Loading...

Follow Mainframe Debate - Steven Dickens on Feedspot

Continue with Google
Continue with Facebook
or

Valid

In this 2 part blog series I plan to cover some of my own perspectives on the Red Hat acquisition and what it means for IBM as we enter what Ginni oft calls Chapter 2 of the Cloud.  In part 1 of this 2 part series, I plan to cover the IBM and Red Hat angle at a corporate level and in part 2 what the acquisition means for the mainframe and LinuxONE businesses.

The corporate press release says: The acquisition redefines the cloud market for business. Red Hat’s open hybrid cloud technologies are now paired with the unmatched scale and depth of IBM’s innovation and industry expertise, and sales leadership in more than 175 countries. Together, IBM and Red Hat will accelerate innovation by offering a next-generation hybrid multi-cloud platform. Based on open source technologies, such as Linux and Kubernetes, the platform will allow businesses to securely deploy, run and manage data and applications on-premises and on private and multiple public clouds.

My take is that IBM and Red Hat truly do add up to a 2 + 2 = 5 type equation.  Couple Red Hat products, community and track record of innovation with IBM’s reach, partner network and client access and you have a path to growth for both companies

IBM Red Hat

The CEO’s of both companies are obviously jazzed about the acquisition:

“Businesses are starting the next chapter of their digital reinventions, modernizing infrastructure and moving mission-critical workloads across private clouds and multiple clouds from multiple vendors,” said Ginni Rometty, IBM chairman, president and CEO. “They need open, flexible technology to manage these hybrid multicloud environments. And they need partners they can trust to manage and secure these systems. IBM and Red Hat are uniquely suited to meet these needs. As the leading hybrid cloud provider, we will help clients forge the technology foundations of their business for decades to come.”

“When we talk to customers, their challenges are clear: They need to move faster and differentiate through technology. They want to build more collaborative cultures, and they need solutions that give them the flexibility to build and deploy any app or workload, anywhere,” said Jim Whitehurst, president and CEO, Red Hat. “We think open source has become the de facto standard in technology because it enables these solutions. Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility.”

I have seen Ginni and Jim on a couple of occasions together now, both on TV and live at Red Hat Summit and they genuinely finish each other’s sentences and look very comfortable with each other. They obviously have chemistry.

So where is the meat in the acquisition?  The press release gives the insight here, its all about Hybrid multi-cloud:

The Hybrid Cloud Opportunity

IBM’s cloud revenue has grown from 4 percent of total revenue in 2013 to 25 percent today. This growth comes through a comprehensive range of as-a-service offerings and software, services and hardware that enable IBM to advise, build, move and manage cloud solutions across public, private and on-premises environments for customers. IBM cloud revenue for the 12-month period through the first quarter of this year grew to over $19 billion. The Red Hat acquisition is expected to contribute approximately two points of compound annual revenue growth to IBM over a five-year period.

Digital reinvention is at an inflection point as businesses enter the next chapter of their cloud journey. Most enterprises today are approximately 20 percent into their transition to the cloud. In this first chapter of their cloud journey, businesses made great strides in reducing costs, boosting productivity and revitalizing their customer-facing innovation programs. Chapter two, however, is about shifting mission-critical workloads to the cloud and optimizing everything from supply chains to core banking systems.

The IBM take on the opportunity is that o succeed in the next chapter of the cloud, businesses need to manage their entire IT infrastructure, on and off-premises and across different clouds – private and public – in a way that is simple, consistent and integrated. Businesses are seeking one common environment they can build once and deploy in any one of the appropriate footprints to be faster and more agile. IBM’s offerings have evolved to reflect new customer needs and drive greater growth. The acquisition of Red Hat further strengthens IBM as the leader in hybrid cloud for the enterprise.

“As organizations seek to increase their pace of innovation to stay competitive, they are looking to open source and a distributed cloud environment to enable a new wave of digital innovation that wasn’t possible before. Over the next five years, IDC expects enterprises to invest heavily in their journeys to the cloud, and innovation on it. A large and increasing portion of this investment will be on open hybrid and multicloud environments that enable them to move apps, data and workloads across different environments,” said Frank Gens, Senior Vice President and Chief Analyst, IDC. “With the acquisition of Red Hat, and IBM’s commitment to Red Hat’s independence, IBM is well positioned to help enterprises differentiate themselves in their industry by capitalizing on open source in this emerging hybrid and multicloud world.”

The collective ability of IBM and Red Hat to unlock the true value of hybrid cloud for businesses is already resonating among customers moving to the next chapter of digital reinvention.  I see this every day as I talk to clients, so IBM’s press team have this right…

IBM Reinforces Commitment to Open Source and Red Hat Neutrality

IBM and Red Hat have deep open source values and experience. The two companies have worked together for more than 20 years to make open source the default choice for modern IT solutions. This includes the importance of open governance and helping open source projects and communities flourish through continued contribution.

With Red Hat, IBM has acquired one of the most important software companies in the IT industry. Red Hat’s pioneering business model helped bring open source – including technologies like Linux, Kubernetes, Ansible, Java, Ceph and many more – into the mainstream for enterprises. Today, Linux is the most used platform for development. Red Hat Enterprise Linux alone is expected to contribute to more than $10 trillion worth of global business revenues in 2019. By 2023, an additional 640,000 people are expected to work in Red Hat-related jobs.

IBM has committed to scaling and accelerating open source and hybrid cloud for businesses across industries, as well as preserving the independence and neutrality of Red Hat’s open source heritage. This includes its open source community leadership, contributions and development model; product portfolio, services, and go-to-market strategy; robust developer and partner ecosystems, and unique culture.

My take on day 2 of the acquisition is that the internal comms has been well handled, the enablement of the sales force has been solidly executed and the excitement is palpable about what lies ahead as we jointly enter chapter 2 of our clients journey to hybrid multi-cloud with a combined IBM and Red Hat portfolio to address their requirements.

Check back in a couple of weeks time for part 2 of this blog series when I will explore the impact on the mainframe and LinuxONE business and what we can expect with the addition of Red Hat.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

It is a common misconception that blockchain’s inherent security obviates the need for secure end-to-end computing infrastructure, especially for production consortium permissioned networks in regulated environments. Enterprise blockchains, such as the Linux Foundation’s Hyperledger Fabric, do provide crypto operations such as: encryption, hashing, digital signing, authentication and verification, however, they are not sufficient. Production networks require secured peers, ledger, state database, smart contracts, channels, and all internal and network communications. Traditional approaches to protecting the entire environment rely upon selective encryption of a security perimeter (e.g., disk, network traffic, application, and databases).  In addition to the substantial cost and administrative burden of this approach, the moment data leaves its designated perimeter, it is exposed.

Blockchain solutions also rely on traditional technologies for back-end processes like authentication, data processing and APIs.  In essence, the blockchain infrastructure is much like an armadillo: hard shell on the outside, but soft and vulnerable on the inside, especially on commodity hardware.  The blockchain may be secure, but if attackers can find a way in through poor access controls, for example, the whole infrastructure may be vulnerable. These components included everything from the network IP address, the blockchain layer, back-end components such as databases and object stores, the APIs, the externally-facing IP addresses and the mobile applications associated with the network.

Access control is critical to blockchain security; often permissions and access controls are implemented at the application level but not at the blockchain layer. If hackers compromised any application and accessed internal networks, they could hit any number of APIs associated with the blockchain. With no access controls, a malicious actor could literally do anything and everything they wanted on the chain itself.

Another common security problem: data stored off the blockchain and accessed through reference codes on the chain. Although the unique ID (hash) on the blockchain that references the data cannot be changed, a malicious insider could alter the original data in the off-chain database, and the blockchain reference code would then access the changed data; which could lead to elevation of privileges, account hijacking or accessing of information from an unauthorized perspective.

An often-overlooked element is the security of smart contracts. A smart contract is not just a piece of code; it is a representation of business logic that may secure a house on the blockchain, assure a digital identity, or even represent an escrow transaction between people buying and selling a used car. It is important that a smart contract is reliable and always does what it says it will. Smart contracts and other deployed applications should undergo a trusted build process complete with independent software attestation. Without a secure CI/CD process, someone could write malicious code that, once executed, would have granted command-level access to the hosting server and deploy backdoored smart contracts.

