|
As if corporate pressures alone were not enough to drive your organization to find better security solutions, legislative changes now force that obligation on you. With the introduction of Federal data security mandates such as Gramm-Leach-Bliley (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley (SOX), your enterprise is now required by law to increase data protection?and in a timely manner.
When it comes to mainframe security, leading products in enterprise server security management dominate the landscape - products such as RACF, ACF2, and Top Secret. However, once corporate data passes outside the firewall onto public networks - so that transactions with clients and business partners can take place - that data is susceptible to the malicious and unforgiving world of hackers and others seeking to intercept valuable data. Unfortunately, this is also a world of heterogeneous networks and operating systems, a world where RACF, ACF2, and Top Secret can?t provide protection.
Mainframe Data Security Options
Most of today?s solutions address some security requirements but remain partial solutions at best. Secure and dedicated lines, SSL, and VPNs are just a few examples of how data can be secured in transit; however, these options do not secure data beyond either end of a transmission or in storage. Once data leaves the secure connection and has been moved onto another system, it is no longer protected.
In addition to providing only partial protection, the above solutions are often expensive and difficult to implement and configure. Moreover, they have not been conducive to broad deployment and usage. These solutions typically:
- Are very complex to implement and support
- Require significant infrastructure investment
- Increase storage, processing, and bandwidth requirements for existing platforms and networks
- Impose significant infrastructure burdens on external partners and customers in order to achieve secure interoperability outside the fi rewall
In order to ensure data integrity, a security solution must provide protection while the data is both in storage and in transit. Government regulations require that certain types of data, such as consumer records and protected health information (PHI) are secure at all times. Instead of managing different rules for different types of data, more and more businesses are adopting similar rules for all types of corporate data. Such persistent security is the only truly complete security, as everything else leaves valuable information unprotected.
How it Works: Strong Password Based Encryption
Encryption protects the privacy of data. Regular, unprotected data is called plaintext. Encryption transforms plaintext into an unreadable form, called ciphertext, using an encryption key. Decryption transforms the ciphertext back into plaintext using a decryption key. The encryption of plaintext into ciphertext and the decryption back into plaintext is done using computer algorithms. Several algorithms have been approved under the Federal Information Processing Standard (FIPS) for the encryption of general purpose data. Each of these algorithms is a symmetric key algorithm, where the encryption key is the same as the decryption key ? specifically, a password or passphrase. In order to maintain the privacy of the data encrypted by a key, the key must be known only by the entities that are authorized to access the data. The algorithms used are commonly known as block cipher algorithms, because the encryption and decryption processes each operate on blocks of data of a fixed size.
Public/Private Key Asymmetric Encryption
Using public/private key asymmetric encryption provides a higher level of security compared to password-based encryption. Asymmetric encryption uses a publicly available key to encrypt data. Decrypting a file that has been encrypted with a public key requires the presence of the corresponding private key in order for decryption to take place. When the private decryption key (which is a data file) is appropriately protected, only a user who has access to the private key appropriate for his/her use can decrypt this sensitive data. There is only one matching private key for a given public key - a critical requirement for securing the data.
|
