So the mainframe handles all whole lot of transactions, and it's important that they be fast and accurate. But it's also extremely important that the data for these transactions be safe and secure. Safe to say, in today's information economy, a large-scale data breach is one of the worst things that can happen. So how do we make sure that the data in these transactions is kept safe from prying eyes? One of the most commonly used practices is encryption, basically scrambling data in such a way we can control who was able to descramble it. There are a number of encryption algorithms and practices we can use to handle the encryption and decryption of data, but it all comes down to controlling who has the keys. In cryptography, a key is just a series of characters, how many characters generally depends on the strength of the encryption. If my key is only three bits, with each bit either being a one or a zero, there's only eight possible ways we can flip those bits. So not much of a key at all. Every time you add a bit, you double the amount of possible combinations someone would have to guess. So 4-bits gets you to 16, 5-bits gets you to 32, fast-forward to 64-bits, and you've got billions of possible combinations. But even that's guessable with enough time and dedicated resources. So for very important data, you'll often see 256-bit in higher levels of encryption, and those keys will get refreshed from time to time, just to minimize the possibility of them getting figured out and exploited. One of the most basic forms of securing data is what's called symmetric encryption. In this method, there's a key that both encrypt and decrypt data, and you give a copy of that key to anyone who has a need to access the data. It works, but it's difficult to scale up while keeping it secure, and you also have to distribute those keys to all of the intended users. This is where public key cryptography comes in. In public key cryptography, there are two keys: a public key and a private key. They are mathematically linked in such a way that the public key can be used to encrypt a message, and only the private key that's linked to that public key can decrypt it. So I can give out my public key to pretty much anyone. They can't use that to figure out my private key, and all it means is they can encrypt a message in such a way that only I can decrypt it. If I want to send a message to my friend and I want to make sure no one else can decrypt it, I can encrypt it with their public key so they can decrypt it with their private key. Pop quiz time. You've got that? Good. Now public and private keys can be used for some other pretty interesting things, like signing documents and creating hashes for data which reveal if any of the data has been tampered with. Both of these are incredibly important functions of cryptography and used extensively in business. This whole idea of public and private key Infrastructure only works if private keys are kept private. That is key. Guys, key? Congratulation, keep going, keep going. The IBM Z has dedicated facilities and hardware to enable accelerate and further secure these cryptographic functions. For starters, there's CPACF, the CP Assist for Cryptographic Functions. This is a functionality provided on the processors specifically built largely around symmetric key functions, and can greatly speed up things like VPN, SSL, and data storing applications. There's also the Crypto Express PCIe card, this is a dedicated card that handles more advanced cryptographic functions. By offloading cryptographic work to specialized software and hardware, we were able to keep our keys safe, while still making encryption, decryption, and other cryptographic capabilities readily available to all aspects of Z data processing. I do mean all aspects because starting with the Z 14 version of the IBM Z mainframe, there's a feature called pervasive encryption, which lets us more easily keep data encrypted while still allowing us and others to manage that data. That way, it only needs to be decrypted at the moment it is actually needed, minimizing the possibility of confidential data being seen by people who shouldn't have access. This feature gets a lot of it's functionality from CPACF and Crypto Express. There are some other important and interesting considerations when it comes to Crypto in practice. In the next video, you'll hear a little bit more about that from my buddy, Mark.