zos

Features and Benefits

Feature Function Benefit Std Ent
Zip archives Reduces file size by as much as 95% Reduce costs through the conservation of network bandwidth, storage space, and backup tapes check check
Hardware-accelerated encryption Encrypt files using System z hardware Improve workload throughput by using less CPU overhead to perform file encryption check check
Hardware- accelerated compression Compresses files using System z hardware Improve workload throughput by using less CPU overhead to perform file compression check check
Customize static dictionaries Enables better compression ratios by tailoring static dictionaries to your business data Experience greater storage savings and smaller files spanning your network check check
Support for IBM® Protected Key processing Blends the performance profile of clear key encryption with the superior private key protection of secure key Improve workload efficiency by using less CPU to encrypt files with z/OS cryptographic processors check check
Strong password-based data file protection SecureZIP supports AES or 3DES encryption to protect valuable information Files encrypted with SecureZIP may be decrypted and extracted on major enterprise computing platforms using PKZIP or SecureZIP check check
Encrypt data using passphrases, digital certificates, OpenPGP Keys, or all SecureZIP accommodates those who have PKI and those that don't by enabling encryption and decryption via passphrases, public key/private key pairs, or both at the same time depending on the access requirements of each intended recipient. Recipients can then decrypt files by presenting the correct passphrase or private key

SecureZIP supports X.509 RSA® v3 certificates issued from recognized certificate authorities such as Comodo®, VeriSign®, Entrust®, and Microsoft®. SecureZIP also supports OpenPGP public/private keys and passphrases
Maintain control of data by encrypting and decrypting files through business-selected method of encryption, including those files protected with public/ private keys check check
Digital signatures Enables users to sign files with their unique digital certificates and OpenPGP Keys Validate the signature of signed files to ensure the sender is who they claim to be and verify that the document has not been altered or tampered with since signing (may also offer non-repudiation, tracking the signature to the creator) check check
Secure private key store Includes a secure private key store that is compliant with mainframe security servers RACF®, ACF2®, and Top Secret® Simplify management of resources by using your security server as a central point of distribution for public and private keys check check
Automatic access to public keys in directories Offers an optional interface that integrates with Lightweight Directory Access Protocol (LDAP) compliant directories, such as Sun® iPlanet, Novell NetWare®, and Microsoft Active Directory® Locate, retrieve, and apply public keys for certificate-based encryption and decryption with ease check check
SAF enhanced key stores Protects private keys used for signing & decryption

Supports the management of using private keys in IBM’s SAF-controlled ICSF CKDS (Cryptographic Key Data Set)
Improve key management by sharing keys across multiple enterprise applications from an industry standard key store check check
SAF Secured Passphrase Management Isolates passphrase management from job execution Improve operational security with the elimination of exposed passphrases check check
Hardened policy lockdown Establishes security controls strictly enforced using SAF

Separates resource control from product installation and job execution
Enforce security policy to protect against configuration changes, access to product functions and issuing commands

Provide auditable logging of changes
check check
FIPS 140-2 mode Operates using only FIPS 140-2 validated cryptographic modules Meet compliance standards for encryption mandated by most Federal government agencies check check
File name encryption Masks file name, file size, and other information to further protect data if it is intercepted in transit or improperly accessed Protect data from unintended recipients and internal theft by encrypting information about the file and the meta data defining its contents check check
Application Integration Streams data directly to/from applications without staging data to disk Improve system resource efficiency and reduce risk by not staging sensitive data to disk check check
System Integration Provides direct access to read or write files on Windows® or UNIX® servers by the z/OS® operating environment Reduce total elapsed processing time by decreasing the number of steps needed to create and extract archives check check
Contingency Key Ensures organizations are always able to quickly and easily access documents encrypted by their employees Reduce/eliminate risk associated with improperly used encryption (e.g., insider theft) Ensure data is immediately available in the case of a critical audit check check
ISPF panel integration Integrates with IBM’s Interactive System Productivity Facility (ISPF) allowing operators and systems programmers to initiate actions ad hoc, using 3270 screen menus and displays Simplify product configuration updates and use of product functions through an interface most commonly used by systems programmers and operators check check
Large file size support Compresses files up to 8 exabytes in size Meet IT business requirements by enabling customers to process large files without the need to re-architect their files and applications check check
Enhanced tape processing Reduces the time needed to write files to, and extract files from, tape media; files are written directly to tape media, bypassing the need to stage them to disk first

Quickly finds files in larger ZIP archives held on tape
Improve user and staff productivity by reducing the number of steps and amount of time required to access data check check
zIIP Support Offload processing to IBM z Integrated Information Processors (zIIP) Free up general computing capacity and lower overall total cost of computing for select workloads check check
SecureZIP for Server
Products » SecureZIP » Desktop
security
SecureZIP for z/OS

Mainframe Encryption Software

Files that contain sensitive data, whether stored or being transmitted, need to be protected. SecureZIP® mainframe encryption software makes securing these files an effortless task. SecureZIP is the industry leading security and compression utility that greatly reduces transmission times and required storage space while securely protecting data, in transit and at rest. The combination of application, system, and ICSF integration make SecureZIP® for z/OS® an optimal solution for reducing processing times, increasing operational efficiencies, and leveraging existing investments within the mainframe environment. SecureZIP for z/OS includes OpenPGP support enabling enterprises to encrypt and decrypt using OpenPGP Keys in both ZIP and OpenPGP formats.


