Mainframe Encryption Software

Conserve storage space and reduce file transfer timeSecureZIP mainframe encryption software includes advanced compression capabilities, which reduces bandwidth consumption and file size by as much as 95 percent. This both minimizes bandwidth consumption and storage requirements, trimming operating costs. Organizations can ensure that they get the most out of their existing investments without costly hardware acquisitions or upgrades.

Encrypt data using passphrases, digital certificates, or bothSecureZIP provides passphrase, x.509 digital certificate, and OpenPGP Key-based encryption, allowing for flexibility and optimal support for an organization’s data security infrastructure. SecureZIP also works with the leading commercial mainframe security applications, including CA ACF2, CA Top Secret, and RACF.

Accelerate operations with enhanced tape processingSecureZIP mainframe encryption software can significantly reduce the time needed to write zip archives to, and extract files from, zip archives on tape media with Enhanced Tape Processing. Moreover, it integrates with IBM’s Large Block Interface (LBI) so maximum use is made of today’s robust tape drives. SecureZIP for z/OS also includes enhanced file handling features to further accelerate critical business processes in the data center.

Reduce number of steps required to create and extract archivesMoving data between disparate computing systems often requires multiple steps and could require additional data translation products and converters. However, System Integration allows SecureZIP for z/OS to write directly to, and ready directly from, UNIX, Linux, and Windows file systems; this eliminates extra steps when moving files across systems.

System Integration also allows SecureZIP for z/OS to:

• Facilitate the exchange of data between different types of systems
• Automatically convert data to the appropriate format for the system
• Enhance PKWARE's extensive cross-platform capabilities. PKWARE is the only vendor to provide seamless, secure data exchange across z/OS for the mainframe, IBM i for the IBM Power midrange systems, UNIX/Linux/Windows servers, and Windows desktops.

Click here to see an image of how application integration works »

Access encrypted files for audit or recovery purposesFiles that have been encrypted must remain accessible to the organization. When files have been encrypted with digital certificates, OpenPGP Keys, or passphrases, SecureZIP’s Contingency Key capabilities ensure that encrypted data is accessible.

Contingency Key processing ensures SecureZIP customers can meet the need of auditors, compliance officers, or regulators to inspect or recover encrypted data, even if a password is forgotten or a decryption key lost - while still otherwise strongly protecting the data.

Leverage investment in IBM ICSFSecureZIP leverages IBM System z® Integrated Cryptographic Services Facility (ICSF), enabling organizations to take advantage of significant cost savings as a result of reduced resource requirements.

SecureZIP maximizes the investment made by customers in hardware cryptography by utilizing the least expensive processor capabilities within a system, while maintaining the data security and portability that the standard .zip file format provides. Archives encrypted using IBM hardware can still be decrypted using the SecureZIP application for any other supported platform - interoperability remains intact. SecureZIP leverages the performance advantages of hardware-assisted cryptography on System z, utilizing the best hardware feature enabled in a specific installation.

SecureZIP for z/OS supports Protected Key*, a blend of clear key and secure key, combining the performance attributes of clear key with the additional private key fortification of secure key. SecureZIP for z/OS support for IBM’s Protected Key uses a faster, CPU-friendly encryption processing method on IBM hardware.

Increase data protection policy & enforcement using SAF Module add-onImproved encryption/decryption key protection and increased data protection policy & enforcement are available with SAF integration for SecureZIP Enterprise Edition and SecureZIP PartnerLink.

Enhanced Key Stores
• Protection of private keys used for signing & decryption, located in Security Server Key Rings
• Support for managing and using private keys in IBM's SAF-controlled ICSF CKDS (Cryptographic Key Data Set)
• Improved key management - shared keys across multiple enterprise applications from an industry standard key store

SAF-Secured Passphrase Management
• Improved operational security with the elimination of exposed cryptographic passphrases
• SecureKey operations for algorithms supported by installed cryptographic coprocessors
• Passphrase management isolated from job execution

Hardened Policy Lockdown
• Establish security controls strictly enforced using SAF
• Separate resource control from product installation and job execution
• SAF enforcement of Contingency Key processing for encrypted data recovery and oversight
• Security audit trail with SMF (System Management Facility) records