IBM Systems magazine, Mainframe - July/August 2019 - 54

TE C H BITS
Cecilia Carranza Lewis // Senior technical staff member, IBM Systems
capabilities that differentiate it
from hardware-level encryption:
*

ASK
THE
EXPERT

*

Q: How does z/OS data set encryption differentiate itself from other
types of encryption for data at rest?

A

s clients begin their journey
with pervasive encryption,
they consider how best
to protect their data in order to
satisfy regulatory compliances
and avoid potential data breaches. They often wonder how data
set encryption differentiates
itself from other types of encryp&! Ã!$ÃÈÄ&ÄÃÄ&Ã$É%&QÃ%"ÉÇ®ÃÇÄ1Ã
hardware-level encryption. Understanding the value of each type of
encryption helps clients pursue
the approach that's right for them.
You may have seen the encryption pyramid depicting different
layers of encryption for data at rest:
'ÃÈ%ÃÄ ÈÃ&Ä"ÉÃÉ Ç$1"&! RîÃÉÃ!$Ã
data set encryption; database encryption; and application encryption. Note that all encryption levels

are complementary. Hardware
encryption should be enabled for
all storage devices where supported. Full disk and tape encryption
provides 100% coverage for data at
rest. It provides protection against
the potential exposure of sensitive
user data stored on storage devices
that may have been discarded, lost
or stolen. However, this isn't always
%'®ÃÇÉ &Nʉ
That's where z/OS* data set
encryption can help. With z/OS data
set encryption, you can encrypt
data without requiring application
changes. You supply an encryption
key label during data set create
and, under the covers, the access
methods encrypt data on writes,
and decrypt data on reads. Data set
encryption provides the following

HAVE A QUESTION FOR AN IBM Z EXPERT?
Email it to Managing Editor Keelia Estrada Moeller at
kmoeller@msptechmedia.com.

54 | JULY/AUGUST 2019 IBMSYSTEMSMAG.COM

*

‹Ã

*

Enabled via policy. You can
identify the data sets to be
encrypted by specifying a
key label via policies, such as
RACF* data set profile or SMS
data class.
Data set-level granularity. You
can decide which data sets
should be encrypted, and how
many unique encryption keys
are to be used. For example, a
unique key per data set, one
key for all data sets, one key for
all data sets associated with an
Ä""ÇÄ&! QÃÉ&ÇNʉ
Separation of duties. You can
decide who has the authority
to access data, since it requires
authority to the data set's key
label. For example, you can
choose to only allow the data
owner to access the data, while
the storage administrator can
only manage the data set. This
allows you to remove certain
roles from compliance scope.
% Ç$1"&! à ïÃ&ÃÄ ÈÃÄ&Ã
rest. The data is encrypted in
the host. Therefore, the data is
É Ç$1"&ÉÈà ïÃ&ÃÄ%Ã&V%Ã&$Ä %I
ferred over the SAN to be stored
on disk, where it's encrypted at
rest. Data also remains encrypted during backup, migra&! ÃÄ ÈÃ$É"ÇÄ&! Nʉ
Audit simplification. Encryption attributes are displayed
along with data set metadata.
Auditors can use enhanced
tooling to validate compliance
requirements.

Pervasive encryption is a journey. Learn more about z/OS data
set encryption and why it may be
the right choice for your enterprise
data (bit.ly/2T1ZUw8).
Cecilia Carranza Lewis is an IBM
senior technical staff member.


http://www.bit.ly/2T1ZUw8 http://www.IBMSYSTEMSMAG.COM

IBM Systems magazine, Mainframe - July/August 2019

Table of Contents for the Digital Edition of IBM Systems magazine, Mainframe - July/August 2019

