The IBM mainframe series (“z-series”) has become a backbone for security, privacy and resilience in a large share of payment and banking related applications across the globe. This article explains why a cryptographic key management system (KMS) that supports the hybrid-cloud is a prerequisite to effective and compliant security management of these mainframes.

Banks continue to feel the profound transformational effects that digital technologies have on their business. This can be seen in the creation and acceleration of new business activities, models, competencies, and processes.

Open banking can offer opportunities for retail banks that are faced with competition from newcomers to the banking and finance industry. For those unfamiliar with what open banking is, it can be best defined as “the use of open APIs that enable third-party developers (FinTech or non-banking service providers) to provide applications and services around the financial institution.” These services may be located between the customer and the bank, or placed in the bank’s bank-end.

In response to changing and more dynamic market demands, banks and financial institutions are turning into financial service platforms. They increase the extent of their digital transformations across the hybrid cloud, guided by three motivating factors:

IBM’s mainframe computers have been a rock-steady part of banks’ security infrastructure for many years. Originating from the local data-center concept, the current release is able to stretch banks’ security architecture across the hybrid cloud, harnessing advantages of on-premise and cloud-native software deployments - all without compromising data security and privacy.

The IBM Common Cryptographic Architecture (CCA) is a cryptographic platform providing several functions of special interest for securing financial transactions.

Invented by Mohamed Atalla, the Atalla key block is the root of all key blocks. All over the globe, hundreds of millions of financial transactions are secured daily using hardware security modules (HSMs) and the Atalla key block format that follows TR-31 guidelines. Here we will explain a bit about AKB and why a banking-grade key management system (KMS) must support it.

ATM Remote Key Loading has become a common practice in the industry. Yet managing the top-level keys to establish trust between the Host and the ATM units remains a challenge. This article describes how Cryptomathic CKMS addresses the challenges of key generation and distribution for ATM Remote Key Loading.

In this article we will look at integration points and explain why it is important that a key management system is able to integrate with a number of applications across various environments (in-house data centers and public clouds).