Conserve storage space and reduce file transfer timeSecureZIP mainframe encryption software includes advanced compression capabilities, which reduces bandwidth consumption and file size by as much as 95 percent. This both minimizes bandwidth consumption and storage requirements, trimming operating costs. Organizations can ensure that they get the most out of their existing investments without costly hardware acquisitions or upgrades.

Encrypt data using passphrases, digital certificates, or bothSecureZIP provides passphrase, x.509 digital certificate, and OpenPGP Key-based encryption, allowing for flexibility and optimal support for an organization’s data security infrastructure. SecureZIP also works with the leading commercial mainframe security applications, including CA ACF2, CA Top Secret, and RACF.

Accelerate operations with enhanced tape processingSecureZIP mainframe encryption software can significantly reduce the time needed to write zip archives to, and extract files from, zip archives on tape media with Enhanced Tape Processing. Moreover, it integrates with IBM’s Large Block Interface (LBI) so maximum use is made of today’s robust tape drives. SecureZIP for z/OS also includes enhanced file handling features to further accelerate critical business processes in the data center.

Reduce number of steps required to create and extract archivesMoving data between disparate computing systems often requires multiple steps and could require additional data translation products and converters. However, System Integration allows SecureZIP for z/OS to write directly to, and ready directly from, UNIX, Linux, and Windows file systems; this eliminates extra steps when moving files across systems.

System Integration also allows SecureZIP for z/OS to:

  • Facilitate the exchange of data between different types of systems
  • Automatically convert data to the appropriate format for the system
  • Enhance PKWARE's extensive cross-platform capabilities. PKWARE is the only vendor to provide seamless, secure data exchange across z/OS for the mainframe, IBM i for the IBM Power midrange systems, UNIX/Linux/Windows servers, and Windows desktops.


Click here to see an image of how application integration works »

Access encrypted files for audit or recovery purposesFiles that have been encrypted must remain accessible to the organization. When files have been encrypted with digital certificates, OpenPGP Keys, or passphrases, SecureZIP’s Contingency Key capabilities ensure that encrypted data is accessible.

Contingency Key processing ensures SecureZIP customers can meet the need of auditors, compliance officers, or regulators to inspect or recover encrypted data, even if a password is forgotten or a decryption key lost - while still otherwise strongly protecting the data.

Leverage investment in IBM ICSFSecureZIP leverages IBM System z® Integrated Cryptographic Services Facility (ICSF), enabling organizations to take advantage of significant cost savings as a result of reduced resource requirements.

SecureZIP maximizes the investment made by customers in hardware cryptography by utilizing the least expensive processor capabilities within a system, while maintaining the data security and portability that the standard .zip file format provides. Archives encrypted using IBM hardware can still be decrypted using the SecureZIP application for any other supported platform - interoperability remains intact. SecureZIP leverages the performance advantages of hardware-assisted cryptography on System z, utilizing the best hardware feature enabled in a specific installation.

SecureZIP for z/OS supports Protected Key*, a blend of clear key and secure key, combining the performance attributes of clear key with the additional private key fortification of secure key. SecureZIP for z/OS support for IBM’s Protected Key uses a faster, CPU-friendly encryption processing method on IBM hardware.


Increase data protection policy & enforcement using SAF Module add-onImproved encryption/decryption key protection and increased data protection policy & enforcement are available with SAF integration for SecureZIP Enterprise Edition and SecureZIP PartnerLink.

    Enhanced Key Stores
  • Protection of private keys used for signing & decryption, located in Security Server Key Rings
  • Support for managing and using private keys in IBM's SAF-controlled ICSF CKDS (Cryptographic Key Data Set)
  • Improved key management - shared keys across multiple enterprise applications from an industry standard key store

    SAF-Secured Passphrase Management
  • Improved operational security with the elimination of exposed cryptographic passphrases
  • SecureKey operations for algorithms supported by installed cryptographic coprocessors
  • Passphrase management isolated from job execution

    Hardened Policy Lockdown
  • Establish security controls strictly enforced using SAF
  • Separate resource control from product installation and job execution
  • SAF enforcement of Contingency Key processing for encrypted data recovery and oversight
  • Security audit trail with SMF (System Management Facility) records


System Requirements
  • Operating System: z/OS 1.11 - 1.13
  • Hardware: 2064 or newer
  • Features and Benefits
  • Stream data directly into and out of applications without staging it to disk*
  • Reduce number of steps required to create and extract archives
  • Leverage previous investments in IBM z/OS hardware cryptography
  • Encrypt data using passphrases, digital certificates, OpenPGP Keys, or all
  • Reduce time needed to write files to, and extract files from, tape media
  • Access encrypted files for audit or recovery purposes
  • Exchange data between operating systems, including z/OS®, Linux on System z®, IBM i, UNIX®/Linux® server, and Windows® server and desktop
  • Increase data protection policy & enforcement using SAF integration*
  • Comply with industry mandates and government regulations like PCI DSS, HIPAA/HITECH Act, EU Privacy ACT and FIPS 140-2
  • zIIP Support offloads processing to IBM z Integrated Information Processors (zIIP) to free up general computing capacity and lower overall total cost of computing for select workloads.
  • *Feature available in SecureZIP for z/OS Enterprise Edition


>> back to z/OS product page

SecureZIP® for z/OS® - Feature Benefits
Application Integration
Application Integration allows sensitive data to be brought directly into and out of applications without staging unprotected data to disk.