IBM’s open source Linux cloud server called LinuxONE draws upon the architectural lineage of the IBM mainframe but designed only for serving open source Linux (in all the standard distributions). Over 70% of today’s credit card, bank, airline or telco transactions are processed on this technology. LinuxONE also provides system availability measured in decades without a single point of failure and built with the world’s fastest commercial processor with dedicated I/O processors to move data with uncompromised integrity.

Pervasive Encryption

Not unlike the magical gadgets provided to James Bond by Q Branch, LinuxONE features distinct technologies that are particularly useful for securing blockchain nodes from external, insider, and developer attack vectors. IBM’s point of view is that all data at rest and in flight should be encrypted without the need to modify applications or databases. IBM LinuxONE’s Pervasive Encryption differentiates from Intel x86 by providing an industry unique real-time, end-to-end, holistic security encryption apparatus for the entire production environment.  Blockchain applications can benefit from the end-to-end encryption of data, for both data-at-rest (e.g., the ledger stored on the disk) and data-at- flight (e.g., transactions and peers’ communication). Traditionally, the largest barrier for running full-scale encryption has been the cost of the encryption and the performance load put upon the computing platform. Indeed, bolt-on security solutions can take up over 60% of system capacity. It would take 12 times the number of x86 servers and 7 times the capacity to execute the workload on a single server. In contrast, LinuxONE’s ability to encrypt in bulk provides 18 times performance at only 1/20th the cost of a similarly x86 based solution.

Logical Partitions

IBM’s LinuxONE is designed for Common Criteria Evaluation Assurance Level 5+ (EAL5+) certification. This level is achieved through the use of logical partitions (LPARs).  An application running in one operating system image in an LPAR cannot access an application running on a different operating system image on another LPAR.  LPAR’s enable separation of blockchain application elements, database components, into strictly defined, isolated security zones. LinuxONE’s isolation provides for near ‘air-gap’ separation of appliance environments on a single server footprint (air gapped servers still have network connections between that could be breached). Compared to x86, LinuxONE reduces the threat surface by nearly 92% according to Solitaire International.

True Random Number Generator

Cryptographic algorithms rely on random seeds. Pseudorandom number generators commonly found on x86 systems have been successfully brute force attacked. True Random Number Generators (TRNGs) stop this class of attacks. IBM LinuxONE systems incorporate built-in TRNGs into the processor cores and IBM Crypto Express 6S. The TRNGs are designed to support the most demanding cryptographic security requirements.

Firmware Tamper Protection

IBM LinuxONE systems comply with National Standards and Technology (NIST) Special Publication 800-147B and raise an alarm if anyone attempts to tamper with firmware booting. Dedicated Hardware Management Consoles support multi-factor authentication (per IETF RFC 6238) and separate role-based security profiles. These dedicated HMC’s prevent operators from exceeding defined responsibilities.

Time Source Security

Accurate timekeeping is a critical element in maintaining security. Timekeeping is vital for checking and rejecting expired credentials and certificates. Some blockchain attacks have taken advantage of poor clock synchronization. IBM LinuxONE systems incorporate high-quality system clocks in redundant form, with continuous, automatic error checking. This redundancy allows for the isolation and removal of any failed clock component before it produces an inaccurate time. Even the highest quality clocks require synchronization with the world’s most trusted time bureaus. LinuxONE systems are equipped with Server Time Protocol (STP), a system feature that makes regular inquiries with trusted time bureaus. STP can also check the validity of time information using symmetric key and Autokey authentication per IETF RFCs 1305 and 5906, to assure that time messages are not falsified or altered. STP also helps the system handle the periodic leap seconds that global time standards mandate.

Hardware Security Module

Hardware Security Modules (HSM’s) are dedicated components designed to hold, protect, and secure master crypto keys. HSMs are critical for blockchain cryptographic operations including encryption, access control and data protection.  However, not all HSMs are built the same and some are vulnerable to exploits.  Without HSM’s, encryption keys would be typically held in x86 main system memory, vulnerable if an attacker breaches application security. LinuxONE’s Crypto Express 6S features a FIPS 140-2 Level 4-compliant tamper-proof secure key infrastructure for storing private keys and certificates.  This classification is highest available on the market today. There are significant differences between Level 3 and Level 4 certified HSM’s. While Level 3 HSM’s respond to tampering with their doors or covers, they can still be attacked through other paths. It’s like securing your doors and windows, only to have an intruder drill through the floor below. In banking, should a Level 3 HSM be breached, new keys would be generated and transactions reversed. However, reversing transactions is not possible on blockchains.

IBM HSM’s support a concept known as “cryptographic domains”. Secure keys generated and wrapped with the master key in one domain are not usable by another domain using a different master key.   Crypto Express 6S supports over 300 cryptographic algorithms including Elliptic Curve Digital Signature Algorithms.  It detects any physical intrusion such as drilling, probing, chemical attacks, temperature attacks, and offers protection from side channel attacks and x-ray proton beaming of ASIC and FPGA to trigger bit flips.  Should Crypto Express 6S detect such tampering, it will self-destruct before giving up key material. It also provides double asymmetric encryption acceleration for TLS handshakes.

IBM’s CryptoExpress 6S also employs multiple key generation engines that feature parity checks and error code correcting that is unique to this HSM.  All other HSMs risk key generation issues should they encounter a CPU fault. LinuxONE is able to process over 350,000 encrypted transactions per second by wrapping the Linux clear key with the HSM’s trusted key into a “protected key” using hardware-based cryptographic acceleration. Thus Protected Key provides the FIPS 140-2 level 4 trusted key guarantee at scale. Protected keys are stored outside the Linux kernel preventing raw key material from being visible to the operating systems and applications. Protected Key guarantees an additional level of security not available on any other platform

Secure Service Container: 16 TB of protected memory.

Working with Crypto Express 6S is LinuxONE’s Secure Service Container (SSC). It provides an FIPS-197 AES 256 bit encrypted, isolated, and trusted runtime for deploying the blockchain infrastructure. SSC completely conceals Fabric’s data and prevents non-authorized access—both from inside and outside threats. IBM’s production blockchain networks all run in LinuxONE SSCs as part of the IBM Blockchain Platform Enterprise Plan (below illustration). The SSC provides the base infrastructure for integrating the operating system, middleware and software components into an appliance, which works autonomously and provides core services and infrastructure focusing on consumability and security.

A malicious actor who has Docker group level access rights can perform a Docker container permission exploit to obtain root level access to the Linux kernel and obtain access to smart contracts held in another container on the same virtual machine (https://fosterelli.co/privilege-escalation-via-docker.html). Should a malicious actor obtain root access rights to an unprotected x86 Linux kernel, they could perform a memory core dump which would expose the private key seed material and perform smart contract attacks.  Should the same actor perform the same core dump with the blockchain application running in the LinuxONE SSC, they would obtain nothing, just useless encrypted data. The LinuxONE SSC appliance is secured by a trusted firmware boot sequence before the software deployment. The appliance is made tamper-resistant during the installation and runtime. After the appliance is built, it can be accessed only by remote APIs. System administrators cannot access the memory or processor state; there is no direct host or OS level interaction.

The LinuxONE SSC creates a trusted execution environment (TEE) for running containerized workloads and databases, such as blockchain, in up to 16TB of memory.  By using a TEE, one does not have to trust the host system which runs the blockchain node. Intel’s Software Guard Extensions (SGX) also establishes TEE enclaves, however, they come with several important constraints that make them suboptimal for securing blockchains.  Intel’s SGX has a memory limit of only 128 MB of which roughly 90 MB is usable. Due to SGX’s size limitation, developers must re-factor code to designate which parts will be secured/encrypted. With only a portion of the application secured by SGX, neighbouring applications can attack the SGX application with a side-channel attack, which has been done successfully.  SGX enclaves are protected memory areas located inside an x86 CPU. When the enclave stops, restarts, or crashes, the internal state is lost and cannot be recovered. SGX uses a data sealing approach that encrypts and authenticates data before leaving the enclave where it is stored externally. When the enclave restarts, it loads and decrypts the data preserving data confidentiality. However, it does not prevent rollback attacks whereby properly sealed data operates on blockchain state data that could be stale.

Rollback attacks on stateful applications running in TEEs pose serious risks, unless the state continuity of an application is ensured. For example, if a malicious blockchain node is able to influence the execution order of smart contract transactions in an SGX enclave, it could learn information about those transactions without being able to decrypt them. The node running a sealed-bid auction blockchain application could execute a bid evaluation transaction multiple times and then reset the enclave again afterwards every time a new bid has been committed to the ledger. Thus, the malicious node could make inferences about other bids violating the integrity of the system without having to break encryption in the SGX enclave. The SGX architecture is also vulnerable to state continuity exploits. Since the malicious node has access to the key value store database, that cannot be accommodated by the SGX enclave due to size limitations, the node could intercept, modify, reorder, discard, or replay smart contract operations by feeding the enclave manipulated state inputs or even drop messages or halt the enclave and prevent consensus altogether. State continuity and rollback attacks can be prevented if the state input to the smart contract enclave always corresponds to the unique, committed blockchain state. One way to guarantee the desired state continuity would be to run the whole blockchain node, especially its protocol logic and the state maintenance, within the enclave such as possible running then entire node in LinuxONE’s SSC.

Ensuring a Trusted Build – Secure CI/CD

Without a trusted DevOps CI/CD process, someone could write malicious code that, once executed, would have granted command-level access to the hosting server and deploy backdoored smart contracts.  In IBM’s Secure CI/CD process, the build process runs within the LinuxONE SSC appliance that builds the image, generates a key, signs it, and pushes it to a Docker Hub repository using the Docker Content Trust framework. Docker Content Trust is commonly used to make sure that a container binary image is from an original developer, not from a malicious developer.  If signing the key were to be stolen, a malicious person could replace the image on Docker Hub with another image with malicious code.  The LinuxONE SSC secure build protects the signing key and source code manifest that ensures we can trust the binary image.

Third party auditors perform code reviews and testing prior to deployment to ensure the integrity of the build. Auditors review the manifest that describes all the ingredients to produce the image binary, such as the source code, and a base image, and so on. The manifest is signed inside the LinuxONE CICD Service to make sure that it is not replaced with something else.  Each auditor checks the manifest to establish confidence that no malicious code exists in the final image. The attested image is deployed into the LinuxONE SSC runtime environment by build endorsement service via an endorsement policy, like a multi-signature or multi-factor authentication. LinuxONE SSC only runs a Docker container if the image is trusted in the Docker content trust framework and if the manifest meets an endorsement policy for this particular application.

The LinuxONE’s unique security capabilities of pervasive encryption, FIPS 140-2 Level 4 HSM, and the SSC make it not only suitable, but the preferred platform for permissioned blockchain solutions.

Editors Note

This post was penned by Peter Demeo who is a WW subject matter expert on the intersection of Blockchain, Digital Assets and Secure Infrastructure. Peter is literally re-defiing how the industry thinks about the deployment of secure Blockchain networks and his approach to securing digital assets will provide the trust so needed as the world of finance reimagines itself. I highly recommend you follow Peter on Twitter
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

It is a common misconception that blockchain’s inherent security obviates the need for secure end-to-end computing infrastructure, especially for production consortium permissioned networks in regulated environments. Enterprise blockchains, such as the Linux Foundation’s Hyperledger Fabric, do provide crypto operations such as: encryption, hashing, digital signing, authentication and verification, however, they are not sufficient. Production networks require secured peers, ledger, state database, smart contracts, channels, and all internal and network communications. Traditional approaches to protecting the entire environment rely upon selective encryption of a security perimeter (e.g., disk, network traffic, application, and databases).  In addition to the substantial cost and administrative burden of this approach, the moment data leaves its designated perimeter, it is exposed.

Blockchain solutions also rely on traditional technologies for back-end processes like authentication, data processing and APIs.  In essence, the blockchain infrastructure is much like an armadillo: hard shell on the outside, but soft and vulnerable on the inside, especially on commodity hardware.  The blockchain may be secure, but if attackers can find a way in through poor access controls, for example, the whole infrastructure may be vulnerable. These components included everything from the network IP address, the blockchain layer, back-end components such as databases and object stores, the APIs, the externally-facing IP addresses and the mobile applications associated with the network.

Access control is critical to blockchain security; often permissions and access controls are implemented at the application level but not at the blockchain layer. If hackers compromised any application and accessed internal networks, they could hit any number of APIs associated with the blockchain. With no access controls, a malicious actor could literally do anything and everything they wanted on the chain itself.

Another common security problem: data stored off the blockchain and accessed through reference codes on the chain. Although the unique ID (hash) on the blockchain that references the data cannot be changed, a malicious insider could alter the original data in the off-chain database, and the blockchain reference code would then access the changed data; which could lead to elevation of privileges, account hijacking or accessing of information from an unauthorized perspective.

An often-overlooked element is the security of smart contracts. A smart contract is not just a piece of code; it is a representation of business logic that may secure a house on the blockchain, assure a digital identity, or even represent an escrow transaction between people buying and selling a used car. It is important that a smart contract is reliable and always does what it says it will. Smart contracts and other deployed applications should undergo a trusted build process complete with independent software attestation. Without a secure CI/CD process, someone could write malicious code that, once executed, would have granted command-level access to the hosting server and deploy backdoored smart contracts.

IBM’s open source Linux cloud server called LinuxONE draws upon the architectural lineage of the IBM mainframe but designed only for serving open source Linux (in all the standard distributions). Over 70% of today’s credit card, bank, airline or telco transactions are processed on this technology. LinuxONE also provides system availability measured in decades without a single point of failure and built with the world’s fastest commercial processor with dedicated I/O processors to move data with uncompromised integrity.

Pervasive Encryption

Not unlike the magical gadgets provided to James Bond by Q Branch, LinuxONE features distinct technologies that are particularly useful for securing blockchain nodes from external, insider, and developer attack vectors. IBM’s point of view is that all data at rest and in flight should be encrypted without the need to modify applications or databases. IBM LinuxONE’s Pervasive Encryption differentiates from Intel x86 by providing an industry unique real-time, end-to-end, holistic security encryption apparatus for the entire production environment.  Blockchain applications can benefit from the end-to-end encryption of data, for both data-at-rest (e.g., the ledger stored on the disk) and data-at- flight (e.g., transactions and peers’ communication). Traditionally, the largest barrier for running full-scale encryption has been the cost of the encryption and the performance load put upon the computing platform. Indeed, bolt-on security solutions can take up over 60% of system capacity. It would take 12 times the number of x86 servers and 7 times the capacity to execute the workload on a single server. In contrast, LinuxONE’s ability to encrypt in bulk provides 18 times performance at only 1/20th the cost of a similarly x86 based solution.

Logical Partitions

IBM’s LinuxONE is designed for Common Criteria Evaluation Assurance Level 5+ (EAL5+) certification. This level is achieved through the use of logical partitions (LPARs).  An application running in one operating system image in an LPAR cannot access an application running on a different operating system image on another LPAR.  LPAR’s enable separation of blockchain application elements, database components, into strictly defined, isolated security zones. LinuxONE’s isolation provides for near ‘air-gap’ separation of appliance environments on a single server footprint (air gapped servers still have network connections between that could be breached). Compared to x86, LinuxONE reduces the threat surface by nearly 92% according to Solitaire International.

True Random Number Generator

Cryptographic algorithms rely on random seeds. Pseudorandom number generators commonly found on x86 systems have been successfully brute force attacked. True Random Number Generators (TRNGs) stop this class of attacks. IBM LinuxONE systems incorporate built-in TRNGs into the processor cores and IBM Crypto Express 6S. The TRNGs are designed to support the most demanding cryptographic security requirements.

Firmware Tamper Protection

IBM LinuxONE systems comply with National Standards and Technology (NIST) Special Publication 800-147B and raise an alarm if anyone attempts to tamper with firmware booting. Dedicated Hardware Management Consoles support multi-factor authentication (per IETF RFC 6238) and separate role-based security profiles. These dedicated HMC’s prevent operators from exceeding defined responsibilities.

Time Source Security

Accurate timekeeping is a critical element in maintaining security. Timekeeping is vital for checking and rejecting expired credentials and certificates. Some blockchain attacks have taken advantage of poor clock synchronization. IBM LinuxONE systems incorporate high-quality system clocks in redundant form, with continuous, automatic error checking. This redundancy allows for the isolation and removal of any failed clock component before it produces an inaccurate time. Even the highest quality clocks require synchronization with the world’s most trusted time bureaus. LinuxONE systems are equipped with Server Time Protocol (STP), a system feature that makes regular inquiries with trusted time bureaus. STP can also check the validity of time information using symmetric key and Autokey authentication per IETF RFCs 1305 and 5906, to assure that time messages are not falsified or altered. STP also helps the system handle the periodic leap seconds that global time standards mandate.

Hardware Security Module

Hardware Security Modules (HSM’s) are dedicated components designed to hold, protect, and secure master crypto keys. HSMs are critical for blockchain cryptographic operations including encryption, access control and data protection.  However, not all HSMs are built the same and some are vulnerable to exploits.  Without HSM’s, encryption keys would be typically held in x86 main system memory, vulnerable if an attacker breaches application security. LinuxONE’s Crypto Express 6S features a FIPS 140-2 Level 4-compliant tamper-proof secure key infrastructure for storing private keys and certificates.  This classification is highest available on the market today. There are significant differences between Level 3 and Level 4 certified HSM’s. While Level 3 HSM’s respond to tampering with their doors or covers, they can still be attacked through other paths. It’s like securing your doors and windows, only to have an intruder drill through the floor below. In banking, should a Level 3 HSM be breached, new keys would be generated and transactions reversed. However, reversing transactions is not possible on blockchains.

IBM HSM’s support a concept known as “cryptographic domains”. Secure keys generated and wrapped with the master key in one domain are not usable by another domain using a different master key.   Crypto Express 6S supports over 300 cryptographic algorithms including Elliptic Curve Digital Signature Algorithms.  It detects any physical intrusion such as drilling, probing, chemical attacks, temperature attacks, and offers protection from side channel attacks and x-ray proton beaming of ASIC and FPGA to trigger bit flips.  Should Crypto Express 6S detect such tampering, it will self-destruct before giving up key material. It also provides double asymmetric encryption acceleration for TLS handshakes.

IBM’s CryptoExpress 6S also employs multiple key generation engines that feature parity checks and error code correcting that is unique to this HSM.  All other HSMs risk key generation issues should they encounter a CPU fault. LinuxONE is able to process over 350,000 encrypted transactions per second by wrapping the Linux clear key with the HSM’s trusted key into a “protected key” using hardware-based cryptographic acceleration. Thus Protected Key provides the FIPS 140-2 level 4 trusted key guarantee at scale. Protected keys are stored outside the Linux kernel preventing raw key material from being visible to the operating systems and applications. Protected Key guarantees an additional level of security not available on any other platform

Secure Service Container: 16 TB of protected memory.

Working with Crypto Express 6S is LinuxONE’s Secure Service Container (SSC). It provides an FIPS-197 AES 256 bit encrypted, isolated, and trusted runtime for deploying the blockchain infrastructure. SSC completely conceals Fabric’s data and prevents non-authorized access—both from inside and outside threats. IBM’s production blockchain networks all run in LinuxONE SSCs as part of the IBM Blockchain Platform Enterprise Plan (below illustration). The SSC provides the base infrastructure for integrating the operating system, middleware and software components into an appliance, which works autonomously and provides core services and infrastructure focusing on consumability and security.

A malicious actor who has Docker group level access rights can perform a Docker container permission exploit to obtain root level access to the Linux kernel and obtain access to smart contracts held in another container on the same virtual machine (https://fosterelli.co/privilege-escalation-via-docker.html). Should a malicious actor obtain root access rights to an unprotected x86 Linux kernel, they could perform a memory core dump which would expose the private key seed material and perform smart contract attacks.  Should the same actor perform the same core dump with the blockchain application running in the LinuxONE SSC, they would obtain nothing, just useless encrypted data. The LinuxONE SSC appliance is secured by a trusted firmware boot sequence before the software deployment. The appliance is made tamper-resistant during the installation and runtime. After the appliance is built, it can be accessed only by remote APIs. System administrators cannot access the memory or processor state; there is no direct host or OS level interaction.

The LinuxONE SSC creates a trusted execution environment (TEE) for running containerized workloads and databases, such as blockchain, in up to 16TB of memory.  By using a TEE, one does not have to trust the host system which runs the blockchain node. Intel’s Software Guard Extensions (SGX) also establishes TEE enclaves, however, they come with several important constraints that make them suboptimal for securing blockchains.  Intel’s SGX has a memory limit of only 128 MB of which roughly 90 MB is usable. Due to SGX’s size limitation, developers must re-factor code to designate which parts will be secured/encrypted. With only a portion of the application secured by SGX, neighbouring applications can attack the SGX application with a side-channel attack, which has been done successfully.  SGX enclaves are protected memory areas located inside an x86 CPU. When the enclave stops, restarts, or crashes, the internal state is lost and cannot be recovered. SGX uses a data sealing approach that encrypts and authenticates data before leaving the enclave where it is stored externally. When the enclave restarts, it loads and decrypts the data preserving data confidentiality. However, it does not prevent rollback attacks whereby properly sealed data operates on blockchain state data that could be stale.

Rollback attacks on stateful applications running in TEEs pose serious risks, unless the state continuity of an application is ensured. For example, if a malicious blockchain node is able to influence the execution order of smart contract transactions in an SGX enclave, it could learn information about those transactions without being able to decrypt them. The node running a sealed-bid auction blockchain application could execute a bid evaluation transaction multiple times and then reset the enclave again afterwards every time a new bid has been committed to the ledger. Thus, the malicious node could make inferences about other bids violating the integrity of the system without having to break encryption in the SGX enclave. The SGX architecture is also vulnerable to state continuity exploits. Since the malicious node has access to the key value store database, that cannot be accommodated by the SGX enclave due to size limitations, the node could intercept, modify, reorder, discard, or replay smart contract operations by feeding the enclave manipulated state inputs or even drop messages or halt the enclave and prevent consensus altogether. State continuity and rollback attacks can be prevented if the state input to the smart contract enclave always corresponds to the unique, committed blockchain state. One way to guarantee the desired state continuity would be to run the whole blockchain node, especially its protocol logic and the state maintenance, within the enclave such as possible running then entire node in LinuxONE’s SSC.

Ensuring a Trusted Build – Secure CI/CD

Without a trusted DevOps CI/CD process, someone could write malicious code that, once executed, would have granted command-level access to the hosting server and deploy backdoored smart contracts.  In IBM’s Secure CI/CD process, the build process runs within the LinuxONE SSC appliance that builds the image, generates a key, signs it, and pushes it to a Docker Hub repository using the Docker Content Trust framework. Docker Content Trust is commonly used to make sure that a container binary image is from an original developer, not from a malicious developer.  If signing the key were to be stolen, a malicious person could replace the image on Docker Hub with another image with malicious code.  The LinuxONE SSC secure build protects the signing key and source code manifest that ensures we can trust the binary image.

Third party auditors perform code reviews and testing prior to deployment to ensure the integrity of the build. Auditors review the manifest that describes all the ingredients to produce the image binary, such as the source code, and a base image, and so on. The manifest is signed inside the LinuxONE CICD Service to make sure that it is not replaced with something else.  Each auditor checks the manifest to establish confidence that no malicious code exists in the final image. The attested image is deployed into the LinuxONE SSC runtime environment by build endorsement service via an endorsement policy, like a multi-signature or multi-factor authentication. LinuxONE SSC only runs a Docker container if the image is trusted in the Docker content trust framework and if the manifest meets an endorsement policy for this particular application.

The LinuxONE’s unique security capabilities of pervasive encryption, FIPS 140-2 Level 4 HSM, and the SSC make it not only suitable, but the preferred platform for permissioned blockchain solutions.

