What is it?
Increasing security threats leave the unprotected critical data within a mainframe environment vulnerable to security breaches. To avoid these security attacks the stored as well as the transmitted data to and from the mainframe must be protected. Data Encryption, as a solution to this problem, provides privacy and integrity of sensitive data and compliance to government regulations. The Encryption solution for z/OS is a host based software solution which encrypts sensitive data before archiving to tape or exchanging between business partners.
What does this technology do?
Data Encryption allows the encryption of sensitive data in z/OS environment to achieve PCI compliance. The solution leverages not only the quick encryption and decryption of critical information, but also manages bulk encryption and decryption within the flat files. The encryption keys are used for the enciphering or deciphering of data based on the requests. From batch environment, CICS or TSO the encryption-decryption requests are sent. These requests are forwarded over SSL or TCP/IP.
Through fast rate of encryption/decryption the Transform Utility helps to move chunk of sensitive data in and out of data storages without impacting the environment. When the customers want to avoid field level granularity, Transform Utility provides the facility to encrypt the entire binary file.
The Encryption services support both the OpenPGP format and System z format. For System z format hardware-accelerated compression is put in place before the encryption.
For data integrity following are the suggested practices:
Randomly generated symmetric session key is encrypted with passphrase-based encryption or public key and should be prefixed to the encrypted data.
Digital Signatures are used to authenticate the sender of the messages.
To ensure data integrity OpenPGP certificates are used for the exchange of key information.
Why is it important?
In today’s market it is an emerging need for the enterprises to develop methodologies for data security. By securing data itself the companies assure that only intended users get the access to the data. This reduces the unauthorized access to private messages. The individual portions of data on the backup tapes are also encrypted to avoid data hacking.
The combination of internal data encryption and external security barriers help corporations to increase the security of their mainframe databases. The sensitive data such as Social Security numbers, credit-card numbers etc. are the main focus of data protection. The protective encryption for each element of data strengthens the overall database protection. Securing data-at-rest and data-in-transition across mainframe and open-systems environments protect the confidentiality and integrity of business-critical information.