IBM Introduces Breakthrough Technology to Ensure Customer Data Privacy

Select a topic or year

ARMONK, NY - 12 Sep 2006: IBM (NYSE: IBM) announced today the introduction of first-of-its-kind encryption technology and services that deliver the world's first enterprise-class solutions for securing consumer and corporate data privacy.

Today's announcement will help businesses address virtually every element of the data security chain and is highlighted by the introduction of the industry's first fully encrypting data drive, bringing unsurpassed levels of security to small, medium and large businesses alike. This history-making, open-standards-based drive is designed to protect the data in the event that it is lost or stolen, rendering it unreadable to anyone who finds it. With this option, customers can encrypt the large files intended for remote recovery sites, or for data archiving, at tape hardware speeds. It will also provide customers with the ability to share encrypted tapes with their business partners.

IBM's Security and Privacy Services practice within IBM Global Technology Services will provide the necessary framework, architecture and support to execute a comprehensive enterprise security program and leverage IBM's encryption solution to resolve data security issues.

Additionally, IBM Business Continuity and Resiliency Services (BCRS) have IBM's data encryption drives installed at their worldwide recovery locations. IBM BCRS will also offer services to execute recovery procedures and operations that include use of tape hardware encryption.

New Encryption Technology -- IBM System Storage TS1120

More than 30 government agencies and states have instituted rules and legislation requiring businesses to disclose security breaches, which is why millions of consumers have been notified of potential security breaches regarding personal information in the past year. The IBM System Storage TS1120 is the first encryption drive in the market that addresses the requirements of that legislation and the needs of businesses to protect sensitive information that they store on their customers.

"We were thrilled to hear that IBM is offering a tape encryption solution," said Debbie Wheeler, Chief Information Security Officer at Fifth Third Bank. "Protecting the data of our customers is a top priority for Fifth Third Bank, and encryption is a key part of that strategy."

There are significant advantages to performing encryption in the tape drive. Early measurements show no appreciable degradation to performance during the reading and writing of encrypted data. Encryption in the drive also allows data compression, reducing potential impact on the media, and the encryption-enabled tape drive can also process non-encrypted workloads.

"Demand for the new data encryption drive has been off the charts, with IBM already exceeding its internal goals," said Andy Monshaw, general manager, IBM System Storage. "The reason for the demand is simple -- data loss and identity theft continue to plague corporations and consumers alike. Today, a new level of security is available to corporations that want to ensure their data will never be accessed if it is ever found in the wrong hands. In the case of stolen or lost records saved to tape or disk, encrypting data renders the records totally unreadable."

In addition to providing high-performance encryption in the drives, IBM's innovations in encryption key management is a crucial and proven part of the tape encryption solution. This key management capability is designed to allow customers to ensure that the tape can only be decrypted by authorized parties, and the decryption keys are available when and where they are needed.

The IBM tape encrypting solution leverages the proven encryption technologies of the IBM mainframe. Mainframe centralized key management provides a single point of control for the tape encryption keys, with high security and availability, long-term key management, and excellent disaster recovery capabilities. System z servers also use tamper-resistant hardware features for further protection of the keys.

"Public-key cryptography gives customers a tool set that allows them to radically simplify the process of key management. A unique key can be used with each tape cartridge, and by using public key cryptography, customers can conceal these unique keys and leave them right with the tape cartridge," said Marianne Mostachetti, Director of IBM System z Software. "The public-key infrastructure that's inherent in the IBM z/OS is the ideal way for tape cartridges to be opened up."

Encryption comes standard on all newly ordered TS1120 tape drives and clients with installed TS1120 drives can upgrade to include this feature for a fee. The IBM Encryption Key Manager for the Java platform -- free as part of IBM's Java software development kit -- can help generate and communicate encryption keys for tape drives across the enterprise. Finally, key management software supports the encryption tape drive on a wide variety of configurations, such as z/OS, i5/OS, AIX, HP, Sun, Linux and Windows.

The TS1120 drives support three different encryption management methods: Application, System, or Library Managed. For System or Library managed encryption, the IBM Encryption Key Manager for the Java platform -- included, at no additional charge, as part of IBM's Java Virtual Machine -- will generate and communicate encryption keys for tape drives across the enterprise. This encryption capability is supported when the TS1120 Tape Drive is integrated or attaches in the IBM System Storage TS3500 Tape Library, IBM System Storage TS1120 Tape Controller Model C06, IBM TotalStorage® 3592 Tape Controller Model J70, IBM TotalStorage 3494 Tape Libraries, IBM TotalStorage C20 Silo Attach frame, and stand-alone environments.

For Application managed encryption, IBM Tivoli Storage Manager -- IBM's enterprise-level back up and recovery software -- can generate and communicate encryption keys to the TS1120 drives. Tivoli Storage Manager's policy management capabilities automatically determines if TS1120 encryption is to be used, and if so invokes encryption and provides the necessary encryption keys. TSM support for TS1120 encryption capabilities is the newest addition to TSM's encryption capabilities for securing data-at-rest. Tivoli Storage Manager is the only backup/archive software that supports encryption keys, offering customers one-stop shopping for backup, archiving and encryption, all from IBM and managed by Tivoli.

"IBM's new encryption technology represents a breakthrough that will benefit customers worldwide," said Kevin B. Roden, Iron Mountain's Executive Vice President and Chief Information Officer. "Secure tape encryption is critical in the creation of transportable media. It greatly reduces the risk of data loss. Iron Mountain's value proposition of Offsite data protection is greatly enhanced through this technology, as approximately 75 percent of the world's enterprise data is still stored on tape."

IBM Encryption Leadership

IBM developed the first encryption standards -- published by the NSA in 1975 -- and with 3,500 security and privacy professionals around the world, IBM continues to lead in information security. The IBM TS1120 now joins IBM's broad range of encryption solutions, including IBM Data Encryption for Information Management System (IMS) and DB2 Databases and IBM Encryption Facility for z/OS.

Pricing and Availability

The IBM System Storage TS1120 is available immediately, with a starting list price of $35,500.

For more information about IBM, visit

Related XML feeds
Topics XML feeds
IBM Storage
Storage software, tape and disk innovations