Encrypting Tape Storage
Taking the next step in mainframe-encryption capability.
Responding to Customer Requirements
Better tape security is a feature that many companies have sought to prevent the dangers inherent in tape distribution. Heeding this requirement, IBM* System z* developers and storage experts worked together to develop the latest offerings. "Customers are actively looking for tape encryption, given the current demands being made by governments, industries and boardrooms to secure sensitive information," says Mary Moore, System z security initiative leader in the IBM Systems and Technology Group. According to Moore, IBM has leveraged its experience with mainframe encryption. "Our strategists have worked with the storage team to provide this next step of encryption in the storage devices."
IBM's innovation in key management of the encrypted data is a crucial part of the tape-encryption solution. When an archived tape is needed five or 10 years from now, the key must be accessible. What better place to house your encryption keys than the mainframe. Welcome to the streamlined world of data encryption and decryption.
In IBM's view, it's all about key management. "The difficult problem isn't the encryption," says Peter G. Sutton, System z strategy lead for core technologies, IBM Systems and Technology Group. "It's if you have an encrypted tape, how to read the tape? How do you get the keys to open it up?" Key management is a thorny issue at most companies. For instance, you may have a workable key-management procedure, but how do you explain it to new IT staffers? How can you explain it to the auditors? With IBM's tape encryption with z/OS key management, the answer is fairly straightforward.
"The real goal is to have encryption and a simple key-management system that allows you to encrypt tapes securely, but not worry about key management - either where the keys are stored or which keys get applied to which tape," Sutton says.
Does IBM's Innovation Work?
"We've done a bold stroke that helps simplify the problem," says Sutton. "Public-key cryptography gives us a tool set that lets us really simplify the process of key management. With each of the tapes produced, you can use a unique key on the tape. Using public key cryptography, you can conceal these unique keys and leave them right with the tape cartridge. So the tape cartridge itself becomes the mechanism for moving the keys around and not losing them. The public-key infrastructure that's inherent in z/OS becomes the way these tapes are opened up. From an auditability and key management point of view, you're not worried about those keys. You're worried about a few public key pairs."