Now available in Db2 12: Db2 for z/OS support for z/OS data set encryption
ealameida 310002GWAR Visits (7146)
Starting in both Db2 11 and 12 for z/OS, we recently introduced support for z/OS DFSMS data set encryption, part of the Pervasive Encryption for IBM Z solution, to address the problem of access to data by unauthorized internal personnel. With DFSMS data set encryption, you can encrypt your data without application outages. Using this solution can significantly reduce the people and hardware costs associated with protecting data and achieving compliance mandates.
Db2 12 function level 502 (V12R1M502) introduces new Db2 policy controls for DFSMS data set encryption, which requires a key label to encrypt and decrypt the data. The key label is a string from 1 to 64 bytes that identifies a protected data key in the ICSF key repository. Function level 502 introduces enhancements to the Db2 system to make setting and viewing key label information easier and more integrated with the data sets associated with the catalog, directory objects, user objects, and active and archive logs.
All Db2 12 function levels support DFSMS data set encryption, assuming that APARs PI90288 and PI97037 are applied. However, to use the new policy controls, you must activate function level 502, which also requires that you update the Db2 catalog to catalog level 502. Applications that use any new SQL syntax must also run at the appropriate application compatibility level APPL
To implement the new encryption features, your security administrator, storage administrator, or database administrator enables z/OS DFSMS data se encryption on your Db2 12 data sets.
After the data sets are encrypted, you can run SQL statements and utilities with confidence that your data is protected.
Always get the latest news about Db2 for z/OS from the IBM lab! How to subscribe
Follow us on Twit