IBM Systems Magazine, Mainframe - September/October 2010 - 43

key cryptography and symmetric cryptography in what’s called a wrapped-key method to protect tapes. “We used the pair of publicprivate keys to wrap the symmetric keys that encrypt the data. That pair of wrapped, encrypted keys is stored in multiple places out on the tape cartridge,” Arnold says. “What’s interesting is it greatly reduces the risk of loss or operational complexity.” Benefits of this method abound. First, key management is simplified. For example, say you have 100,000 tape cartridges. Instead of managing 100,000 keys, you can instead manage a handful of keys that are wrapping keys instead of the symmetrical keys. Second, the problem of secure-data sharing is solved. Rather than sending the tape and key together, the public key for the partner is used to protect the encryption key, thus eliminating the need to send keys in separate packages or other complexities of secret key distribution, Arnold says. “The method IBM created eliminates the need for sending the key because we’re using public-private cryptography to send it. The magic of public-private key cryptography is I can publish a key that anybody can read, but only I can read the data that’s been encrypted by that key,” Arnold says. “Public and private keys come in pairs; if I don’t have the private key, the public key does me no good. I can encrypt data using the public key, but I can’t read it unless I have the private key.” Arnold says the method’s been widely used in the financial

industry to share data with federal regulators around money laundering, antiterrorism or other disclosure requirements they must meet. Now organizations realize tapes aren’t the only potential data leaks. Disk drives and even photocopiers store old data and eventually leave the data center, risking exposure. “Photocopiers actually keep copies of the last n-number of photocopies it’s made,” Arnold says. “So people have gone out and bought disk drives out of photocopiers and discovered all sorts of sensitive information.” Disk drives leave data centers all of the time, according to Arnold. They go out of lease or need repair and “about 90 percent of disk drives that go out for repair still have readable customer data on them,” Arnold says. Even with stripping and raiding the data, block sizes can be large, and they’re getting larger. “Even with an average block size of 4 K, you can get a lot of credit-card numbers or Social-Security numbers in that large of a block. That’s an audit and compliance exposure; it would trigger the disclosure requirements that are now in 45 U.S. states,” Arnold says.

Supported Platforms for Tivoli Key Lifecycle Manager

hÁz/OS 1.9, 1.10, 1.11 hÁAIX 5.3, 6.1 or later hÁRed Hat Enterprise Linux 4.0 (32 bit), 5.0 (32 bit and 64 bit) hÁSuSE Linux 9 (32 bit) and 10 (32 bit and 64 bit) hÁSolaris 9, 10 SPARC hÁWindows Server 2003 (32 bit and 64 bit) and 2008 (32 bit and 64 bit)

;OLÃ7YVISLTÃ>P[OÃ2L`Z
A major reason for avoiding encryption implementation is fear of losing the keys needed to decrypt the data. Even administrators who have experience with good key-management systems for encryption and who believe key loss can be prevented often have concerns about complexity,

interoperability, performance and cost. Additionally, administrators must decide whether to encrypt data at rest, in flight or both. And there’s the performance hit data centers can experience with encryption, slowing daily operations. Implementing encryption and key management can help organi-

¸@V\ÃKVU»[Ã^HU[Ã[VÃOH]LÃ[VÃTHUHNLÃHÃRL`ÃMVYÃÃ L]LY`Ã\ZLYÃVYÃHÃRL`ÃMVYÃL]LY`ÃZ[VYHNLÃ]VS\TL!ÃÃ @V\Ã^HU[Ã[OPZÃQ\Z[Ã[VÃwork transparently,

reliably, in the background.”
— Gordon Arnold, IBM senior technical staff member
43

