Protect IBM Z data with encryption in-flight and at-rest with capabilities in hardware, OS, and middleware. IBM Systems Technical University © Copyright IBM Corporation 2019 Pervasive Encryption with IBM Z Enabled through tight platform integration
11.
z14 -- Designed
for Pervasive Encryption • CPACF – Dramatic advance in bulk symmetric encryption performance • Crypto Express6s – Doubling of asymmetric encryption performance for TLS handshakes • CFCC – Designed for CF data encryption (wrapped encryption key stored for recovery scenarios) z/OS -- New approach to encryption in-flight and at-rest data • z/OS data set encryption – Transparent encryption of data at-rest • z/OS CF encryption –Transparent end-to-end encryption of CF data • z/OS Communication Server - Intelligent Network Security discovery & reporting Linux on z/LinuxONE -- Full Power of Linux Ecosystem combined with z14 Capabilities • LUKS dm-crypt – Transparent file and volume encryption using industry unique CPACF protected-keys • Network Security – Enterprise scale encryption and handshakes using z14 CPACF and SIMD • Secure Service Container – Automatic protection of data and code for virtual appliance Software-only elements expected on previous generation of z Systems with differentiated value for z14 Pervasive Encryption with IBM z Systems IBM Systems Technical University © Copyright IBM Corporation 2019 Technical Foundation 11
12.
Agenda IBM Systems Technical
University © Copyright IBM Corporation 2019 12 What is Pervasive Encryption? Understanding IBM Z Crypto How to Get Started with z/OS Data Set Encryption
13.
z14 Integrated Cryptographic
Hardware IBM Systems Technical University © Copyright IBM Corporation 2019 13 CP Assist for Cryptographic Functions (CPACF) • Hardware accelerated encryption on every microprocessor core • Performance improvements of up to 7x for selective encryption modes Suited for high speed bulk symmetric encryption Crypto Express6S • Next generation PCIe Hardware Security Module (HSM) • Performance improvements up to 2x • Industry leading FIPS 140-2 Level 4 Certification Design Suited for high value transactions, key protection and asymmetric acceleration Why is it valuable: • More performance = lower latency + less CPU overhead for encryption operations • Highest level of protection available for encryption keys • Industry exclusive “protected key” encryption
14.
Protecting Operational Keys:
Using Secure & Protected Keys Operational keys should not be stored in the clear in the host environment. Secure keys are strongly recommended for persistent key storage (e.g. key data sets). Protected keys are recommended for storing keys in address space memory (e.g. Db2, DFSMS). Only protected keys created from secure keys should be used for Pervasive Encryption. Secure Key Key values are encrypted under a Master Key. Crypto operations are performed only on a Crypto Express adapter Clear Key Key values are not encrypted. Crypto operations may be performed in CPACF or on a Crypto Express adapter Protected Key Key values are encrypted under a CPACF wrapping key. Crypto operations are performed only using CPACF Note: With z/OS data set encryption, protected keys are implicitly created from secure keys. IBM Systems Technical University © Copyright IBM Corporation 2019 14
15.
What IBM tools
are available to manage keys? Enterprise Key Management Foundation (EKMF) EKMF securely manages keys and certificates for cryptographic coprocessors, hardware security modules (HSM), cryptographic software, ATMs, and point of sale terminals. Supports Operational Keys Trusted Key Entry (TKE) Workstation TKE securely manages multiple Cryptographic Coprocessors and keys on various generations of IBM Z from a single point of control. Supports Master Keys and Operational Keys Security Key Lifecycle Manager (SKLM) SKLM v2.7 provides key storage, key serving and key lifecycle management for IBM and non-IBM storage solutions using the OASIS Key Management Interoperability Protocol (KMIP) and IBM Proprietary Protocol (IPP). Supports Operational Keys for Self Encrypting Devices (SEDs) Integrated Cryptographic Services Facility (ICSF) ICSF provides callable services and utilities that generate, store, and manage keys, and also perform cryptographic operations. Supports Master Keys and Operational Keys IBM Systems Technical University © Copyright IBM Corporation 2019 15
16.
Enterprise Key Management
Considerations Encryption of data at enterprise scale requires robust key management The current key management landscape can be characterized by clients who have … … already deployed an enterprise key management solution … developed a self-built key management solution … not deployed an enterprise key management solution • Policy based key generation • Policy based key rotation • Key usage tracking • Key backup & recovery Key management for pervasive encryption must provide … The IBM Enterprise Key Management Foundation (EKMF) provides real-time, centralized secure management of keys and certificates in an enterprise with a variety of cryptographic devices and key stores. EKMF IBM Systems Technical University © Copyright IBM Corporation 2019 16
17.
