|
White Paper
Using SecureZIP to Deliver
Strong Security on a MainframeWhite Paper
As if corporate pressures alone were not enough to drive your organization to fi nd better security solutions, legislative changes now force that obligation on you. With the introduction of Federal data security mandates such as Gramm-Leach-Bliley (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley (SOX), your enterprise is now required by law to increase data protection.and in a timely manner.
When it comes to mainframe security, leading products in enterprise server security management dominate the landscape - products such as RACF, ACF2, and Top Secret. However, once corporate data passes outside the fi rewall onto public networks - so that transactions with clients and business partners can take place - that data is susceptible to the malicious and unforgiving world of hackers and others seeking to intercept valuable data. Unfortunately, this is also a world of heterogeneous networks and operating systems, a world where RACF, ACF2, and Top Secret can't provide protection.
Mainframe Data Security OptionsMost of today's solutions address some security requirements but remain partial solutions at best. Secure and dedicated lines, SSL, and VPNs are just a few examples of how data can be secured in transit; however, these options do not secure data beyond either end of a transmission or in storage. Once data leaves the secure connection and has been moved onto another system, it is no longer protected.
In addition to providing only partial protection, the above solutions are often expensive and diffi cult to implement and confi gure. Moreover, they have not been conducive to broad deployment and usage. These solutions typically:
? Are very complex to implement and support? Require signifi cant infrastructure investment? Increase storage, processing, and bandwidth requirements for existingplatforms and networks? Impose signifi cant infrastructure burdens on external partners and customers in order to achieve secure interoperability outside the fi rewall
In order to ensure data integrity, a security solution must provide protection while the data is both in storage and in transit. Government regulations require that certain types of data, such as consumer records and protected health information (PHI) are secure at all times. Instead of managing different rules for different types of data, more and more businesses are adopting similar rules for all types of corporate data. Such persistent security is the only truly complete security, as everything else leaves valuable information unprotected.
How it Works: Strong Password Based Encryption Encryption protects the privacy of data. Regular, unprotected data is called plaintext. Encryption transforms plaintext into an unreadable form, called ciphertext, using an encryption key. Decryption transforms the ciphertext back into plaintext using a decryption key. The encryption of plaintext into ciphertext and the decryption back into plaintext is done using computer algorithms. Several algorithms have been approved under the Federal Information Processing Standard (FIPS) for the 2 Copyright© 2004 PKWARE, Inc. and its licensors. All rights reserved. Trademarks of other companies mentioned in this documentation appear for identifi cation purposes only and are property of their respective companies. SecureZIP is a trade mark and PKZIP is a registered trade mark of PKWARE, Inc.White Paper
encryption of general purpose data. Each of these algorithms is a symmetric key algorithm, where the encryption key is the same as the decryption key - specifi cally, a password or passphrase. In order to maintain the privacy of the data encrypted by a key, the key must be known only by the entities that are authorized to access the data. The algorithms used are commonly known as block cipher algorithms, because the encryption and decryption processes each operate on blocks of data of a fi xed size.
Public/Private Key Asymmetric Encryption Using public/private key asymmetric encryption provides a higher level of security compared to password-based encryption. Asymmetric encryption uses a publicly available key to encrypt data. Decrypting a fi le that has been encrypted with a public key requires the presence of the corresponding private key in order for decryption to take place. When the private decr... [download for more]
|