Editors Note

This post was penned by Peter Demeo who is a WW subject matter expert on the intersection of Blockchain, Digital Assets and Secure Infrastructure. Peter is literally re-defiing how the industry thinks about the deployment of secure Blockchain networks and his approach to securing digital assets will provide the trust so needed as the world of finance reimagines itself. I highly recommend you follow Peter on Twitter
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Digital Transformation – A Cautionary Tale 

Very few organizations’ of any size are not being impacted by today’s digital era and the seismic changes being seen in the market place. Entire industries have been disrupted beyond all predictions in the last decade or so. Indeed 88% of the Fortune 500 have dropped off that list in the last 50 years, as those who fail to keep up with the pace of change are being replaced by those who can adapt.

Unsurprisingly, industry studies suggested that digital readiness was a top risk concern for 2019. All the more worrying then perhaps, that as few as 21% of organizations do not have a comprehensive digital strategy. So with still a lot of work to do, what’s the secret?

Tackling Objectives and Challenges

As the saying goes, if you fail to plan, you plan to fail. And for large-scale organizational upheaval, it is especially true. The strategic approach to digital transformation depends heavily on a full understanding of current capabilities, models, processes and the supporting technology and resources which operate them, in addition to a clear view of what the goals and measurable benefits will be.

The concrete outcomes are most commonly classified in terms of lowering costs, accelerating how business is done and inappropriately managing risks to the business from present and future operational environments.

Making fast progress towards these goals is, alas, often hampered by practical barriers that are individually difficult to solve, particularly in the case of the existing technology landscape already in place. Such as vendor lock-in, complex business processes, interdependent apps and data, inefficient delivery processes, technical constraints and skills issues.

Plotting each element in turn, and its relative importance is critical to determining the right strategy.

Making Sense of Today’s Landscape

Business realities are one thing, but the IT underpinnings are an equally critical component. And with the technology landscape forever changing, and only ever growing in complexity, that task is significant. Today, large global enterprise businesses typically run a hybrid environment, a consequence of adopting multiple waves of technological advancements over time

Each individual advancement offered opportunity and progress but eventually results in a highly complex and inefficient technology environment. Most organizations are pursuing digital transformation programs with a view to reduce complexity, create better flexibility and reduce total cost of ownership. So even those with a mainframe at the centre, this is a connected digital age and there will inevitably be requirements and opportunities for a hybrid IT model that covers mainframes, Linux, cloud, desktops and devices.

There is a tremendous value that has been created in business applications and data and there is a lot to be gained in digital transformation by leveraging that value as much as possible, in transforming it with the minimum cost and risk.

Taking the Risk out of Transformation

Large scale projects for ripping and replacing older systems are notoriously risky and unpredictable. Such risks are measured as an average IT project failure rate of 71%, which amounts to a $1.7Tr cost in a single year. These are dreadful numbers and no organization wants to waste that sort of time and money and reputation.

Which is why more and more organizations are turning towards ways in which transformational change is part of an organic, incremental process. Many are finding that a pragmatic, yet strategic approach to digital transformation has the concept of modernization at its heart. Modernization ensures the existing value of applications and data is protected and leveraged, as a platform for innovation, as opposed to alternative rip and replace or re-write approaches.

There has been a realisation from many years of experience in those more radical transformation projects that their success rate is relatively low, that planned costs and timescales typically grow exponentially, and that the risks to successfully continue business during such a transformation are unacceptably high: Modernization offers the antidote to such risky approaches by building on what already works.

The Market Agrees

Modernization is more pragmatic, as it prioritises on protecting the value of what companies already have, exploiting advancements in technology to deploy and integrate applications in new ways and to surface and integrate data in new ways, with minimum change. Creating portability and operational independence for applications and data is becoming recognised as the fastest and most future-proofed path to building a platform for digital transformation, and some reports are showing a rapidly expanding demand. Market influencers such as Gartner and IDC have commented positively on the merits of Modernization, while many of the global systems integrators are industrializing their own IT Modernization practices to support their customers’ transformation programs.

Planning the Journey

Modernization means many things to many organizations, which will be driven by the digital transformation needs. But it will typically need to encompass a range of attributes. Such attributes will include the infrastructure – supporting a Hybrid IT approach; the delivery process – taking into account an evolution towards Enterprise DevOps; as well as considerations around Security; and potentially managing and exploiting the data analytic opportunity on the back of this digital change.

The road to digital transformation can appear daunting, but Modernization offers a pragmatic and managed approach to taking incremental steps, which leverages the skills, investments and business value inherent in IT, offering a springboard for future success. Some of the world’s largest enterprises are building on their competitive advantage built into their current IT systems to embark on their next, digital, chapter.

Editors Note:

This post was written by my dear friend Derek Britton from Micro Focus.  He is well worth following on Twitter for more insight.

References

12% of 1955’s Fortune 500 were still on the list in 2014. Source: http://www.aei.org/publication/fortune-500-firms-in-1955-vs-2014-89-are-gone-and-were-all-better-off-because-of-that-dynamic-creative-destruction/

The top risk concern for businesses in 2019 is digital readiness, in comparison to other companies that were “born digital.” Protiviti, 2018. Source: https://www.techrepublic.com/article/digital-readiness-named-top-risk-concern-for-businesses-in-2019/

In 2018, 21% of organizations do not have a comprehensive digital strategy, via ZDNET. Source: https://www.zdnet.com/article/survey-despite-steady-growth-in-digital-transformation-initiatives-companies-face-budget-and-buy-in/

Project success is 29%. Partial or total failure is 71%. Source: https://www.infoq.com/articles/standish-chaos-2015

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Digital Transformation – A Cautionary Tale 

Very few organizations’ of any size are not being impacted by today’s digital era and the seismic changes being seen in the market place. Entire industries have been disrupted beyond all predictions in the last decade or so. Indeed 88% of the Fortune 500 have dropped off that list in the last 50 years, as those who fail to keep up with the pace of change are being replaced by those who can adapt.

Unsurprisingly, industry studies suggested that digital readiness was a top risk concern for 2019. All the more worrying then perhaps, that as few as 21% of organizations do not have a comprehensive digital strategy. So with still a lot of work to do, what’s the secret?

Tackling Objectives and Challenges

As the saying goes, if you fail to plan, you plan to fail. And for large-scale organizational upheaval, it is especially true. The strategic approach to digital transformation depends heavily on a full understanding of current capabilities, models, processes and the supporting technology and resources which operate them, in addition to a clear view of what the goals and measurable benefits will be.

The concrete outcomes are most commonly classified in terms of lowering costs, accelerating how business is done and inappropriately managing risks to the business from present and future operational environments.

Making fast progress towards these goals is, alas, often hampered by practical barriers that are individually difficult to solve, particularly in the case of the existing technology landscape already in place. Such as vendor lock-in, complex business processes, interdependent apps and data, inefficient delivery processes, technical constraints and skills issues.

Plotting each element in turn, and its relative importance is critical to determining the right strategy.

Making Sense of Today’s Landscape

Business realities are one thing, but the IT underpinnings are an equally critical component. And with the technology landscape forever changing, and only ever growing in complexity, that task is significant. Today, large global enterprise businesses typically run a hybrid environment, a consequence of adopting multiple waves of technological advancements over time

Each individual advancement offered opportunity and progress but eventually results in a highly complex and inefficient technology environment. Most organizations are pursuing digital transformation programs with a view to reduce complexity, create better flexibility and reduce total cost of ownership. So even those with a mainframe at the centre, this is a connected digital age and there will inevitably be requirements and opportunities for a hybrid IT model that covers mainframes, Linux, cloud, desktops and devices.

There is a tremendous value that has been created in business applications and data and there is a lot to be gained in digital transformation by leveraging that value as much as possible, in transforming it with the minimum cost and risk.

Taking the Risk out of Transformation

Large scale projects for ripping and replacing older systems are notoriously risky and unpredictable. Such risks are measured as an average IT project failure rate of 71%, which amounts to a $1.7Tr cost in a single year. These are dreadful numbers and no organization wants to waste that sort of time and money and reputation.

Which is why more and more organizations are turning towards ways in which transformational change is part of an organic, incremental process. Many are finding that a pragmatic, yet strategic approach to digital transformation has the concept of modernization at its heart. Modernization ensures the existing value of applications and data is protected and leveraged, as a platform for innovation, as opposed to alternative rip and replace or re-write approaches.