Agenda IBM Systems Technical
University © Copyright IBM Corporation 2019 17 What is Pervasive Encryption? Understanding IBM Z Crypto How to Get Started with z/OS Data Set Encryption
18.
The Encryption Pyramid Multiple
layers of encryption for data at rest provide robust data protection IBM Systems Technical University © Copyright IBM Corporation 2019 18
19.
z/OS Data Set
Encryption – Encryption keys Key label: 64-byte label of a key in the ICSF Cryptographic Key Data Set (CKDS) • Required to access an encrypted data set Encryption data key: • Require AES-256 bit key • Must be set up in CSFKEYS as a protected key • Recommend secure keys (protected by Crypto Express AES Master Key) Encryption mode: • DFSMS uses XTS mode IBM Systems Technical University © Copyright IBM Corporation 2019 19
20.
z/OS Data Set
Encryption – Client Value IBM Systems Technical University © Copyright IBM Corporation 2019 20 Clients who are required to protect customer data can leverage the IBM Z hardware encryption for data at rest through existing policy management… without application changes. A.No application changes required B.Data set level granularity C. Supports separation of access control for data set and encryption key label D.Enabled through RACF and / or SMS policy E. Audit readiness Designed to take advantage of the processing power of the z14
21.
A. Application transparency
via access methods IBM Systems Technical University © Copyright IBM Corporation 2019 21 — Supported access methods/data set types • BSAM and QSAM o Sequential extended format data sets • VSAM and VSAM/RLS o VSAM (KSDS, ESDS, RRDS, VRRDS, LDS) extended format data sets — Supported access methods/data set types new for z/OS 2.4 • BPAM, BSAM and QSAM o PDSEs (data members) Transparent! No application changes or awareness that sequential or VSAM data is encrypted when accessed using the standard access method APIs. Covers DB2, IMS, zFS, CICS/VSAM, Middleware, Logs, Batch, & ISV Solutions*. Refer to product documentation for information regarding support. (*) Note: For those applications that use the licensed Media Manager services, changes to Media Manager interfaces required to access encrypted data sets.
22.
B. Naming Conventions
& Granular Access Control PROD MKPROD App1 Data1 PROD.App1.Data1.VerX App2 Data2 PROD.App2.Data2.VerX AppN DataN PROD.AppN.DataN.VerX PROD CKDS PROD.App1.Data1.VerX PROD.App2.Data2.VerX PROD.AppN.DataN.VerX *** *** *** Leveraging naming conventions & z Security to enforce separation across application instances Naming conventions can be used to segment applications, data, and keys, e.g. –Environment: PROD, QA, TEST, DEV –Application: App1, App2,…, AppN –Data-Type: Account, Payroll, Log –Version: Ver1, Ver2,…,Verx Application resources (data sets, encryption keys) can be assigned names based on naming conventions, e.g. –PROD.APP2.LOG.VER10 –PROD.APP1.PAYROLL.KEY.VER7 Security rules can be used to enforce separation with granular access control for application resources and encryption keys Flexible! Data set encryption is designed to be flexible in allowing as much granularity as desired when identifying key labels for data sets. There is no limit as to how many key labels and encryption keys are used across the data sets…however, planning for key management is critical. Life of the data set is life of the key! IBM Systems Technical University © Copyright IBM Corporation 2019 22
23.
C. Access Control
- Segregation of Duties IBM Systems Technical University © Copyright IBM Corporation 2019 23 Data owners that must access content will need authority access to the data set as well as access to the encryption key label Storage administrators who only manage the data sets need access to the data set but not access to the key label (thus protecting access to the content) Different keys can be used to protect different data sets – ideal for multiple tenants or data set specific policies. Prevent administrators from accessing the content Many utilities can process data preserving encrypted form COPY, DUMP and RESTORE Migrate/Recall, Backup/Recover, Dump/Data Set Restore PPRC, XRC, FlashCopy®, Concurrent Copy, etc. Data owner Manages the content Limit access to data in clear! Remove certain roles from compliance scope….by controlling access to the data through SAF permissions. System administrator Manages the data set
24.