ibmsystemsmag.com/mainframe

SEPTEMBER /OCTOBER 2010


http://www.ibmsystemsmag.com/mainstream

IBM Systems Magazine, Mainframe - September/October 2010

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe - September/October 2010

IBM Systems Magazine, Mainframe - September/October 2010
Contents
Editor's Desk:  Not So Secret Sauce
Dashboard:  Find an Extra Day
Think Smarter:  Competing Takes Equal Parts Growth and Restraint
Data Display:  Privacy:  Who Do You Trust?
Insider:  Untangling the Web of Processes and Technology
Trends:  System z as the Hub of a Workload-Optimized, Business Analytics Systems
Case Study: A Merger Made Easy" EmblemHealth Saves Money By Easing into an In-Sourced Computing Model
Expanding Beyond Borders:  IBM zEnterprise Systems Announcement Delivers a New Dimension in Computing.
Reducing Complexity:  The Next-Generation System z Server Is More Than Just a Fast, Scalable Solution
Focus on Storage:  IBM Tivoli Key Lifecycle Manager Solves Security Problems and Meets New Standards
Administrator:  z/OS Management Facility V1.12 Includes New Workload-Management and Resource-Monitoring Functionality
Developer: pureXML Extends Availability and Scalability to DB2 for z/OS
Solutions
Advertisers' Index
Stop Run:  IBM Cooling Expert Roger Schmidt Says the Positioning of Machines Matters
2011 Mainframe Buyer's Guide
IBM Systems Magazine, Mainframe - September/October 2010 - IBM Systems Magazine, Mainframe - September/October 2010
IBM Systems Magazine, Mainframe - September/October 2010 - Cover2
IBM Systems Magazine, Mainframe - September/October 2010 - 1
IBM Systems Magazine, Mainframe - September/October 2010 - Contents
IBM Systems Magazine, Mainframe - September/October 2010 - 3
IBM Systems Magazine, Mainframe - September/October 2010 - 4
IBM Systems Magazine, Mainframe - September/October 2010 - 5
IBM Systems Magazine, Mainframe - September/October 2010 - 6
IBM Systems Magazine, Mainframe - September/October 2010 - 7
IBM Systems Magazine, Mainframe - September/October 2010 - 8
IBM Systems Magazine, Mainframe - September/October 2010 - 9
IBM Systems Magazine, Mainframe - September/October 2010 - Editor's Desk:  Not So Secret Sauce
IBM Systems Magazine, Mainframe - September/October 2010 - 11
IBM Systems Magazine, Mainframe - September/October 2010 - Dashboard:  Find an Extra Day
IBM Systems Magazine, Mainframe - September/October 2010 - 13
IBM Systems Magazine, Mainframe - September/October 2010 - 14
IBM Systems Magazine, Mainframe - September/October 2010 - 15
IBM Systems Magazine, Mainframe - September/October 2010 - Think Smarter:  Competing Takes Equal Parts Growth and Restraint
IBM Systems Magazine, Mainframe - September/October 2010 - 17
IBM Systems Magazine, Mainframe - September/October 2010 - 18
IBM Systems Magazine, Mainframe - September/October 2010 - 19
IBM Systems Magazine, Mainframe - September/October 2010 - Data Display:  Privacy:  Who Do You Trust?
IBM Systems Magazine, Mainframe - September/October 2010 - 21
IBM Systems Magazine, Mainframe - September/October 2010 - Insider:  Untangling the Web of Processes and Technology
IBM Systems Magazine, Mainframe - September/October 2010 - 22A
IBM Systems Magazine, Mainframe - September/October 2010 - 22B
IBM Systems Magazine, Mainframe - September/October 2010 - 23
IBM Systems Magazine, Mainframe - September/October 2010 - 24
IBM Systems Magazine, Mainframe - September/October 2010 - 25
IBM Systems Magazine, Mainframe - September/October 2010 - Trends:  System z as the Hub of a Workload-Optimized, Business Analytics Systems
IBM Systems Magazine, Mainframe - September/October 2010 - 27
IBM Systems Magazine, Mainframe - September/October 2010 - 28
IBM Systems Magazine, Mainframe - September/October 2010 - 29
IBM Systems Magazine, Mainframe - September/October 2010 - Case Study: A Merger Made Easy" EmblemHealth Saves Money By Easing into an In-Sourced Computing Model
IBM Systems Magazine, Mainframe - September/October 2010 - 31
IBM Systems Magazine, Mainframe - September/October 2010 - 32
IBM Systems Magazine, Mainframe - September/October 2010 - 33
IBM Systems Magazine, Mainframe - September/October 2010 - Expanding Beyond Borders:  IBM zEnterprise Systems Announcement Delivers a New Dimension in Computing.