 

System Integration
Provides direct access to read or write files on Windows® or UNIX® servers by the z/OS® operating environment. It reduces the number of steps needed to create and extract archives, reducing the total elapsed processing time significantly.

 
Integration with IBM® ICSF hardware and software encryption
Leverage your investment in IBM Cryptographic Services Facility to protect sensitive data in significantly shorter elapsed times, while ensuring cross-platform portability provided by the ZIP standard.

Support for IBM’s Protected Key
PKWARE SecureZIP support and exploits IBM’s Protected Key. By utilizing Protected Key, customers are utilizing a more secure encryption solution over clear key and a more efficient/less resource intensive solution than Secure Key.


FIPS 140-2 Compliancy
SecureZIP operates using only FIPS 140 validated cryptographic modules, in support of compliance mandated by most Federal government agencies for data security.


Enhanced tape processing
Significantly reduce the time needed to write files to and extract files from tape media. Files are written directly to tape media, bypassing the need to stage them to disk first.


File name encryption
File name encryption masks file name, file size, and other information to further protect data if it is intercepted in transit or improperly accessed.


Industry-leading PKZIP® compression
While most encryption solutions make files larger, SecureZIP® includes PKZIPs powerful compression algorithms to reduce file size by as much as 95 percent dramatically reducing CPU cycle, DASD, tape, and bandwidth consumption.


Hardware accelerated compression
PKZIP exploits the z/OS compression features, which enables file reduction to 50 – 70% of their original size. Since it is built into the hardware, customers can save on CPU overhead, which can be utilized to process other workloads with greater efficiency.


Dynamic and static compression dictionaries
Programmers can enable better compression ratios by customizing static dictionaries to your business data. This results in greater storage savings and smaller files spanning your network.


ISPF panel integration
Integration with IBMs Interactive System Productivity Facility (ISPF) allows system operators to initiate PKZIP actions ad hoc, using 3270 screen menus and displays.


Encryption via passphrases, digital certificates, or both
SecureZIP® accommodates differing security environments, including those who have PKI and those that do not by enabling encryption and decryption via passphrases, public key/private key pairs, or both at the same time depending on the access requirements of each intended recipient. Recipients can then decrypt files by presenting the correct passphrase or private key.

SecureZIP supports X.509 RSA v3 certificates issued from recognized certificate authorities such as VeriSign®, Entrust®, and Microsoft®.


Digital signatures to verify documents have not been altered
SecureZIP® enables users to sign files with their unique digital certificates. Recipients of signed files can validate the signature to ensure the sender is who they claim to be, and verify that the document has not been altered or tampered with since it was signed. In addition, digital signatures offer non-repudiation in other words, the signer cannot later claim that the signature is not valid


Secure private key store
SecureZIP® Advanced Encryption Module includes a secure private key store that is compliant with major mainframe access control systems such as RACF®, ACF2®, and Top Secret®.


Automatic access to public keys in directories
SecureZIP offers an optional interface that integrates with Lightweight Directory Access Protocol (LDAP) compliant directories, such as Sun® iPlanet, Novell® NetWare®, and Microsoft® Active Directory®. LDAP integration makes it easy to locate, retrieve, and apply the public keys for certificate-based encryption.


Easy recovery of encrypted files
Improperly used encryption can effectively lock an organization out of its own data. This can put intellectual property in jeopardy of insider theft, and place the entire business at risk if a critical audit requires immediate access to protected data. SecureZIP®s contingency key capabilities ensure organizations are always able to quickly and easily access documents encrypted by their employees.


SAF Enhanced Key Stores

  • Protection of private keys used for signing & decryption, located in Security Server Key Rings
  • Support for managing and using private keys in IBM’s SAF-controlled ICSF CKDS (Cryptographic Key Data Set)
  • Improved key management – shared keys across multiple enterprise applications from an industry standard key store


SAF-Secured Passphrase Management

  • Improved operational security with the elimination of exposed cryptographic passphrases
  • SecureKey operations for algorithms supported by installed cryptographic coprocessors
  • Passphrase management isolated from job execution


Hardened Policy Lockdown

  • Establish security controls strictly enforced using SAF
  • Separate resource control from product installation and job execution
  • SAF enforcement of Contingency Key processing for encrypted data recovery and oversight
  • Security audit trail with SMF (System Management Facility) records