The Top Four Infrastructure Capabilities for Enterprise Security and Compliance

Rising Stakes of Data Protection

As our modern world becomes increasingly digital, data’s value has never been higher—and the challenge of protecting it has never been so great.

While the global average cost of a data breach dipped 9% in the past year due to advances in threat identification and intervention, the financial stakes are still high at USD $4.4 million per incident – and the financial implications are just the beginning. Several high-profile attacks last year each resulted in the theft of millions of customers’ personal information, jeopardizing patron privacy and damaging brand reputation in the process.

In the face of more sophisticated breaches, governments around the world are stepping in with more stringent cyber defense regulations, particularly in critical infrastructure industries where the collateral damage of breaches are greatest.

Spotlight on DORA

The most prominent of these new regulations is the Digital Operational Resistance Act (DORA), a European Union framework for minimizing Information and Communications Technology (ICT) risk and strengthening digital operational resilience in the financial sector.

And although DORA mandates only apply directly to businesses operating in the 27 EU member countries, its influence is sure to carry over to other geographies, as well. Given the multinational landscape of the financial industry, foreign institutions will also need to comply with the regulations to do business in Europe.

As organizations overhaul their operational frameworks to strengthen their IT systems against evolving cyber threats and comply with regulations like DORA, four infrastructure capabilities stand out as paramount requirements.

1. Confidential Computing

Confidential computing is an emerging technology designed to protect data while it’s being processed—a stage that has traditionally been vulnerable to attacks, especially in the context of sensitive data. Unlike conventional security measures that focus on securing data when it’s stored or being transmitted, confidential computing uses specialized hardware called trusted execution environments (TEEs).

These TEEs create a secure, isolated area within a processor where data and code can be processed without being exposed to unauthorized access. Even cloud providers, system administrators, or malicious insiders are segregated by encryption and can neither access the data nor observe the application within a TEE. Instead, this technology also includes cryptographic tools to verify that only trusted applications are running, ensuring a high level of security and reassurance.

In today’s regulatory landscape, confidential computing is becoming a must-have for organizations in highly regulated industries like finance, healthcare, and technology. New regulations like DORA require businesses to demonstrate robust protections for sensitive data and operational resilience against cyber threats.

Confidential computing helps meet these requirements by ensuring data, identities, intellectual property or business secrets in general remain encrypted even while it’s being processed.

Beyond compliance, confidential computing also enables secure collaboration without exposing sensitive information. For example, it allows multiple parties to jointly train AI models using their respective datasets, without revealing the underlying data to each other. Similarly, it can protect sensitive prompts submitted to third-party AI models, ensuring that private information remains encrypted even during processing.

2. Secure AI and AI Security

The rise of generative AI over the past few years has added another wrinkle to the challenge of securing enterprise data. Infrastructure is a challenge for organizations running generative AI models, as they need to balance scalability and cost-effectiveness while ensuring utmost levels of security.

Without the right platform configuration, these workloads can carry an inherent risk of inadvertent data exposure and be susceptible to malicious activity like prompt injection hacking. In fact, our recent IBM research shows that nearly all organizations that reported an AI-related security incident lacked proper access controls for their AI tools.

Organizations in regulated industries increasingly opt to run generative AI applications on-premises to minimize security risks and comply with requirements like those in DORA. This approach allows organizations to maintain full control over their data, ensuring it remains within secure corporate environments.

Taking this on-prem approach to the next level, emerging technologies like on-chip AI are further enhancing the security and efficiency of generative AI models for core business applications. On-chip AI enables data to be processed directly at the hardware level, reducing exposure to external vulnerabilities.

Advanced security measures, such as authenticated encryption and cryptographic hashing, protect the AI models and the data they process from adversarial attacks or unauthorized modifications, even during computation.

On the flip side, AI tools are also becoming paramount for maintaining security and complying with regulations. Among these are AI-powered sensitive data tagging, which detects and classifies sensitive information and applies granular access controls and automated security policies to protect data.

By tagging data based on its sensitivity, organizations in critical infrastructure industries can significantly reduce the potential cost and fallout of data breaches while aligning with emerging regulations around ICT risk management. By embedding AI into security operations, our data shows that organizations could save USD $1.9 million compared to those who aren’t adopting AI-driven security technologies.

3. Building Resilience

Even with the best AI-infused security measures in place, threat actors can still find ways in. Therefore, enterprises must make sure their critical systems and data can be recovered and returned to operation quickly. 

Indeed, capabilities around disaster recovery and business continuity are increasingly becoming the subject of mandates. For example, DORA includes a requirement for restoring critical functions within two hours of an incident.

To improve resilience and continuity, enterprises are turning to data infrastructure with features like built-in redundancy as well as high availability and fault tolerance. These capabilities ensure continuous operations even if primary systems fail, and help minimize downtime and data loss during disruptions. 

In addition, systems that feature logical and physical data segregation add even stronger protection by isolating sensitive information and limiting the impact of potential breaches.

4. Preparing for Post-Quantum Cryptography

In addition to safeguarding sensitive data and workflows against today’s most advanced attacks, enterprises must begin to consider the looming risk of encryption-breaking attacks by bad actors with access to cryptographically relevant quantum computers.

While they don’t exist yet, these systems have the theoretical capability of breaking or significantly weakening many of today’s most widely used encryption algorithms, putting sensitive data across all sectors in jeopardy.

While such quantum computers might still be years away, many organizations are already working to bolster their defenses today against these bad actors already carrying out “harvest now, decrypt later” (HNDL) attacks.

This strategy involves adversaries collecting encrypted data now, with the intention of decrypting it in the future whether they have access to a future cryptographically relevant quantum computer, or manage to crack the encryption through some other means.

To that end, researchers have begun to develop algorithms capable of resisting HNDL data breaches today and protecting against future risks posed specifically by quantum computers.

This work is headlined by the National Institute of Standards and Technology’s (NIST) publication of three post-quantum cryptography algorithms. These algorithms are designed to resist decryption from both classical and quantum computers, ensuring the security of sensitive information regardless of how much more powerful either kind of computer may get in the future.

To run these algorithms and stay abreast of incoming regulations around quantum-safe cryptography—like the U.S. government mandate for systems containing high-value assets by 2035—many organizations that deal with sensitive data are turning to systems like mainframe computers. Recent mainframe platforms already incorporate some of the quantum-safe algorithms published by NIST in 2024, helping organizations prepare for future requirements.

Integrated Systems for Security

In today’s landscape of escalating digital vulnerability, it’s never been more critical for organizations, especially those in highly regulated industries, to employ a hybrid cloud strategy incorporating infrastructure designed from the ground up for the highest standards of security and resilience. 

For this reason, many enterprises are looking to platforms built for security and resilience, with mainframes standing out as one of the strongest options for sensitive data and regulated workloads. 

With features such as quantum-safe cryptography, confidential computing, and logical/physical data segregation, mainframes remain a proven foundation for enterprises needing the highest levels of protection. Employed as part of a hybrid cloud strategy, mainframes can help organizations operate and innovate with agility while minimizing ICT risk.