IBM Systems Magazine, Mainframe - September/October 2010 - 35
IBM Systems Magazine, Mainframe - September/October 2010 - 36
IBM Systems Magazine, Mainframe - September/October 2010 - 37
IBM Systems Magazine, Mainframe - September/October 2010 - Reducing Complexity:  The Next-Generation System z Server Is More Than Just a Fast, Scalable Solution
IBM Systems Magazine, Mainframe - September/October 2010 - 39
IBM Systems Magazine, Mainframe - September/October 2010 - 40
IBM Systems Magazine, Mainframe - September/October 2010 - 41
IBM Systems Magazine, Mainframe - September/October 2010 - Focus on Storage:  IBM Tivoli Key Lifecycle Manager Solves Security Problems and Meets New Standards
IBM Systems Magazine, Mainframe - September/October 2010 - 43
IBM Systems Magazine, Mainframe - September/October 2010 - 44
IBM Systems Magazine, Mainframe - September/October 2010 - 45
IBM Systems Magazine, Mainframe - September/October 2010 - Administrator:  z/OS Management Facility V1.12 Includes New Workload-Management and Resource-Monitoring Functionality
IBM Systems Magazine, Mainframe - September/October 2010 - 47
IBM Systems Magazine, Mainframe - September/October 2010 - 48
IBM Systems Magazine, Mainframe - September/October 2010 - 49
IBM Systems Magazine, Mainframe - September/October 2010 - Developer: pureXML Extends Availability and Scalability to DB2 for z/OS
IBM Systems Magazine, Mainframe - September/October 2010 - 51
IBM Systems Magazine, Mainframe - September/October 2010 - 52
IBM Systems Magazine, Mainframe - September/October 2010 - 53
IBM Systems Magazine, Mainframe - September/October 2010 - Solutions
IBM Systems Magazine, Mainframe - September/October 2010 - Advertisers' Index
IBM Systems Magazine, Mainframe - September/October 2010 - Stop Run:  IBM Cooling Expert Roger Schmidt Says the Positioning of Machines Matters
IBM Systems Magazine, Mainframe - September/October 2010 - Cover3
IBM Systems Magazine, Mainframe - September/October 2010 - Cover4
IBM Systems Magazine, Mainframe - September/October 2010 - 2011 Mainframe Buyer's Guide
IBM Systems Magazine, Mainframe - September/October 2010 - BG-2
IBM Systems Magazine, Mainframe - September/October 2010 - BG-3
IBM Systems Magazine, Mainframe - September/October 2010 - BG-4
IBM Systems Magazine, Mainframe - September/October 2010 - BG-5
IBM Systems Magazine, Mainframe - September/October 2010 - FBG-6
IBM Systems Magazine, Mainframe - September/October 2010 - BG-7
IBM Systems Magazine, Mainframe - September/October 2010 - BG-8
IBM Systems Magazine, Mainframe - September/October 2010 - BG-9
IBM Systems Magazine, Mainframe - September/October 2010 - BG-10
IBM Systems Magazine, Mainframe - September/October 2010 - BG-11
IBM Systems Magazine, Mainframe - September/October 2010 - BG-12
IBM Systems Magazine, Mainframe - September/October 2010 - BG-13
IBM Systems Magazine, Mainframe - September/October 2010 - BG-14
IBM Systems Magazine, Mainframe - September/October 2010 - BG-15
IBM Systems Magazine, Mainframe - September/October 2010 - BG-16
IBM Systems Magazine, Mainframe - September/October 2010 - BG-17
IBM Systems Magazine, Mainframe - September/October 2010 - BG-18
IBM Systems Magazine, Mainframe - September/October 2010 - BG-19
IBM Systems Magazine, Mainframe - September/October 2010 - BG-20
IBM Systems Magazine, Mainframe - September/October 2010 - BG-21
IBM Systems Magazine, Mainframe - September/October 2010 - BG-22
IBM Systems Magazine, Mainframe - September/October 2010 - BG-23
IBM Systems Magazine, Mainframe - September/October 2010 - BG-24
IBM Systems Magazine, Mainframe - September/October 2010 - BG-25
IBM Systems Magazine, Mainframe - September/October 2010 - BG-26
IBM Systems Magazine, Mainframe - September/October 2010 - BG-27
IBM Systems Magazine, Mainframe - September/October 2010 - BG-28
IBM Systems Magazine, Mainframe - September/October 2010 - BG-29
IBM Systems Magazine, Mainframe - September/October 2010 - BG-30
IBM Systems Magazine, Mainframe - September/October 2010 - BG-31
IBM Systems Magazine, Mainframe - September/October 2010 - BG-32
IBM Systems Magazine, Mainframe - September/October 2010 - 95
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200910
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbookmedia.com