-
-
Solutions
-
- By Capability
- McAfee® E-Business Server Replacement
- Secure Data Exchange
- Achieve FIPS 140-2 Compliance
- Reduce Mainframe Encryption Costs
- Virtualization
- Cloud Computing
- Data Center
-
- Products
- Downloads
- Support
- Resources
- Partners
- Store
- Blog
zos
Features and Benefits
| Feature | Function | Benefit | Std | Ent |
|---|---|---|---|---|
| Zip archives | Reduces file size by as much as 95% | Reduce costs through the conservation of network bandwidth, storage space, and backup tapes |
|
|
| Hardware-accelerated encryption | Encrypt files using System z hardware | Improve workload throughput by using less CPU overhead to perform file encryption |
|
|
| Hardware- accelerated compression | Compresses files using System z hardware | Improve workload throughput by using less CPU overhead to perform file compression |
|
|
| Customize static dictionaries | Enables better compression ratios by tailoring static dictionaries to your business data | Experience greater storage savings and smaller files spanning your network |
|
|
| Support for IBM® Protected Key processing | Blends the performance profile of clear key encryption with the superior private key protection of secure key | Improve workload efficiency by using less CPU to encrypt files with z/OS cryptographic processors |
|
|
| Strong password-based data file protection | SecureZIP supports AES or 3DES encryption to protect valuable information | Files encrypted with SecureZIP may be decrypted and extracted on major enterprise computing platforms using PKZIP or SecureZIP |
|
|
| Encrypt data using passphrases, digital certificates, OpenPGP Keys, or all |
SecureZIP accommodates those who have PKI and those that don't by enabling encryption and decryption via passphrases, public key/private key pairs, or both at the same time depending on the access requirements of each intended recipient. Recipients can then decrypt files by presenting the correct passphrase or private key SecureZIP supports X.509 RSA® v3 certificates issued from recognized certificate authorities such as Comodo®, VeriSign®, Entrust®, and Microsoft®. SecureZIP also supports OpenPGP public/private keys and passphrases |
Maintain control of data by encrypting and decrypting files through business-selected method of encryption, including those files protected with public/ private keys |
|
|
| Digital signatures | Enables users to sign files with their unique digital certificates and OpenPGP Keys | Validate the signature of signed files to ensure the sender is who they claim to be and verify that the document has not been altered or tampered with since signing (may also offer non-repudiation, tracking the signature to the creator) |
|
|
| Secure private key store | Includes a secure private key store that is compliant with mainframe security servers RACF®, ACF2®, and Top Secret® | Simplify management of resources by using your security server as a central point of distribution for public and private keys |
|
|
| Automatic access to public keys in directories | Offers an optional interface that integrates with Lightweight Directory Access Protocol (LDAP) compliant directories, such as Sun® iPlanet, Novell NetWare®, and Microsoft Active Directory® | Locate, retrieve, and apply public keys for certificate-based encryption and decryption with ease |
|
|
| SAF enhanced key stores |
Protects private keys used for signing & decryption Supports the management of using private keys in IBM’s SAF-controlled ICSF CKDS (Cryptographic Key Data Set) |
Improve key management by sharing keys across multiple enterprise applications from an industry standard key store |
|
|
| SAF Secured Passphrase Management | Isolates passphrase management from job execution | Improve operational security with the elimination of exposed passphrases |
|
|
| Hardened policy lockdown |
Establishes security controls strictly enforced using SAF Separates resource control from product installation and job execution |
Enforce security policy to protect against configuration changes, access to product functions and issuing commands Provide auditable logging of changes |
|
|
| FIPS 140-2 mode | Operates using only FIPS 140-2 validated cryptographic modules | Meet compliance standards for encryption mandated by most Federal government agencies |
|
|
| File name encryption | Masks file name, file size, and other information to further protect data if it is intercepted in transit or improperly accessed | Protect data from unintended recipients and internal theft by encrypting information about the file and the meta data defining its contents |
|
|
| Application Integration | Streams data directly to/from applications without staging data to disk | Improve system resource efficiency and reduce risk by not staging sensitive data to disk |
|
|