D. Creating encrypted
data sets via policy IBM Systems Technical University © Copyright IBM Corporation 2019 24 — A data set is defined as ‘an encrypted data set’ when a key label is supplied on allocation of a new data set of a supported data set type for data set encryption • sequential extended format o Note: Allocated as extended format version 2, regardless of user's specification for version number on DSNTYPE or the PS_EXT_VERSION keyword in IGDSMSxx member in PARMLIB. • VSAM extended format — A key label can be supplied in any of the following sources (in order of precedence as follows): • Security policy: RACF data set profile DFP segment • Explicity: JCL, Dynamic Allocation, TSO Allocate, IDCAMS DEFINE • SMS policy: Data class o To allocate via ISPF 3.2, can specify a data class with key label Ease of use! Easy to create an encrypted data set just by specifying a key label. Even easier when enabled via RACF or SMS policy.
25.
E. Audit readiness IBM
Systems Technical University © Copyright IBM Corporation 2019 25 Auditors can rely on system interfaces, not individuals, for compliance Data set encryption attributes displayed in various system interfaces –SMF records –DCOLLECT records –LISTCAT –IEHLIST LISTVTOC Simplifies compliance! Allows enhanced tooling to help simplify the audit process.
26.
1 2 3 Generate
an encryption key and key label, store it in the CKDS . Setup RACF for use of key label Allow secure key to be used as protected key via ICSF segment - SYMCPACFWRAP - SYMCPACFRET Grant access to key label Associate the key label with the desired data set(s). In RACF, alter DFP segment in data set profile - DATAKEY() In DFSMS, assign to data class – OR – – AND – DB2: Online Reorg IMS HA Database: Online Reorg zFS Container: zfsadmin encrypt VSAM or Seq data set: 1. Stop application 2. Copy data 3. Restart application Migrate to encrypted data 4 In RACF, permit access to new resource in FACILITY class Non- disruptive Non- disruptive Non- disruptive Defining a robust key management strategy is critical! Storage Admin Security Admin DBASecurity AdminICSF Admin User Storage Admin User Create new data OR User Data set encryption – High Level Steps Consider zDMF IBM Systems Technical University © Copyright IBM Corporation 2019 26
27.
1. Prepare ICSF
CKDS for use — ICSF Admin must ensure encryption keys exist • Secure AES256 data encryption keys/key labels defined in CKDS o Use Crypto Express to protect keys in the CKDS as secure keys — Various methods available to create keys, for example • IBM Enterprise Key Management Foundation (EKMF) • ICSF CKDS Keys Panel (HCR77C1) • ICSF APIs (CSNBKGN, CSNBKRC2) • ICSF KGUP ICSF Admin Data keys must be accessible EVERYWHERE that the encrypted data sets must be accessed. IBM Systems Technical University © Copyright IBM Corporation 2019 27
28.
Data set encryption
– High Level Steps IBM Systems Technical University © Copyright IBM Corporation 2019 28 1 2 3 Generate an encryption key and key label, store it in the CKDS . Setup RACF for use of key label Allow secure key to be used as protected key via ICSF segment - SYMCPACFWRAP - SYMCPACFRET Grant access to key label Associate the key label with the desired data set(s). In RACF, alter DFP segment in data set profile - DATAKEY() In DFSMS, assign to data class – OR – – AND – DB2: Online Reorg IMS HA Database: Online Reorg zFS Container: zfsadmin encrypt VSAM or Seq data set: 1. Stop application 2. Copy data 3. Restart application Migrate to encrypted data 4 In RACF, permit access to new resource in FACILITY class Non- disruptive Non- disruptive Non- disruptive Storage Admin Security Admin DBASecurity AdminICSF Admin User Storage Admin User Create new data OR User Consider zDMF
29.
2. Prepare system
to allow data set encryption IBM Systems Technical University © Copyright IBM Corporation 2019 29 Security Admin must consider whether migration action should prevent creation of encrypted data sets via resource in FACILITY class: STGADMIN.SMS.ALLOW.DATASET.ENCRYPT • Ensure all systems that may need to access the data have the CKDS with key material required to decrypt the data sets AND are at the correct HW/SW levels. RDEFINE FACILITY STGADMIN.SMS.ALLOW.DATASET.ENCRYPT UACC(NONE) • To allow the system to create encrypted data sets when the key label is specified via a method outside of the DFP segment in the RACF data set profile, the user must have at least READ authority to the resource in the FACILITY class. PERMIT FACILITY STGADMIN.SMS.ALLOW.DATASET.ENCRYPT ID(*) ACCESS(READ) Allows security admin to control who can create encrypted data sets. Security Admin
30.
2. Prepare system
to allow data set encryption IBM Systems Technical University © Copyright IBM Corporation 2019 30 Security Admin must consider whether allocation of non-extended format data sets with key label should result in allocation failure via resource in FACILITY class: STGADMIN.SMS.FAIL.INVALID.DSNTYPE.ENC • Default allows successful allocation for non-encrypted non-extended format data sets. Info message is issued in this case. RDEFINE FACILITY STGADMIN.SMS.FAIL.INVALID.DSNTYPE.ENC UACC(NONE) • To fail the allocation, the user must have at least READ authority to the resource in the FACILITY class. RALTER FACILITY STGADMIN.SMS.FAIL.INVALID.DSNTYPE.ENC UACC(READ) Allows security admin to control whether key label should be ignored for unsupported data set types. Security Admin
31.
2. Set up
access to key labels via CSFKEYS class IBM Systems Technical University © Copyright IBM Corporation 2019 31 Security Admin sets up profiles in the CSFKEYS class based on installation requirements. Any user that must access data in the clear must have access to the key label • Must update the ICSF segment of the covering profile to allow ICSF to return a protected key: SYMCPACFWRAP(YES) SYMCPACFRET (YES) — Examples • Define profile such that no one has access to the key label RDEFINE CSFKEYS DATASET.keylabel.v1 UACC(NONE) ICSF(SYMCPACFWRAP(YES) SYMCPACFRET(YES)) • Allow key label to be used by JOHN when accessed by any application PERMIT DATASET.keylabel.v1 CLASS(CSFKEYS) ID(JOHN) ACCESS(READ) • Allow key label to be used by MIKE only when accessed by DFSMS PERMIT DATASET.keylabel.v1 CLASS(CSFKEYS) ID(MIKE) ACCESS(READ) WHEN(CRITERIA(SMS(DSENCRYPTION))) Allows security admin to control who can access data in the clear. Security Admin
32.
Data set encryption
– High Level Steps 1 2 3 Generate an encryption key and key label, store it in the CKDS . Setup RACF for use of key label Allow secure key to be used as protected key via ICSF segment - SYMCPACFWRAP - SYMCPACFRET Grant access to key label Associate the key label with the desired data set(s). In RACF, alter DFP segment in data set profile - DATAKEY() In DFSMS, assign to data class – OR – – AND – DB2: Online Reorg IMS HA Database: Online Reorg zFS Container: zfsadmin encrypt VSAM or Seq data set: 1. Stop application 2. Copy data 3. Restart application Migrate to encrypted data 4 In RACF, permit access to new resource in FACILITY class Non- disruptive Non- disruptive Non- disruptive Storage Admin Security Admin DBASecurity AdminICSF Admin User Storage Admin User Create new data OR User IBM Systems Technical University © Copyright IBM Corporation 2019 32 Consider zDMF
33.
3. Creating encrypted
data sets – supplying key labels A data set is defined as ‘encrypted’ when a key label is supplied on create of a sequential or VSAM extended format data set. Options for assigning key label (with order of precedence): • Security policy: RACF data set profile DFP segment o Security Admin can update RACF DS profile to request encryption by adding key label: DATAKEY Note: Key label specified in the DFP segment is used regardless of the ACSDEFAULTS(xx) setting specified in SYS1.PARMLIB(IGDSMSxx) • JCL, Dynamic Allocation, TSO Allocate, IDCAMS DEFINE o User can modify JCL or program to request encryption by adding key label: JCL DSKEYLBL, Dynalloc DALDKYL, DEFINE KEYLABEL • SMS policy: Data Class o Storage Admin can update specific data class(es) via ISMF to request encryption by adding: Data Set Key Label. o Storage Admin can update ACS routines to select data classes enabled for data set encryption. Storage Admin User IBM Systems Technical University © Copyright IBM Corporation 2019 33 Security Admin
34.
3. Optionally, prepare
for compressed format A data set is defined as compressed format via COMPACTION option in data class Assigning COMPACTION • SMS policy: Data Class o Storage Admin can update specific data class(es) via ISMF to request compressed format via COMPACTION option: - Sequential extended format data sets support generic, tailored, or zEDC compression - VSAM extended format KSDS supports generic compression (Only KSDS can be compressed format) o Storage Admin can update ACS routines to select data classes enabled for compression IBM Systems Technical University © Copyright IBM Corporation 2019 34 Storage Admin
35.
