Presented by Deloitte Consulting LLP

It’s a threat with a major price tag: data breaches cost companies almost $4 million on average. In the U.S., the price is double that — about $8 million, or a 130% jump over the past fifteen years. Not only do companies have to pay fines and penalties that accompany these hacks, but they also face the loss of reputation, customers, and market share.

In fact, 53% of consumers say the way a company protects customer privacy is a bigger influence on reputation than the quality of the company’s products and services.

“In today’s market, a company could risk going out of business if it lost control of its own data and/or its customers’ data,” says Robert Miller, senior manager and technical architect for the IBM alliance team, Deloitte Consulting LLP. “Fortunately, companies can develop the in-house resources to protect themselves and their customers with the highest levels of security available.”

Enter pervasive encryption, which can potentially deliver 18x the performance for one-twentieth the cost of traditional encryption. It’s the most comprehensive way to protect the data entrusted to you both digitally and physically at every level, from the network, dataset, and database, both in flight and at rest.

Mainframes and the pervasive encryption advantage

“Pervasive encryption is enabled by mainframe hardware, which is the most intrinsically secure platform in the computing world,” says Miller. Unlike a high-traffic distributed environment where data can be intercepted in flight, both the hardware and software necessary for mainframe transactions resides on a single machine.

“Mainframe computing offers security, reliability, scalability, and the ability to handle the major uptick in workloads that the digital economy demands — and it allows for superior encryption capabilities,” he explains.

Traditional encryption requires a significant amount of cost, time, and labor because of the number of records that need to be encrypted individually. On the other hand, pervasive encryption is a system-wide solution that greatly reduces both the cost and the vulnerability of ordinary encryption, is more effective at preventing incursions, requires less effort to secure, and is more cost effective than alternative solutions. When data is encrypted this way, only users with a key can access that data. When data leaves the mainframe, it becomes encrypted and remains encrypted wherever it travels (to the cloud, for example). Only someone with the key can access it.

Companies continue to improve on these security protocols with each upgrade to their mainframe offerings. IBM’s z15 enables a company to encrypt all its data, isolate workloads, and authenticate access, plus its Privacy Passport tool helps protect data after it leaves the system, minimizing the impact of breaches and noncompliance. Passports eliminate the need for an employee to oversee the exchange of data and keys, with everything controlled internally by the system itself — a much safer way to protect the data.

Pervasive encryption in action

Pervasive encryption can be a security game changer across industries. In the government and public sector, the technology can demonstrate to government auditors that it is compliant with strict data privacy regulations. Banks use the technology to protect customer data and personal information and maintain trusted relationships with their customers. The healthcare sector is particularly vulnerable because of how far and wide data tends to be transmitted across hospital and insurance systems — and because the data itself contains highly personal information. For managed service providers (MSPs), pervasive encryption offers great coverage overall, eliminating the need to chase security issues and the risk that comes when an important vulnerability is missed.

And for companies that utilize or are looking to implement blockchain solutions, pervasive encryption is key. Even though blockchain networks are inherently transparent and secure, anything outside its environment is up for grabs — especially data in flight to and from the blockchain. Moving to a mainframe Linux platform that offers pervasive encryption (such as IBM’s LinuxONE) encrypts and protects blockchain data in flight — and does it cost effectively. “Replicating this level of protection without the help of a Linux mainframe would take incredible amounts of time and resources,” Miller says.

The cost of being in the 96 percent

Businesses today face an increasing number of penalties for security breaches. But many companies still aren’t encrypting their data. 94% of the data in security breaches since 2013 has been unencrypted, and 96% of successful hacks are against companies with unencrypted data.

This is not due to oversight; it comes down to perceived cost and risk at the executive level. Selective data encryption is considered expensive and resource-intensive. Enterprise leaders are fearful that they are potentially putting a target on the most important data in their organizations, which sets up questions of culpability around who and what protects the data, who encrypts it, and who monitors it.

“To companies, it’s a genuinely risky decision,” Miller says. “Doing nothing seems like the better option when they believe that encryption is too costly and their chance of being hacked is slim enough to chance it. For me, the cost benefits of encrypting data to protect against future hacks far outweigh the immediate investment.”

Incorporating pervasive encryption

Securing an environment using pervasive encryption first requires knowledge of the entire enterprise system. Companies should start by understanding the lay of their IT landscape, and mapping out how current security protocols are working and where vulnerabilities may lie. That means mapping how data moves, and most importantly, how it can be accessed and where.

“Unfortunately, a lot of people throw up their hands because it’s become too confusing or expensive, and that can cause a disaster in and of itself,” he says. “Commit the time and resources to upping your security game. Get started today. Your customers and employees will thank you later.”

As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact