CASE STUDY
A leading U.S.-based insurance provider was experiencing rapid MSU growth, rising software licensing costs, and increasing audit pressure across its IBM Z environment.
Unutilised Hardware Security Investments
The current Crypto Express adapters, which were dedicated to the hardware-accelerated encryption, were mostly not utilized as a result of improper configuration and integration with the mainframe security stack.
Lack of Unified Policies on Data Protection
Critical business information, such as DB2 databases, VSAM files and application datasets, was not encrypted in a standardized format exposing confidential information and failure to comply with compliance standards.
Absence of Unified Cryptographic Governance
Without a single framework, the policies on encryption were not applied uniformly, keys lifecycle was not managed, and audit reporting needed manual and time consuming activities.
Manual, Error-Prone Key Management
Spreadsheets and tribal knowledge were used to track the encryption keys and this posed serious audit risks, operational errors, and inconsistent application of the security in the entire enterprise.
Creating Regulatory Compliance Pressure
The environment was unable to provide the consistent encrypted form of data-at-rest and data-in-motion, which would fail to comply with both emerging and increasing standards such as GDPR, HIPAA, and SOX, potentially subject to major fines.
High-Software Costs from CPU
Overload Cryptographic processes were running on general-purpose central processors (CPs), dramatically increasing Monthly Software Usage (MSU) and inflating licensing costs by hundreds of thousands annually.
38%
Reduction in Monthly Software Usage (MSU) through cryptographic offload, directly lowering IBM software licensing costs.
100%
86%
95%
$2.3M
Established Centralized Key Lifecycle Management
Replaced spreadsheet tracking with secure, automated key management within ICSF, providing full audit trails, automated rotation, and RACF-integrated access controls.
Migrated to Hardware-Accelerated Encryption
We offloaded cryptographic workloads from general CPs to dedicated Crypto Express adapters and zIIP processors, drastically reducing MSU consumption and software costs.
Implemented Automated, Policy-Based Encryption
Enabled ICSF Pervasive Encryption across all critical assets—DB2 tablespaces, VSAM datasets, and application files—ensuring consistent, automated data protection without manual intervention.
Architected a Centralized Cryptographic Framework
Royal Cyber designed and deployed IBM’s Integrated Cryptographic Service Facility (ICSF) as an enterprise-wide security hub, establishing consistent encryption standards and policies.
Optimized Performance with Strategic Workload Placement
Tuned cryptographic operations to maximize hardware offload to Crypto Express and zIIP processors, improving transaction performance while reducing mainframe CPU burden.
Delivered Operational Governance & Knowledge Transfer
Implemented audit-ready controls, comprehensive reporting, and operational runbooks, enabling the client’s team to manage and sustain the modernized encryption environment confidently.
Platform: IBM Z15 Mainframe
Key Management: IBM Secure Service Container
Encryption: IBM Pervasive Encryption with ICSF
Databases: DB2 z/OS, VSAM
Monitoring: IBM Z Security and Compliance Center
“Royal Cyber’s expertise transformed our mainframe security from a liability to a competitive advantage. Their pervasive encryption solution not only secured decades of policyholder data but actually improved system performance. We’re now audit-ready year-round with significantly reduced operational overhead.”
86%
Decrease in encryption-related CPU overhead, accelerating online transaction response times.
Audience
- Executives (CISO, CIO, Head of Risk & Compliance)
- IT Consultants
- Business Analysts
- Systems Programmers
- Mainframe Architects
- Security Analysts
