© 2013 IBM Corporation

IBM PureApplication™ System Encryption

© 2013 IBM Corporation2

Today’s CIO’s Challenges:• Consolidate and Simplify the Infrastructure• Cybersecurity

Access Integrity Control

• Privacy-Consumer Data Protection • Confidentiality

Intellectual Property Protection Theft Prevention

• Compliance Supporting a multitude of differing EU & North American Consumer Privacy,

Financial and Healthcare Regulations

• Private & Public Cloud Enablement• Foreign Government and/or Corporate Espionage• AND….Reduce Costs!!

© 2013 IBM Corporation3

From the Ponemon Institute (conducts independent research on privacy, data protection and information security policy)

Interviews with 60 large U.S. Companies: Average annualized cost of Cybercrime rose 26% in 2013 to $11.6 million per company

Loss or theft of informationDisruption of Business OperationsRevenue LossDestruction of property, plant and equipmentDetection, Investigation, Incident Response, Containment Recovery

• Average 122 successful attacks per week, up 18% from 2012

• Invest in Adequate Cybersecurity Resources• Monitor systems for early detection

“Many attacks are subtle, stealthy and probably will beat your system”

Costs of Cybercrime

Solutions – Bringing Costs Down

© 2013 IBM Corporation4

Worldwide Regulatory Environment

No single standard for “what/how much to encrypt”

Europe

Centralized regulation for Consumer Data with many differences•24 different variations•900 EU regulatory changes this year alone

Strongest WW Enforcement & Penalties•Enforcement Cases target largest companies and often affect WW Product(s) or Features•Consumer Data Protection Regulations

United States

US Federal Regulation Strongest in• Health Sector - Health Information Privacy (HIPAA)• Financial Sector - Sarbanes Oxley • Public Sector - Department of Defense

Examples of standards & enforcement:• SB 1386, requires any company that stores customer data electronically to notify its California

customers of a security breach to the company's computer system if the company knows or reasonably believes that unencrypted information about the customer has been stolen

• California Financial Information Privacy Act, creates new limits on the ability of financial institutions to share nonpublic personal information about their clients with affiliates and third parties

Best Practice: ENCRYPT ALL DATA!

© 2013 IBM Corporation5

Enterprise Characteristics East / West or NY / Jersey (Financial Markets) Real Time or Delayed Take-over depending on Cost Parameters Multi-Nationals require Business Recovery Fully Operational Facilities, not stand-by “cold” environments

SMB Characteristics Meet HIPPA ex: Doctor’s Office Solve Compliance Issue Provide Secure Entry Level High Availability Solution

Customer Environments

Geographic Redundant Data Centers & Communications

Reduce Op-Ex via Vendor Standardization Repeatable Configuration Deployment & Operational Guidelines

Remote Management from a single Control Center High Data Availability via Data Replication (acceptable lag/transaction loss)

Redundant Equipment Configurations

© 2013 IBM Corporation6

SPx is an OEM IBM Part Number (D10N0LL), not an ISV third party solution Provably Secure Data at Rest Protection FIPs 140-2 Certified

AES 256; HIPPA and FISMA data compliance at start up No External Key Management System

No additional Cost No additional Personnel Integrated with the PureApps Management System

Scales with the PureApps System Software only 2 clicks, 1 drag and drop to secure any directory

Virtually NO System Overhead Tax <8% CPU utilization for encryption, randomization and authentication of the data

(most software encryption solutions require up to 30% additional CPU utilization) No additional storage requirement with SPx encryption

Enables Secure Multitenancy for Enterprise Environments Consolidate and optimize the Infrastructure without compromising privacy and confidentiality

SPx (SecureParser) Encryption Pattern Differentiators

© 2013 IBM Corporation7

Customer Concerns: Decision Maker

IBM with SFC Host Encryption

IBM with NetApp 2240-2 & SafeNet StorageSecure

IBM with EMC VNX5500, VNX Host Enc and RSA DPM

RegulatoryReduced Corporate Risk

CIO Provably SecureScalability

Scalability challenge Corporate Risk Issues(RSA vulnerability)

Cap-Ex CFO Low costNo hardware cost

Expensive upfront costsScaling is expensive

Expensive upfront costsScaling is expensive

On-Going Op-Ex

Cost of Maintenance

CFO No incremental expense

No additional maintenance expense

Additional expense for administration, Hardware & Software licensing, MaintenanceScaling increases all of these costs

Additional expense for administration, Hardware & Software licensing, MaintenanceScaling increases all of these costs

Solution Complexity Operations SimpleHost only softwarePerformance

ComplexApplianceNetwork configuration

ComplexApplianceNetwork configuration

Installation Time & Cost Operations SetupConfigure & forgetNo services requiredNo additional FTE’s

Installation & configuration require additional servicesAdditional FTE’s

Installation & configuration require additional servicesAdditional FTE’s

Encryption Solution Decision Maker Criteria

Decision Maker’s Criteria: CIO : Regulatory i.e. SARBOX, HIPPA, Provably Secure CFO’s : Costs Cap-Ex & Op-Ex(3) CTO’s : Meeting Internal Customer Requirements Operations: Solution Time to Operation & Complexity of Support

© 2013 IBM Corporation8

Encryption Feature Comparison

-

Feature IBM with SFC IBM with NetApp FAS 2240-2 IBM with EMC VNX 5500

Cost Low costSoftware only Host solution.No added Op-EX costs

Expensive, Hardware appliance,2 Required for for HAIncreased Op-Ex costs

Expensive, Hardware Keystore, min 2 for HA, Added OP-EX costs

Ease of implementation and integration

Easily Integrated into Flex Configuration Process

No external hardware or softwareNo services or training required

DifficultExternal hardware & softwareAdditional administration tools from 3rd party vendorSetup requires services and training

DifficultExternal hardware & software

Setup requires services and training

Scalability Scales with Compute nodeAll data handled internally on ITE, small footprint

LimitedAdditional hardware to scale for throughputCapacity not an issue

LimitedRequires additional hardware for capacityThroughput not an issue

Strength of encryption and access control

AES 256 encryption, FIPS 140-2 certification, Strong authentication, Simple LDAP, Active directory file system access controlStrong control with SELinux

AES 256 encryptionFIPS-140-2 Level 3 certification Layer of extra access controlKey shared among files groups, vulnerable to attacks

AES 256 encryptionFIPS-140-2 Level 3 certificationStrong layer of extra access control overlaid on File System

Ease of use Easy to use. Configure & go! No additional administration

DifficultExternal Administration required

Difficult External administration required

IBM, NetApp and EMC

© 2013 IBM Corporation9

Case Study #1: Encryption Solution Pricing* for SAN (FCoE)

Component IBM/SFC NetApp EMC

Chassisw/network interfaces $50,956

Compute Nodes $80,690

Storage : NAS $62,914 $57,746 $65,935

Total : Hardware $194,560 $189,392 $197,581

Encryption TBD $144,000 $7,387

External Keystore $0 Included $139,727

5 Multi-Tenants (Medium) $0 $720,000 $698,635

Solution Total $194,560 + $909,392 $903,306

• None of these comparisons account for any additional gap with respect to scalability e.g. additional competitive equipment due to scaling not accounted for.

• Prices are MSRP• Pricing for Hardware and Software only. Does not include additional administrative and operational requirements for the

NetApp and EMC solution.

© 2013 IBM Corporation10

Case Study #1: Encryption Solution Components

© 2013 IBM Corporation11

© 2013 IBM Corporation12

© 2013 IBM Corporation13