Data set encryption
– High Level Steps 1 2 3 Generate an encryption key and key label, store it in the CKDS . Setup RACF for use of key label Allow secure key to be used as protected key via ICSF segment - SYMCPACFWRAP - SYMCPACFRET Grant access to key label Associate the key label with the desired data set(s). In RACF, alter DFP segment in data set profile - DATAKEY() In DFSMS, assign to data class – OR – – AND – DB2: Online Reorg IMS HA Database: Online Reorg zFS Container: zfsadmin encrypt VSAM or Seq data set: 1. Stop application 2. Copy data 3. Restart application Migrate to encrypted data 4 In RACF, permit access to new resource in FACILITY class Non- disruptive Non- disruptive Non- disruptive Storage Admin Security Admin DBASecurity AdminICSF Admin User Storage Admin User Create new data OR User IBM Systems Technical University © Copyright IBM Corporation 2019 35 Consider zDMF
36.
4. How can
Auditors be sure the data is encrypted? IBM Systems Technical University © Copyright IBM Corporation 2019 36 — Encryption attributes displayed in various system interfaces • SMF records • DCOLLECT records • LISTCAT • IEHLIST LISTVTOC • Catalog Search Interface (CSI) • ISITMGT — To view encrypted data, can use DFSMSdss PRINT Tracks
37.
zSecure Pervasive encryption
support Command Verifier: Command Verifier policy for DATAKEY Admin: Easy administration DATAKEY on DFP segment Audit: Report on non-VSAM and VSAM data sets key labels • Extend existing report types DSN / SENSDSN Audit: Report key protection CSFKEYS • New report types ICSF_SYMKEY, ICSF_PUBKEY Audit: Report which systems sharing DASD can decrypt ds Audit: Extend report type SMF • Type 14/15 non-VSAM and Type 62 VSAM keylabel use • ICSF • zERT records to show encryption strengths zSecure also collects, formats and enriches data set encryption information that is sent to SIEMs including IBM QRadar® for enhanced enterprise-wide security intelligence. IBM Systems Technical University © Copyright IBM Corporation 2019 37
38.
z/OS Data Set
Encryption – Evaluate impact IBM Systems Technical University © Copyright IBM Corporation 2019 38 zBNA Background: • A no charge, “as is” tool originally designed to analyze batch windows • PC based, and provides graphical and text reports • Available on techdocs for customers, business partners, and IBMers http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5132 • Previously enhanced for zEDC to identify & evaluate compression candidates zBNA Encryption Enhancements: • Enhanced to help clients estimate encryption CPU overhead based on actual client workload SMF data • Ability to select z13 or z14 as target machine • Support provided for • z/OS data set encryption • Coupling Facility encryption z Batch Network Analyzer (zBNA) zBNA 1.8.1 Note: z/OS Capacity Planning tool zCP3000 also updated to provide encryption estimates http://w3-03.ibm.com/support/americas/wsc/cpsproducts.html Use zBNA to evaluate candidates for encryption, and for estimated CPU overhead if data sets converted to data set encryption. Estimating CPU Cost of Data Protection
39.
Final Thoughts IBM Systems
Technical University © Copyright IBM Corporation 2019 39 Pervasive Encryption reduces the manual effort of deciding which data is encrypted IBM Z has hardware features to minimize performance overheads z/OS Data Set Level Encryption is a simple way to get started
40.
Thank you! IBM Systems
Technical University © Copyright IBM Corporation 2019 40 Tony Pearson tpearson@us.ibm.com +1-520-799-4309 Please complete the Session Evaluation!
41.
Resources IBM Systems Technical
University © Copyright IBM Corporation 2019 41 — Getting Started with z/OS Data Set Encryption Redbook http://www.redbooks.ibm.com/redpieces/abstracts/sg248410.html?Open — IBM Z pervasive encryption landing page https://www.ibm.com/support/knowledgecenter/SSLTBW_2.3.0/com.ibm.zos.v2r3.izs/pervasiveEncryption.html — IBM Z pervasive encryption solution guide (Knowledge Center) https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.izs/izs.htm — IBM Z pervasive encryption FAQ: https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSQ03116USEN — IBM Crypto Education page: https://ibm.biz/BdiAah — zPET Test Reports: https://www.ibm.com/developerworks/community/groups/service/html/communitystart?communityUuid=43 ea8e78-acbe-49f5-9290-379e4f4569cb — MOP demo white paper: http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP102734 — Youtube Videos: • Data Set Encryption: https://www.youtube.com/watch?v=zdSXRUSmkb4 • CF Encryption: https://www.youtube.com/watch?v=lTmsFWuJwJU • zERT: https://www.youtube.com/watch?v=1CgEcCTX_o8 • MOP MPL Bank: https://www.youtube.com/watch?v=EP488nLdGts
42.
