Confidentiality in IBM MQ

You can implement confidentiality in IBM® MQ by encrypting messages.

Confidentiality can be ensured in an IBM MQ environment as follows:

After a sending MCA gets a message from a transmission queue, IBM MQ uses TLS to encrypt the message before it is sent over the network to the receiving MCA. At the other end of the channel, the message is decrypted before the receiving MCA puts it on its destination queue.
While messages are stored on a local queue, the access control mechanisms provided by IBM MQ might be considered sufficient to protect their contents against unauthorized disclosure. However, for a greater level of security, you can use Advanced Message Security to encrypt the messages stored in the queues.