There has been a realisation from many years of experience in those more radical transformation projects that their success rate is relatively low, that planned costs and timescales typically grow exponentially, and that the risks to successfully continue business during such a transformation are unacceptably high: Modernization offers the antidote to such risky approaches by building on what already works.

The Market Agrees

Modernization is more pragmatic, as it prioritises on protecting the value of what companies already have, exploiting advancements in technology to deploy and integrate applications in new ways and to surface and integrate data in new ways, with minimum change. Creating portability and operational independence for applications and data is becoming recognised as the fastest and most future-proofed path to building a platform for digital transformation, and some reports are showing a rapidly expanding demand. Market influencers such as Gartner and IDC have commented positively on the merits of Modernization, while many of the global systems integrators are industrializing their own IT Modernization practices to support their customers’ transformation programs.

Planning the Journey

Modernization means many things to many organizations, which will be driven by the digital transformation needs. But it will typically need to encompass a range of attributes. Such attributes will include the infrastructure – supporting a Hybrid IT approach; the delivery process – taking into account an evolution towards Enterprise DevOps; as well as considerations around Security; and potentially managing and exploiting the data analytic opportunity on the back of this digital change.

The road to digital transformation can appear daunting, but Modernization offers a pragmatic and managed approach to taking incremental steps, which leverages the skills, investments and business value inherent in IT, offering a springboard for future success. Some of the world’s largest enterprises are building on their competitive advantage built into their current IT systems to embark on their next, digital, chapter.

Editors Note:

This post was written by my dear friend Derek Britton from Micro Focus.  He is well worth following on Twitter for more insight.

References

12% of 1955’s Fortune 500 were still on the list in 2014. Source: http://www.aei.org/publication/fortune-500-firms-in-1955-vs-2014-89-are-gone-and-were-all-better-off-because-of-that-dynamic-creative-destruction/

The top risk concern for businesses in 2019 is digital readiness, in comparison to other companies that were “born digital.” Protiviti, 2018. Source: https://www.techrepublic.com/article/digital-readiness-named-top-risk-concern-for-businesses-in-2019/

In 2018, 21% of organizations do not have a comprehensive digital strategy, via ZDNET. Source: https://www.zdnet.com/article/survey-despite-steady-growth-in-digital-transformation-initiatives-companies-face-budget-and-buy-in/

Project success is 29%. Partial or total failure is 71%. Source: https://www.infoq.com/articles/standish-chaos-2015

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The stakes remain high for IT leaders. Not only do they have to respond to dynamic business demands in real time, they must optimize operations on their increasingly complicated multi-platform, multicloud environments– all while simultaneously managing resources and budgets. In short, the mandate for IT leaders remains: “Do more with less.”

Today, IBM is announcing new services and capabilities for IBM Z® to further position it as a center point of a secured hybrid cloud strategy. Our mission is to empower our customers, giving them more confidence, flexibility and agility when it comes to building and running their environments. We’re providing more options than ever before to control their business the way they want1— without exposing them to the high costs typically associated with complex platforms.

Cloud-like pricing means simplified management

In the era of hybrid and multicloud, everything is connected and workload patterns constantly change. In this environment, managing demand for IT services can be a major challenge. And when it comes to pricing, flexibility and management are essential. As more customers shift to an enterprise IT model that incorporates on-premises, private cloud and public cloud, we’ve developed a simple cloud pricing model to drive the transformation forward.

Today, we’re introducing Tailored Fit Pricing for IBM Z, a revolutionary pricing model innovation for today’s enterprise IT environment. It’s designed to deliver the simplicity, transparency, and flexibility of consumption-based pricing, with economies of scale for workloads on IBM z/OS. The hallmark of this model is that pricing adjusts with usage, removing the need for complex and restrictive capping, and includes aggressive pricing for growth. The capacity solution, also part of Tailored Fit Pricing, enables clients to mix and match workloads to help maximize use of the full capacity of the platform. At the end of the day, Tailored Fit Pricing is designed to both unlock the full power of the platform and ensure optimal response times and service-level agreements, 24/7.

And it’s not just for IBM. Today one of our ecosystem partners, Broadcom, also announced the availability of a consumption-based pricing model to support their workloads on the mainframe. It is intended to complement and work seamlessly with our MSU-based pricing strategy. The pricing change was immediately popular within the ISV ecosystem. BMC and Compuware are also supportive of and offer their own open, flexible pricing models intended to provide a more seamless customer experience.

Similarly, our customers are enjoying the benefits. Terry Glover, the director of infrastructure at Dillard’s, said that “with Tailored Fit Pricing, we don’t have to worry about predicting demand any more. Instead, we can leave capacity on—and pay only for what we use.”

In addition, Waldemar Ruggiero Júnior, infrastructure director at Bradesco, shared “As mobile banking continues to surge in Brazil and we digitally transform everything we do, Tailored Fit Pricing gives us a simple and predictable cloud pricing model that can reduce operational overhead, so we can deliver cost-effective, client-centric services with our private cloud.”

Broaden your application portfolio

And we’re not stopping there. In this spirit of building even more flexibility into operations on Z, IBM is also announcing IBM z/OS Container Extensions, engineered to modernize and extend z/OS applications. We’re giving our customers the ability to run Linux on IBM Z Docker container in direct support of z/OS workloads on the same z/OS system.

With z/OS Container Extensions, customers will be able to access the most recent development tools and processes available in Linux on the Z ecosystem, giving developers the flexibility to build new, cloud-native containerized apps and deploy them on z/OS without requiring Linux or a Linux partition.

Empowering a universal cloud development and management experience 

Finally, we’re introducing IBM z/OS® Cloud Broker, which gives users the ability to access and deploy z/OS resources and services on IBM Cloud Private, and to help them achieve a more seamless and universal cloud development experience. IBM z/OS Cloud Broker is designed such that cloud application developers can provision and deprovision z/OS environments to support the app development cycle.

The result? A design for simplified management and access to critical enterprise services: IBM z/OS Cloud Broker provides a single control plane across z/OS, Linux on Z, Power, and public cloud. In turn, this can help optimize management efficiencies and achieves optimal speed for innovation.

Of course, in today’s hybrid and multicloud world, choice and control are critical. Which is why these new offerings will be especially powerful when combined with the IBM Cloud Hyper Protect family of cloud-native services. Enterprise developers have access to industry-leading security and resiliency to modernize their applications. Hyper Protect offers a range of on-premises and off-premises deployment choices for extending IBM Z services and data—while balancing performance, availability or security. Next month, for example, Hyper Protect Database as a Service (DBaaS) will launch. DBaaS will support cloud-native developers by providing both PostgreSQL and MongoDB Enterprise Advanced database choices. It also provides the highest level of commercial data confidentiality for sensitive data, FIPS 140-2 Level 4.2

As part of IBM’s goal to give our customers end-to-end control of the hybrid cloud platforms they rely on, I’d be remiss if I didn’t also acknowledge our extensive software portfolio, which has thoughtfully been designed for customers to accelerate their digital transformations. If you’ve started your own transformation, this may sound familiar, but we’re seeing customers 1) use APIs and cloud-native dev tools to better utilize existing assets or evolve new services, 2) leverage IT operational analytics for insights and business efficiencies, and 3) seamlessly integrate workloads across cloud platforms—or all of the above.

In the end, we see secured hybrid and multicloud as the future of enterprise IT, and IBM Z is at the center. This is only the beginning! Stand by for exciting developments, news, and announcements that demonstrate IBM Z’s leadership and how we’re defining the future of hybrid cloud.

1 – 80% of IBM Z customers look for providers who offer both hybrid and private cloud. (IBM Sponsored Primary Research, MD&I Systems and Cloud NDB 2019)

2 – The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard used to approve cryptographic modules. It is issued by the National Institute of Standards and Technology (NIST). Level 4 is the highest level of security.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The stakes remain high for IT leaders. Not only do they have to respond to dynamic business demands in real time, they must optimize operations on their increasingly complicated multi-platform, multicloud environments– all while simultaneously managing resources and budgets. In short, the mandate for IT leaders remains: “Do more with less.”

Today, IBM is announcing new services and capabilities for IBM Z® to further position it as a center point of a secured hybrid cloud strategy. Our mission is to empower our customers, giving them more confidence, flexibility and agility when it comes to building and running their environments. We’re providing more options than ever before to control their business the way they want1— without exposing them to the high costs typically associated with complex platforms.

Cloud-like pricing means simplified management

In the era of hybrid and multicloud, everything is connected and workload patterns constantly change. In this environment, managing demand for IT services can be a major challenge. And when it comes to pricing, flexibility and management are essential. As more customers shift to an enterprise IT model that incorporates on-premises, private cloud and public cloud, we’ve developed a simple cloud pricing model to drive the transformation forward.

Today, we’re introducing Tailored Fit Pricing for IBM Z, a revolutionary pricing model innovation for today’s enterprise IT environment. It’s designed to deliver the simplicity, transparency, and flexibility of consumption-based pricing, with economies of scale for workloads on IBM z/OS. The hallmark of this model is that pricing adjusts with usage, removing the need for complex and restrictive capping, and includes aggressive pricing for growth. The capacity solution, also part of Tailored Fit Pricing, enables clients to mix and match workloads to help maximize use of the full capacity of the platform. At the end of the day, Tailored Fit Pricing is designed to both unlock the full power of the platform and ensure optimal response times and service-level agreements, 24/7.

And it’s not just for IBM. Today one of our ecosystem partners, Broadcom, also announced the availability of a consumption-based pricing model to support their workloads on the mainframe. It is intended to complement and work seamlessly with our MSU-based pricing strategy. The pricing change was immediately popular within the ISV ecosystem. BMC and Compuware are also supportive of and offer their own open, flexible pricing models intended to provide a more seamless customer experience.

Similarly, our customers are enjoying the benefits. Terry Glover, the director of infrastructure at Dillard’s, said that “with Tailored Fit Pricing, we don’t have to worry about predicting demand any more. Instead, we can leave capacity on—and pay only for what we use.”

In addition, Waldemar Ruggiero Júnior, infrastructure director at Bradesco, shared “As mobile banking continues to surge in Brazil and we digitally transform everything we do, Tailored Fit Pricing gives us a simple and predictable cloud pricing model that can reduce operational overhead, so we can deliver cost-effective, client-centric services with our private cloud.”

Broaden your application portfolio

And we’re not stopping there. In this spirit of building even more flexibility into operations on Z, IBM is also announcing IBM z/OS Container Extensions, engineered to modernize and extend z/OS applications. We’re giving our customers the ability to run Linux on IBM Z Docker container in direct support of z/OS workloads on the same z/OS system.

With z/OS Container Extensions, customers will be able to access the most recent development tools and processes available in Linux on the Z ecosystem, giving developers the flexibility to build new, cloud-native containerized apps and deploy them on z/OS without requiring Linux or a Linux partition.

Empowering a universal cloud development and management experience 

Finally, we’re introducing IBM z/OS® Cloud Broker, which gives users the ability to access and deploy z/OS resources and services on IBM Cloud Private, and to help them achieve a more seamless and universal cloud development experience. IBM z/OS Cloud Broker is designed such that cloud application developers can provision and deprovision z/OS environments to support the app development cycle.

The result? A design for simplified management and access to critical enterprise services: IBM z/OS Cloud Broker provides a single control plane across z/OS, Linux on Z, Power, and public cloud. In turn, this can help optimize management efficiencies and achieves optimal speed for innovation.

Of course, in today’s hybrid and multicloud world, choice and control are critical. Which is why these new offerings will be especially powerful when combined with the IBM Cloud Hyper Protect family of cloud-native services. Enterprise developers have access to industry-leading security and resiliency to modernize their applications. Hyper Protect offers a range of on-premises and off-premises deployment choices for extending IBM Z services and data—while balancing performance, availability or security. Next month, for example, Hyper Protect Database as a Service (DBaaS) will launch. DBaaS will support cloud-native developers by providing both PostgreSQL and MongoDB Enterprise Advanced database choices. It also provides the highest level of commercial data confidentiality for sensitive data, FIPS 140-2 Level 4.2

As part of IBM’s goal to give our customers end-to-end control of the hybrid cloud platforms they rely on, I’d be remiss if I didn’t also acknowledge our extensive software portfolio, which has thoughtfully been designed for customers to accelerate their digital transformations. If you’ve started your own transformation, this may sound familiar, but we’re seeing customers 1) use APIs and cloud-native dev tools to better utilize existing assets or evolve new services, 2) leverage IT operational analytics for insights and business efficiencies, and 3) seamlessly integrate workloads across cloud platforms—or all of the above.

In the end, we see secured hybrid and multicloud as the future of enterprise IT, and IBM Z is at the center. This is only the beginning! Stand by for exciting developments, news, and announcements that demonstrate IBM Z’s leadership and how we’re defining the future of hybrid cloud.

1 – 80% of IBM Z customers look for providers who offer both hybrid and private cloud. (IBM Sponsored Primary Research, MD&I Systems and Cloud NDB 2019)

2 – The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government computer security standard used to approve cryptographic modules. It is issued by the National Institute of Standards and Technology (NIST). Level 4 is the highest level of security.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

With a change of scenery, IBM THINK rolls around again.  This year’s IBM annual jamboree is set to be bigger, better and more ‘open’ than ever before.  Firstly, let’s get the change of venue out of the way. The pros and cons of San Francisco Vs Las Vegas will be the subject of much discussion this coming week.  All “under one roof” or “spread out across the city” will I am sure to be the most hotly debated topic, we will have our answer or at least a good idea by Friday…

Regardless of the venue, THINK 2019 is set to be a blockbuster.  Jim Whitehurst will be in town and I am sure we will start to see hints as to what lies ahead for IBM after the $34bn acquisition of Red Hat closes out later this year.  Ginni on Tuesday afternoon is sure to be the star performer, how much will she reveal? how much can’t be mentioned until after the acquisition closes? This will be the dance she has to do… and all live in front of the maddening crowds…

Apart from the CEO what else can you expect?

Well for me Blockchain will be a show highlight.  The technology is moving from POC to the mainstream.  I am sure we will be hearing about lots of new innovative uses cases that are now in production.  One such use case is the use of IBM’s LinuxONE technology as a secure home for digital assets.  My dear friend Peter Demeo is presenting a number of times this week on this fascinating use case with a couple of clients.  Please look him up in the THINK app as a speaker and be sure to head over to one of his sessions, you won’t be disappointed.

What else to look out for?

If you want some light-hearted fun and like being in front of the camera then get in touch with either Neil Catermull or myself on Twitter (@NeilCattermull or @StevenDickens3).  We will be roaming the Expo Hall on Wednesday and Thursday recording short punchy videos with passers-by trying to capture perspectives on THINK 2019 and we may have a few freebies to giveaway in the process.

Another conference highlight will be the Open Mainframe Project Cocktail Party on the SUSE booth (#562) at 5.30-6.30pm on Tuesday evening in the main Expo hall.  Come network with the open source community and the mainframe crowd.  The talk of the cocktail party will be the press release that goes out tomorrow from the Open Mainframe Project.  I can’t say too much ahead of the formal press announce, but it will be exciting stuff… You may want to check here for more.

All in all should be a fun packed and insightful week… If you want to get in touch this week Twitter is the best way to go, please DM me @StevenDickens3

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

With a change of scenery, IBM THINK rolls around again.  This year’s IBM annual jamboree is set to be bigger, better and more ‘open’ than ever before.  Firstly, let’s get the change of venue out of the way. The pros and cons of San Francisco Vs Las Vegas will be the subject of much discussion this coming week.  All “under one roof” or “spread out across the city” will I am sure to be the most hotly debated topic, we will have our answer or at least a good idea by Friday…

Regardless of the venue, THINK 2019 is set to be a blockbuster.  Jim Whitehurst will be in town and I am sure we will start to see hints as to what lies ahead for IBM after the $34bn acquisition of Red Hat closes out later this year.  Ginni on Tuesday afternoon is sure to be the star performer, how much will she reveal? how much can’t be mentioned until after the acquisition closes? This will be the dance she has to do… and all live in front of the maddening crowds…

Apart from the CEO what else can you expect?

