Data Protection for z/OS
An easily integrated, comprehensive encryption and tokenization solution for all z/OS environments, including native CICS APIs, HPE SecureData z/Protect eliminates complexity in mainframe data protection. It is simple to deploy and administer, without disruption to existing processes or heavy management overhead. This modernization of data protection for mainframe data reduces audit scope, and dramatically reduces the risk of data theft. Most importantly, it does so with minimal application impact.
HPE SecureData z/Protect delivers cost-effective security.
HPE SecureData z/Protect provides native encryption and tokenization services across z/OS environments, including CICS, IMS, DB2, MQ, and Batch. It provides comprehensive cross-application and cross-platform compatibility, speeding application implementation and security retrofitting, and minimizing training requirements. HPE SecureData z/Protect encrypts the sensitive data so that in the event of a breach, the hacker only has useless protected data.
HPE SecureData z/Protect reduces audit/compliance scope.
By taking sensitive data out of applications and thus reducing compliance scope, HPE SecureData z/Protect reduces costs. Since the resulting environment has a reduced number of in-scope applications, with no ability to decrypt or detokenize data without authorization, audit and compliance effort are reduced.
HPE SecureData z/Protect preserves and extends
As secure as the mainframe is, it needs new protections as the boundary blurs between its traditional data center and today’s highly connected but more risk-prone online transactional world. By making encryption simpler to deploy across a wide range of z/OS environments, the mainframe can now better serve the security and compliance needs of today’s businesses.
HPE SecureData z/Protect provides faster data protection without disruption to existing processes.
HPE Security- Data Security’s unique HPE Format-Preserving Encryption (FPE) protects data without changing its size or character set, so unmodified applications can process data in its protected form, and no database schema changes are needed. HPE FPE can encrypt specific data types within a database, and provides precise role-based data access control, which means no workflow changes are needed. FPE can encrypt specific data types within a database, and provides precise role-based data access control, which means no workflow changes are needed. HPE Secure Stateless Tokenization (SST) technology provides powerful, PCI scope reducing tokenization without the performance, consistency, and scale limits of traditional approaches.
Requires minimal or no program or data structure changes
Ensures compatibility with a wide range of
Minimizes application changes and limits live data access to trusted applications
Allows role-based data access
Builds on native z/OS security (RACF, ACF2, Top Secret) granular controls
Isolates via built-in z/OS and System z hardware facilities: cannot be subverted by flawed or malicious