To discuss Mainframe Encryption, one must first start off with encryption – what it is, why it’s so important and what it can do for an organization’s data security needs.
Encryption is the process of encoding data or messages in a way that those without access can’t read the data while still allowing authorized folks the ability to do so. Encryption focuses on protecting the data rather than protecting access to the data. Of course, protecting access to the data is also an important part of a secure system but it’s just not the focus of encryption.
Encryption uses algorithms to turn “plaintext” data into unreadable “ciphertext”. Typically, and especially so in PGP encryption, the process of encrypting data is done with the use of a set of keys. One key will be used in association with the encryption algorithm to encrypt the data and the other key will be needed to decrypt the ciphertext data. We will talk more about keys while discussing PGP encryption towards the end of this page and throughout this website. Again, one of the main benefits of encryption is that even if an unwanted person were to gain access to the ciphertext, the proper key would still be needed to decrypt the data into readable plaintext data.
No matter where the data is stored or sent, it’s much easier to keep the key out of the wrong hands than it is to do the same with the data. So when do you think is the best time to secure all your organization’s data? When it’s on the move? Before it’s in transit? When it’s being compressed for transit? At all times? I would vote for “at all times” myself and there’s a way to do that without constantly fighting the uphill battle of making sure every piece of data is secured. PGP provides the best encryption option that can secure data at rest and data in motion and E-Business Server™ is the most versatile application of PGP encryption. E-Business Server will use PGP to compress and secure all data at all times automatically.
Like everything else in the world, there are different options for encryption. I could write about all the different encryption methods, but to save us all some time, I’m going to focus on the very best option for both mainframe encryption and cross platform encryption: PGP. E-Business Server utilizes PGP and can be utilized on any platform, including the z/OS mainframe, for an organization’s encryption needs. Because it is the preeminent solution for the mainframe encryption dilemma, it only makes sense to include a little information about PGP encryption here.
PGP Encryption: An Introduction
PGP encryption is used for data security and works in conjunction with public and private key pairs to validate and verify the right person has access to the data. When PGP is used to secure data, the encrypted data itself can fall into the wrong hands without concern. Some of the added benefits of PGP are cryptographic privacy, authentication and compression. PGP compresses data by up to 50% which will help take added pressure off the network when sending the encrypted message and aid in overall system security.
For PGP encryption to work when sending encrypted messages between parties, both the sender and recipient must be using the same PGP settings that control the features and algorithms used for the data encryption. If, for instance, the sender is using the latest and greatest PGP and the recipient is not, even with the proper private key, there will be no way to decrypt the message and data. This highlights the benefit of both parties utilizing the same encryption tool. In fact, many large organizations insist that companies doing business with them use the same encryption product to alleviate any potential concerns. When I provide details on the best PGP encryption product, one which many of the largest organizations utilize themselves, some benefits of both the tool and PGP will be discussed further.
PGP Encryption Method
Amazingly, the method PGP uses to encrypt data is not all that complicated but how it actually works is incredibly complex. I’ve provided a process map explaining how PGP works from Wikipedia to help visualize this.
Public-key cryptography plays a major role in PGP. To send or receive encrypted messages through PGP or any other encryption method utilizing public-key cryptography, the user must have a public and private key pair. These key pairs are mathematically linked and created by an algorithm, however, it’s computationally infeasible to figure out the private key from the public key of a key pair.
The process of encrypting data using PGP is as follows (all tasks are performed using a PGP encryption software): generate a random key and encrypt the data using that key. Then, encrypt the random key using the recipient’s public key. This results in encrypted, secure data and an encrypted random key. Once this is sent and received by the intended recipient, the data is decrypted.
To decrypt the data, the steps used to encrypt the data are basically reversed. First, the recipient must decrypt the encrypted random key using their private key. Once the random key is the same as it was at the beginning of this process, it is used to decrypt the data. That’s it! The data will be readable and usable. As I mentioned before, the same algorithms and PGP features must be used to encrypt and decrypt the data.
An important feature of PGP is that instead of sending data from a place to a place, it’s sent from a specific person to another specific person! This allows for confidentiality when needed, message authentication and integrity checking. For these reasons and many more, PGP will help your organization win the fight against both external and internal threats. And remember, E-Business Server is a phenomenal PGP encryption tool that can do all this and more.
After this quick discussion, I’m sure you can appreciate why encryption is an absolute necessity for every organization that possesses critical data. Most enterprise-level organizations utilize mainframes for their most important data and computing needs and encryption is just as critical on a mainframe as it is on any other platform. There exists a myth that mainframes are the safest computers because they are inherently safe. This myth has no doubt caused many businesses an unbelievable and utterly preventable cost.
Here are a couple actual reasons the mainframe is a bit more protected and even “safer” than other platforms. Mainframes typically aren’t as interconnected as other computing systems and platforms tend to be. Also, access to a mainframe is extremely restricted within organizations which helps to cut back on operator error and internal threats. By no means does this mean mainframe encryption and security as a whole is optional. If anything, it’s just the opposite and even more resources should be utilized to make sure your organization’s mainframe is safe and secure.