Table of Contents
Editor's Desk: Resiliency is key in an 'always-on' world
Currents: Alphabet soup of compliance
Currents: X-Force Red discovers sign-in kiosk vulnerabilities
Currents: IBM Z hardware and software maximize resiliency
Currents: A robot walks into a bar
Currents: How resilient is your IBM Z system of record?
Currents: Solutions
Partner POV: Redirecting select mainframe workloads to the cloud could create new opportunities
Cover Story: Fail Safe: Puerto Rico's disaster recovery planning is a blueprint for your data protection
Feature 1: Elevating Hybrid Cloud: IBM Z strengthens security, resiliency and open development for cloud infrastructure
Champions Showcase: The 2019 IBM Z Champions are committed to communicating the value of the platform
Hot Topics: z/OS Cloud Broker leverages common cloud platforms to enable z/OS resource consumption
Techbits: Disposable data can pose legal liabilities and security risks
Techbits: Raising the bar on IBM Z resiliency with GDPS
Techbits: Get real-time insight and data security with Open Data Analytics for z/OS
Techbits: Ask the expert: z/OS data set encryption
Beyond the Box: z/VM Senior Software Engineer Brian Wade finds similarities between his job and his life as a pilot
Reference Point - Global Events, Education, Resources for Power Systems
2019 Mainframe Solutions Edition Product Index
IBM Systems magazine, Mainframe - July/August 2019 - Intro
IBM Systems magazine, Mainframe - July/August 2019 - Cover1
IBM Systems magazine, Mainframe - July/August 2019 - Cover2
IBM Systems magazine, Mainframe - July/August 2019 - 1
IBM Systems magazine, Mainframe - July/August 2019 - 2
IBM Systems magazine, Mainframe - July/August 2019 - 3
IBM Systems magazine, Mainframe - July/August 2019 - Table of Contents
IBM Systems magazine, Mainframe - July/August 2019 - 5
IBM Systems magazine, Mainframe - July/August 2019 - Editor's Desk: Resiliency is key in an 'always-on' world
IBM Systems magazine, Mainframe - July/August 2019 - 7
IBM Systems magazine, Mainframe - July/August 2019 - Currents: Alphabet soup of compliance
IBM Systems magazine, Mainframe - July/August 2019 - Currents: X-Force Red discovers sign-in kiosk vulnerabilities
IBM Systems magazine, Mainframe - July/August 2019 - Currents: IBM Z hardware and software maximize resiliency
IBM Systems magazine, Mainframe - July/August 2019 - 11
IBM Systems magazine, Mainframe - July/August 2019 - Currents: A robot walks into a bar
IBM Systems magazine, Mainframe - July/August 2019 - 13
IBM Systems magazine, Mainframe - July/August 2019 - Currents: How resilient is your IBM Z system of record?
IBM Systems magazine, Mainframe - July/August 2019 - 15
IBM Systems magazine, Mainframe - July/August 2019 - Currents: Solutions
IBM Systems magazine, Mainframe - July/August 2019 - 17
IBM Systems magazine, Mainframe - July/August 2019 - Partner POV: Redirecting select mainframe workloads to the cloud could create new opportunities
IBM Systems magazine, Mainframe - July/August 2019 - 19
IBM Systems magazine, Mainframe - July/August 2019 - Cover Story: Fail Safe: Puerto Rico's disaster recovery planning is a blueprint for your data protection
IBM Systems magazine, Mainframe - July/August 2019 - 21
IBM Systems magazine, Mainframe - July/August 2019 - 22
IBM Systems magazine, Mainframe - July/August 2019 - 23
IBM Systems magazine, Mainframe - July/August 2019 - 24
IBM Systems magazine, Mainframe - July/August 2019 - 25
IBM Systems magazine, Mainframe - July/August 2019 - 26
IBM Systems magazine, Mainframe - July/August 2019 - 27
IBM Systems magazine, Mainframe - July/August 2019 - Feature 1: Elevating Hybrid Cloud: IBM Z strengthens security, resiliency and open development for cloud infrastructure
IBM Systems magazine, Mainframe - July/August 2019 - 29
IBM Systems magazine, Mainframe - July/August 2019 - 30
IBM Systems magazine, Mainframe - July/August 2019 - 31
IBM Systems magazine, Mainframe - July/August 2019 - 32
IBM Systems magazine, Mainframe - July/August 2019 - 33
IBM Systems magazine, Mainframe - July/August 2019 - 34
IBM Systems magazine, Mainframe - July/August 2019 - 35
IBM Systems magazine, Mainframe - July/August 2019 - 36
IBM Systems magazine, Mainframe - July/August 2019 - 37
IBM Systems magazine, Mainframe - July/August 2019 - Champions Showcase: The 2019 IBM Z Champions are committed to communicating the value of the platform
IBM Systems magazine, Mainframe - July/August 2019 - 39
IBM Systems magazine, Mainframe - July/August 2019 - 40
IBM Systems magazine, Mainframe - July/August 2019 - 41
IBM Systems magazine, Mainframe - July/August 2019 - 42
IBM Systems magazine, Mainframe - July/August 2019 - 43
IBM Systems magazine, Mainframe - July/August 2019 - 44
IBM Systems magazine, Mainframe - July/August 2019 - 45
IBM Systems magazine, Mainframe - July/August 2019 - Hot Topics: z/OS Cloud Broker leverages common cloud platforms to enable z/OS resource consumption
IBM Systems magazine, Mainframe - July/August 2019 - 47
IBM Systems magazine, Mainframe - July/August 2019 - 48
IBM Systems magazine, Mainframe - July/August 2019 - 49
IBM Systems magazine, Mainframe - July/August 2019 - Techbits: Disposable data can pose legal liabilities and security risks
IBM Systems magazine, Mainframe - July/August 2019 - Techbits: Raising the bar on IBM Z resiliency with GDPS
IBM Systems magazine, Mainframe - July/August 2019 - 52
IBM Systems magazine, Mainframe - July/August 2019 - Techbits: Get real-time insight and data security with Open Data Analytics for z/OS
IBM Systems magazine, Mainframe - July/August 2019 - Techbits: Ask the expert: z/OS data set encryption
IBM Systems magazine, Mainframe - July/August 2019 - 55
IBM Systems magazine, Mainframe - July/August 2019 - Beyond the Box: z/VM Senior Software Engineer Brian Wade finds similarities between his job and his life as a pilot
IBM Systems magazine, Mainframe - July/August 2019 - Cover3
IBM Systems magazine, Mainframe - July/August 2019 - Cover4
IBM Systems magazine, Mainframe - July/August 2019 - Reference Point - Global Events, Education, Resources for Power Systems
IBM Systems magazine, Mainframe - July/August 2019 - 2019 Mainframe Solutions Edition Product Index
IBM Systems magazine, Mainframe - July/August 2019 - SE2
IBM Systems magazine, Mainframe - July/August 2019 - SE3
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20201112
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200910
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbookmedia.com