| System Integration | Provides direct access to read or write files on Windows® or UNIX® servers by the z/OS® operating environment | Reduce total elapsed processing time by decreasing the number of steps needed to create and extract archives |
|
|
| Contingency Key | Ensures organizations are always able to quickly and easily access documents encrypted by their employees | Reduce/eliminate risk associated with improperly used encryption (e.g., insider theft) Ensure data is immediately available in the case of a critical audit |
|
|
| ISPF panel integration | Integrates with IBM’s Interactive System Productivity Facility (ISPF) allowing operators and systems programmers to initiate actions ad hoc, using 3270 screen menus and displays | Simplify product configuration updates and use of product functions through an interface most commonly used by systems programmers and operators |
|
|
| Large file size support | Compresses files up to 8 exabytes in size | Meet IT business requirements by enabling customers to process large files without the need to re-architect their files and applications |
|
|
| Enhanced tape processing |
Reduces the time needed to write files to, and extract files from, tape media; files are written directly to tape media, bypassing the need to stage them to disk first Quickly finds files in larger ZIP archives held on tape |
Improve user and staff productivity by reducing the number of steps and amount of time required to access data |
|
|
| zIIP Support | Offload processing to IBM z Integrated Information Processors (zIIP) | Free up general computing capacity and lower overall total cost of computing for select workloads |
|
|
Mainframe Encryption Software
Files that contain sensitive data, whether stored or being transmitted, need to be protected. SecureZIP® mainframe encryption software makes securing these files an effortless task. SecureZIP is the industry leading security and compression utility that greatly reduces transmission times and required storage space while securely protecting data, in transit and at rest. The combination of application, system, and ICSF integration make SecureZIP® for z/OS® an optimal solution for reducing processing times, increasing operational efficiencies, and leveraging existing investments within the mainframe environment. SecureZIP for z/OS includes OpenPGP support enabling enterprises to encrypt and decrypt using OpenPGP Keys in both ZIP and OpenPGP formats.
Conserve storage space and reduce file transfer timeSecureZIP mainframe encryption software includes advanced compression capabilities, which reduces bandwidth consumption and file size by as much as 95 percent. This both minimizes bandwidth consumption and storage requirements, trimming operating costs. Organizations can ensure that they get the most out of their existing investments without costly hardware acquisitions or upgrades.
Encrypt data using passphrases, digital certificates, or bothSecureZIP provides passphrase, x.509 digital certificate, and OpenPGP Key-based encryption, allowing for flexibility and optimal support for an organization’s data security infrastructure. SecureZIP also works with the leading commercial mainframe security applications, including CA ACF2, CA Top Secret, and RACF.
Accelerate operations with enhanced tape processingSecureZIP mainframe encryption software can significantly reduce the time needed to write zip archives to, and extract files from, zip archives on tape media with Enhanced Tape Processing. Moreover, it integrates with IBM’s Large Block Interface (LBI) so maximum use is made of today’s robust tape drives. SecureZIP for z/OS also includes enhanced file handling features to further accelerate critical business processes in the data center.
Reduce number of steps required to create and extract archivesMoving data between disparate computing systems often requires multiple steps and could require additional data translation products and converters. However, System Integration allows SecureZIP for z/OS to write directly to, and ready directly from, UNIX, Linux, and Windows file systems; this eliminates extra steps when moving files across systems.
System Integration also allows SecureZIP for z/OS to:
- Facilitate the exchange of data between different types of systems
- Automatically convert data to the appropriate format for the system
- Enhance PKWARE's extensive cross-platform capabilities. PKWARE is the only vendor to provide seamless, secure data exchange across z/OS for the mainframe, IBM i for the IBM Power midrange systems, UNIX/Linux/Windows servers, and Windows desktops.
Click here to see an image of how application integration works »
Access encrypted files for audit or recovery purposesFiles that have been encrypted must remain accessible to the organization. When files have been encrypted with digital certificates, OpenPGP Keys, or passphrases, SecureZIP’s Contingency Key capabilities ensure that encrypted data is accessible.
