IBM today announced new security technology with the latest release of its mainframe operating system, z/OS 1.5, providing the industry's first single point of control for managing a multilevel security environment.
Combined with IBM's DB2 Universal Database for z/OS Version 8, the IBM solution provides multilevel security on the eServer zSeries mainframe to help meet the stringent security requirements of government agencies and financial institutions, and can open up new options for e-hosting facilities. This technology can help improve the way government agencies and other organizations share critical classified information.
Multilevel security technology allows IT administrators to give users access to information based on their need to know, or clearance level. It is designed to prevent individuals from accessing unauthorized information and to prevent individuals from declassifying information.
IBM's z/OS 1.5 and DB2 V8 enable a single repository of data to be managed at the row level and accessed by individuals based on their need to know. For example, a person with a top secret clearance will be able to access more information in a database than someone without that clearance level.
Using the new IBM solution, organizations can help reduce duplicate infrastructures previously needed to separate highly confidential data, which in turn can help reduce IT costs, floor space and administration costs. In addition, records can be more up to date as well as more easily shared, administered and managed, because information does not have to be merged from various sources.
"Multilevel security from a single security point of control has been a focus for government organizations seeking to reduce redundant infrastructures and more easily share information between agencies while providing a high level of security,” said Jim Porell chief strategist for IBM zSeries Software, “With IBM's z/OS and DB2 software IBM is enabling organizations outside the government to help meet their security needs and opening up new opportunities for corporate businesses who want to offer highly secure hosting services."
Multilevel security on z/OS can take advantage of IBM's eServer zSeries functionality such as robust cryptography, high availability, scalability and flexibility to provide a highly secure environment.
IBM's z/OS 1.5 and DB2 Universal Database for z/OS is planned to be available on March 26, 2004.
Based on this Multilevel Security technology, z/OS 1.6 is currently in evaluation for Common Criteria certification to the Labeled Security Protection Profile (LSPP) at EAL3+. Evaluation for certification for Controlled Access Protection Profile (CAPP) to the EAL3+ is also in progress.
New capabilities which are planned to be included in z/OS 1.5:
-
More security: Expanded scope of z/OS Intrusion Detection Services, Improved management of digital certificates on z/OS
-
Self-optimizing enhancements: z/OS 1.5 simplifies Workload Manager (WLM) control for WebSphere. Customers now have the choice to manually define WebSphere application environments for WLM or have WebSphere define them
-
Improved performance for backup/recovery of DB2 data.
IBM is also previewing z/OS 1.6 including some key enhancements such as:
-
Scaling: z/OS 1.6 is planned to support more than 16 engines in a single z/OS image
-
64-bit application development support for C/C++.
-
Self-healing network: TCP/IP Sysplex health monitoring is planned to be enhanced to improve TCP/IP availability across a sysplex.
Planned for availability in September 2004, z/OS 1.6 will be the first release of z/OS that requires a zSeries server (z800, z900, z990).
