Smartcrypt for Mainframe
Protect sensitive data and reduce resource demands
Mainframe computing systems were once considered to be relatively safe from cyber attacks, but threats to these critically important business assets are becoming more prevalent and more serious every day.
No organization can afford to leave customer information and other sensitive data housed in mainframes exposed to cyber threats. However, typical mainframe encryption solutions only protect a subset of data types or apply to limited use cases, and often create performance issues.
Persistent data security for mainframes and beyond
Smartcrypt is different. Providing data-level encryption for IBM Z mainframes, Smartcrypt is the most flexible and powerful IBM Z encryption solution available. It protects both structured and unstructured data, gives customers the option to embed encryption directly into their applications, and can secure mainframe databases with field-level, length-preserving encryption.
Unlike other encryption products (including solutions that encrypt all data stored on the mainframe), Smartcrypt applies persistent protection that stays with data even after it leaves the mainframe environment. With Smartcrypt, encrypted data can be transmitted from the mainframe to user devices, web servers, or other external destinations while remaining inaccessible to unauthorized users.
How it works
Smartcrypt exploits the z/OS Integrated Cryptographic Services Facility, delivering faster and more efficient encryption/decryption processing than other non-native encryption products. Encryption performance overhead can be 5% or even less on z14 systems.
Smartcrypt delivers additional performance enhancements by using PKWARE’s advanced compression functionality, reducing file sizes between 10 to 95 percent prior to encryption. Decreased file sizes dramatically reduce demands on CPU and storage resources, improving overall system performance. No other encryption solution offers smaller files post-encryption.
Files encrypted by Smartcrypt on mainframe systems are interoperable with Smartcrypt's other solutions, including agents for user devices, file servers, and midrange systems.
Encryption keys can be stored in purpose-built hardware security modules on IBM Z hardware, and are interoperable with third-party dedicated key management appliances. Smartcrypt also includes an automated interface for retrieving public keys from LDAP compliant directories, greatly increasing the ease of use of public keys for encryption in IBM Z processing.
The Smartcrypt for Mainframe agent is installed on each system that may potentially store or process sensitive information.
Agents can be configured to encrypt all data within the mainframe environment, or only data within specified locations.
The Smartcrypt agent is configured and managed directly through the mainframe interface. Encryption can be enabled through default settings or individual commands.
Encryption keys can be stored in an IBM Z hardware security module or managed via a separate key management appliance.
End User Experience
Users who store or access files in protected locations can continue to use their normal workflows.
Smartcrypt automates encryption and decryption, so the process is transparent to the end user.