Special Thanks I would
like to thank the following colleagues who contributed charts, insights, and review comments for these presentation materials — Cecilia Carranza Lewis — Barbara McDonald — Eysha Powers — Theresa Tai IBM Systems Technical University © Copyright IBM Corporation 2019 42
43.
About the Speaker 43 Tony
Pearson is a Master Inventor, Senior IT Management Consultant, and Content Manager for the IBM Systems Technical University events. Tony joined IBM Corporation in 1986 in Tucson, Arizona, USA, and has lived there ever since. Tony presents briefings on storage topics covering the entire IBM Storage product line, IBM Spectrum Storage software products, and topics related to Cloud Computing, Analytics and Cognitive Solutions. He interacts with clients, speaks at conferences and events, and leads client workshops to help clients with strategic planning for IBM’s integrated set of storage management software, hardware, and virtualization solutions. Tony writes the “Inside System Storage” blog, which is read by thousands of clients, IBM sales reps and IBM Business Partners every week. This blog was rated one of the top 10 blogs for the IT storage industry by “Networking World” magazine, and #1 most read IBM blog on IBM’s developerWorks. The blog has been published in series of books, Inside System Storage: Volume I through V. Over the past years, Tony has worked in development, marketing and consulting for various IBM Systems hardware and software products. Tony has a Bachelor of Science degree in Software Engineering, and a Master of Science degree in Electrical Engineering, both from the University of Arizona. Tony is an inventor or co-inventor of 19 patents in the field of IBM Systems and electronic data storage. 9000 S. Rita Road Bldg 9032 Floor 1 Tucson, AZ 85744 +1 520-799-4309 (Office) tpearson@us.ibm.com Tony Pearson Master Inventor Senior Management Consultant, IBM Systems La Services IBM Storage IBM Systems Technical University © Copyright IBM Corporation 2019
44.
My Social Media
Presence Blog*: ibm.co/Pearson LinkedIn: https://www.linkedin.com/in/az990tony Books: www.lulu.com/spotlight/990_tony IBM Expert Network on Slideshare: www.slideshare.net/az990tony Twitter: twitter.com/az990tony Facebook: www.facebook.com/tony.pearson.16121 Instagram: www.instagram.com/az990tony/ Email: tpearson@us.ibm.com * Not a typo. This is short URL for https://www.ibm.com/developerworks/mydeveloperworks/blogs/InsideSystemStorage/ IBM Systems Technical University © Copyright IBM Corporation 2019 44
45.
Notices and disclaimers —
© 2019 International Business Machines Corporation. No part of this document may be reproduced or transmitted in any form without written permission from IBM. — U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. — Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event, shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted per the terms and conditions of the agreements under which they are provided. — IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” — Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. — Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those — customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. — References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. — Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. — It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer follows any law. IBM Systems Technical University © Copyright IBM Corporation 2019 45
46.
Notices and disclaimers
continued — Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products about this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non- IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a purpose. — The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. — IBM, the IBM logo, ibm.com and [names of other referenced IBM products and services used in the presentation] are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml IBM Systems Technical University © Copyright IBM Corporation 2019 46
47.
This presentation uses
the IBM Plex™ font IBM Plex™ is our new typeface. It’s global, it’s versatile and it’s distinctly IBM. IBM Plex Sans The IBM company is freeing itself from the cold, modernist cliché and replacing Helvetica with a new corporate typeface. Also replaces Arial, Calibri, Lucida Grande, Trebuchet, etc. IBM Plex Mono A little something for developers. Replaces Courier New, Letter Gothic, Lucida Console, etc. IBM Plex Serif A hybrid of the third kind (combining the best of Plex, Bodoni, and Janson into a contemporary serif). Replaces Cambria, Garamond, Lucida Bright, Times New Roman, etc. IBM Plex is freely available as TrueType and OpenType at: https://github.com/IBM/plex/releases and looks consistently good across Windows, Linux and Mac IBM Systems Technical University © Copyright IBM Corporation 2019 47
Download now