Well for me Blockchain will be a show highlight.  The technology is moving from POC to the mainstream.  I am sure we will be hearing about lots of new innovative uses cases that are now in production.  One such use case is the use of IBM’s LinuxONE technology as a secure home for digital assets.  My dear friend Peter Demeo is presenting a number of times this week on this fascinating use case with a couple of clients.  Please look him up in the THINK app as a speaker and be sure to head over to one of his sessions, you won’t be disappointed.

What else to look out for?

If you want some light-hearted fun and like being in front of the camera then get in touch with either Neil Catermull or myself on Twitter (@NeilCattermull or @StevenDickens3).  We will be roaming the Expo Hall on Wednesday and Thursday recording short punchy videos with passers-by trying to capture perspectives on THINK 2019 and we may have a few freebies to giveaway in the process.

Another conference highlight will be the Open Mainframe Project Cocktail Party on the SUSE booth (#562) at 5.30-6.30pm on Tuesday evening in the main Expo hall.  Come network with the open source community and the mainframe crowd.  The talk of the cocktail party will be the press release that goes out tomorrow from the Open Mainframe Project.  I can’t say too much ahead of the formal press announce, but it will be exciting stuff… You may want to check here for more.

All in all should be a fun packed and insightful week… If you want to get in touch this week Twitter is the best way to go, please DM me @StevenDickens3

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In Part 1 of this blog, I covered the fundamentals of Tokenization, and some of the barriers to adoption. In this blog, I will take a deep dive into one approach for handling the security of tokenized assets. Let’s go through some of the approaches to address the security of digital assets and tokens:
Hardware Security Module
Hardware Security Modules (HSM’s) are dedicated components designed to hold, protect, and secure master crypto keys. Without HSM’s, encryption keys would be held in main system memory. When held in memory keys are vulnerable if an attacker breaches application security.
IBM HSM’s support a concept known as “cryptographic domains”. Secure keys generated and wrapped with the master key in one domain are not usable by another domain using a different master key. Humans are prevented from keying in these extremely sensitive keys through domain separations in hardware.

HSMs are well proven in the financial services industry, but they are still not common enough. Moreover, HSM’s vary a great deal in quality and capabilities. IBM Crypto Express HSMs are special because they are certified to FIPS 140-2 Level 4 standards. There is no other commercially available Level 4 HSM. There are significant differences between Level 3 and Level 4 certified HSM’s.

While Level 3 HSM’s respond to tampering with their doors or covers, they can still be attacked through other paths.  It’s like securing your doors and windows, only to have an intruder drill through the floor below.  In banking, should a Level 3 HSM be breached, new keys would be generated and transactions reversed. However, reversing transactions is not possible with digital assets, once the private keys are revealed the wallet can be emptied.
When an IBM Level 4 HSM is attacked by probing, chemical, voltage, electromagnetic, or temperature, it self-destructs. For example, in a cryogenic attack where the HSM is frozen to slow down the electrons, the Level 4 HSM will destroy the keys as soon as the threshold is exceeded. The same applies in instances where an x-ray proton beam is used to flip bits.  Furthermore, it is IBM’s policy to destroy any tampered HSMs, rather than try to repair them and re-encapsulate them in a protective enclosure.  This policy assures that the devices are protected from the time they leave the manufacturing facility to the time they are destroyed.
It is common for some vendors to replace the native HSM operating system with their own. Many HSM vendors add wallet and multi-signature signing capabilities beyond managing a master key. These firms are becoming OEMs by replacing the operating system. These firms will also not certify these aspects of their HSM under FIPS 140-2 criteria. Often these firms certify only the enclosure. IBM believes that HSM’s should protect the master key, and anything else represents a larger attack surface. IBM’s Crypto Express 6S memory is designed to last 30 years without failure. It is not uncommon for other HSM vendors to manage cost by installing memory with an MTBF of months not years. When it comes to performance, HSMs are not built like CPUs and do not have extra I/O that would help keep the operating temperature down. The service life of these jailbroken HSM’s may also be reduced when under heavy loads for transaction signing. The greatest restriction is when an ECC needs to be updated due to a vulnerability or a new ECC should be deployed or deprecated. Responding to these events may be delayed by the HSM release and standard maintenance cycles.
These issues could go away if the HSM protections were extended into protected, encrypted memory and these actions could be done simply by taking a Docker container offline and making the software update.
Running in protected memory would also for all the smart contracts to execute as if they were logically inside a FIPS Level 140-2 Level 4 HSM. These smart contracts could perform all sorts of capabilities from wallet upgrades, blockchain forks, coin swapping (like ERC-20 to EOS), Proof of Stake staking, as well as running key stores. Key stores deployed as Docker applications can be taken offline into an encrypted persisted state in the form of cold storage or brought into memory but not accessible as a warm wallet, or entirely online as a hot wallet. Each of these Docker applications is running in an encrypted Hyper Protect Virtual Machine (HPVM) as an appliance. When persisted they are wrapped again by another layer of encryption. HPVMs run inside the Secure Service Container (SSC) which is a 16TB logical partition that provides a third layer of encryption.
Secure Service Container: 16 TB of encrypted, protected memory.
The IBM Secure Service Container (SSC) is like Fort Knox for Crypto. Isolation, encryption, protection, privacy, confidentiality: these are the fundamental security requirements for crypto exchanges. Many crypto exchange attacks are due to compromised root user credentials made possible by phishing, wallet address redirects, container exploits, and architectural flaws in software design. Once you become a root user in Linux you can do anything, you could look at any data.
The entire cryptosystem is deployed into the IBM LinuxONE trusted execution environment. The SSC not only encrypts all data in flight and at rest, but it also encrypts the keys used to encrypt the data, and stores the keys in a tamper responding Hardware Security Module (HSM). To protect against insider threats, there is no command line access, no operating system Root access, no ability to run scripts or introduce new contents into the container. Even a memory dump will only provide encrypted data, so no insider attacks are possible with Secure Service Container. The appliance automatically logs encryption activity and decryption attempts, so it is audit-ready and tamper responding.
True Random Number Generator
Cryptographic algorithms rely on random seeds. Pseudorandom number generators are flawed, allowing attackers to identify and exploit patterns (in what should be random numbers) in order to break encryption. True Random Number Generators (TRNGs) stop this class of attacks. IBM LinuxONE systems incorporate built-in TRNGs into the processor cores. The TRNGs are designed to support the most demanding cryptographic security requirements.
Firmware Tamper Protection
IBM LinuxONE systems comply with National Standards and Technology (NIST) Special Publication 800-147B and raise an alarm if anyone attempts to tamper with firmware booting. Dedicated Hardware Management Consoles support multi-factor authentication (per IETF RFC 6238) and separate role-based security profiles. These dedicated HMC’s prevent operators from exceeding defined responsibilities.
Logical Partitions
IBM LinuxONE is designed for Common Criteria Evaluation Assurance Level 5+ (EAL5+) certification. This is achieved through the use of logical partitions (LPARs). An application in one operating system image in an LPAR, cannot access an application running on a different operating system image on another LPAR. LPAR’s enable separation of application elements, database components, into strictly defined, isolated security zones.
Time Source Security
Accurate timekeeping is a critical element in maintaining security. Timekeeping is vital for checking and rejecting expired credentials and certificates. Some exchange attacks have taken advantage of poor clock synchronization. IBM LinuxONE systems incorporate high-quality system clocks in redundant form, with continuous, automatic error checking. This allows for the isolation and removal of any failed clock component before it produces an inaccurate time.
Even the highest quality clocks require synchronization with the world’s most trusted time bureaus. LinuxONE systems are equipped with Server Time Protocol (STP), a system feature that makes regular inquiries with trusted time bureaus. STP can also check the validity of time information using symmetric key and Autokey authentication per IETF RFCs 1305 and 5906, to assure that time messages are not falsified or altered. STP also helps the system handle the periodic leap seconds that global time standards mandate.
How you secure your Tokenized assets is vital if you want to get into the Asset custody or Tokenization space. IBM is your partner as you embark on this journey. For more information on how LinuxONE can help click here.
Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview