You are currently on IBM Systems Media’s archival website. Click here to view our new website.

MAINFRAME > Storage > Data Management

Encrypt and Protect

IBM Tivoli Key Lifecycle Manager solves security problems and meets new standards


The Risks of Data Storage

“Organizations are just now waking up to some of the problems encryption can solve,” Arnold says. It used to be the idea that a physical data center with physical security could provide enough comfort for organizations, but the introduction of networking and the recognition of the mobility of storage media—plus the high-profile data breeches that exposed organizations to public-relations nightmares and extensive notification costs—have prompted more interest in the encryption market.

Thus, IBM introduced encryption on tape drives in 1996, with the first users being mostly large financial-sector customers. IBM used a combination of public-private key cryptography and symmetric cryptography in what’s called a wrapped-key method to protect tapes. “We used the pair of public-private keys to wrap the symmetric keys that encrypt the data. That pair of wrapped, encrypted keys is stored in multiple places out on the tape cartridge,” Arnold says. “What’s interesting is it greatly reduces the risk of loss or operational complexity.”

Benefits of this method abound. First, key management is simplified. For example, say you have 100,000 tape cartridges. Instead of managing 100,000 keys, you can instead manage a handful of keys that are wrapping keys instead of the symmetrical keys. Second, the problem of secure-data sharing is solved. Rather than sending the tape and key together, the public key for the partner is used to protect the encryption key, thus eliminating the need to send keys in separate packages or other complexities of secret key distribution, Arnold says.

“The method IBM created eliminates the need for sending the key because we’re using public-private cryptography to send it. The magic of public-private key cryptography is I can publish a key that anybody can read, but only I can read the data that’s been encrypted by that key,” Arnold says. “Public and private keys come in pairs; if I don’t have the private key, the public key does me no good. I can encrypt data using the public key, but I can’t read it unless I have the private key.” Arnold says the method’s been widely used in the financial industry to share data with federal regulators around money laundering, antiterrorism or other disclosure requirements they must meet.

Tami Deedrick is the former managing editor of IBM Systems Magazine, Power Systems edition.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Finding the Perfect Fit

IBM System Storage Easy Tier tailors SSDs for your workloads

Encrypt and Protect

IBM Tivoli Key Lifecycle Manager solves security problems and meets new standards

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters