IBM Announces New Security Technology on IBM Mainframe

IBM has announced a new security technology with the latest release of its mainframe operating system, z/OS 1.5, providing the industrys first single point of control for managing a multilevel security environment.Combined with IBMs DB2 Universal Database for z/OS Version 8, the IBM solution provides multilevel security on the eServer zSeries mainframe to help meet the stringent security requirements of government agencies and financial institutions, and can open up new options for e-hosting facilities. This technology can help improve the way government agencies and other organizations share critical classified information. Multilevel security technology allows IT administrators to give users access to information based on their need to know, or clearance level. It is designed to prevent individuals from accessing unauthorized information and to prevent individuals from declassifying information. IBMs z/OS 1.5 and DB2 V8 enable a single repository of data to be managed at the row level and accessed by individuals based on their need to know. For example, a person with a top secret clearance will be able to access more information in a database than someone without that clearance level. Using the new IBM solution, organizations can help reduce duplicate infrastructures previously needed to separate highly confidential data, which in turn can help reduce IT costs, floor space and administration costs. In addition, records can be more up to date as well as more easily shared, administered and managed, because information does not have to be merged from various sources. Multilevel security on z/OS can take advantage of IBMs eServer zSeries functionality such as robust cryptography, high availability, scalability and flexibility to provide a highly secure environment. IBMs z/OS 1.5 and DB2 Universal database for z/OS is planned to be available on March 26, 2004. Based on this Multilevel Security technology, z/OS 1.6 is currently in evaluation for Common Criteria certification to the Labeled Security Protection Profile (LSPP) at EAL3+. Evaluation for certification for Controlled Access Protection Profile (CAPP) to the EAL3+ is also in progress. New capabilities which are planned to be included in z/OS 1.5: More security: Expanded scope of z/OS Intrusion Detection Services, Improved management of digital certificates on z/OS. Self-optimizing enhancements: z/OS 1.5 simplifies Workload Manager (WLM) control for WebSphere. Customers now have the choice to manually define WebSphere application environments for WLM or have WebSphere define them. Improved performance for backup/recovery of DB2 data. IBM is also previewing z/OS 1.6 including some key enhancements such as: Scaling: z/OS 1.6 is planned to support more than 16 engines in a single z/OS image. 64-bit application development support for C/C++. Self-healing network: TCP/IP Sysplex health monitoring is planned to be enhanced to improve TCP/IP availability across a sysplex. Planned for availability in September 2004, z/OS 1.6 will be the first release of z/OS that requires a zSeries server (z800, z900, z990).