Contingency Key processing ensures SecureZIP customers can meet the need of auditors, compliance officers, or regulators to inspect or recover encrypted data, even if a password is forgotten or a decryption key lost - while still otherwise strongly protecting the data.
Leverage investment in IBM ICSFSecureZIP leverages IBM System z® Integrated Cryptographic Services Facility (ICSF), enabling organizations to take advantage of significant cost savings as a result of reduced resource requirements.
SecureZIP maximizes the investment made by customers in hardware cryptography by utilizing the least expensive processor capabilities within a system, while maintaining the data security and portability that the standard .zip file format provides. Archives encrypted using IBM hardware can still be decrypted using the SecureZIP application for any other supported platform - interoperability remains intact. SecureZIP leverages the performance advantages of hardware-assisted cryptography on System z, utilizing the best hardware feature enabled in a specific installation.
SecureZIP for z/OS supports Protected Key*, a blend of clear key and secure key, combining the performance attributes of clear key with the additional private key fortification of secure key. SecureZIP for z/OS support for IBM’s Protected Key uses a faster, CPU-friendly encryption processing method on IBM hardware.
Increase data protection policy & enforcement using SAF Module add-onImproved encryption/decryption key protection and increased data protection policy & enforcement are available with SAF integration for SecureZIP Enterprise Edition and SecureZIP PartnerLink.
- Enhanced Key Stores
- Protection of private keys used for signing & decryption, located in Security Server Key Rings
- Support for managing and using private keys in IBM's SAF-controlled ICSF CKDS (Cryptographic Key Data Set)
- Improved key management - shared keys across multiple enterprise applications from an industry standard key store
- SAF-Secured Passphrase Management
- Improved operational security with the elimination of exposed cryptographic passphrases
- SecureKey operations for algorithms supported by installed cryptographic coprocessors
- Passphrase management isolated from job execution
- Hardened Policy Lockdown
- Establish security controls strictly enforced using SAF
- Separate resource control from product installation and job execution
- SAF enforcement of Contingency Key processing for encrypted data recovery and oversight
- Security audit trail with SMF (System Management Facility) records
| System Requirements | ||||
|
||||
- Features and Benefits
- Stream data directly into and out of applications without staging it to disk*
- Reduce number of steps required to create and extract archives
- Leverage previous investments in IBM z/OS hardware cryptography
- Encrypt data using passphrases, digital certificates, OpenPGP Keys, or all
- Reduce time needed to write files to, and extract files from, tape media
- Access encrypted files for audit or recovery purposes
- Exchange data between operating systems, including z/OS®, Linux on System z®, IBM i, UNIX®/Linux® server, and Windows® server and desktop
- Increase data protection policy & enforcement using SAF integration*
- Comply with industry mandates and government regulations like PCI DSS, HIPAA/HITECH Act, EU Privacy ACT and FIPS 140-2
- zIIP Support offloads processing to IBM z Integrated Information Processors (zIIP) to free up general computing capacity and lower overall total cost of computing for select workloads.
- *Feature available in SecureZIP for z/OS Enterprise Edition
SecureZIP® for z/OS® - Feature Benefits
 |
 |
 |
||
| Application Integration Application Integration allows sensitive data to be brought directly into and out of applications without staging unprotected data to disk. |
 |
|||
 |
||||
System Integration |
|
|
||
|
||||
| Integration with IBM® ICSF hardware and software encryption Leverage your investment in IBM Cryptographic Services Facility to protect sensitive data in significantly shorter elapsed times, while ensuring cross-platform portability provided by the ZIP standard. |
|
|
||
| Support for IBM’s Protected Key PKWARE SecureZIP support and exploits IBM’s Protected Key. By utilizing Protected Key, customers are utilizing a more secure encryption solution over clear key and a more efficient/less resource intensive solution than Secure Key. |
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
|
|
||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
 |
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
|
||||
|
|
|
||
 |
||||
Press Room
Latest Blog Post
