What is pervasive encryption for IBM Z?

Related information

Pervasive Encryption for IBM Z® is a consumable approach to enable extensive encryption of data in-flight and at-rest to substantially simplify encryption, and reduce costs associated with protecting data.

Pervasive Encryption for IBM Z® can be used in conjunction with full disk and tape encryption, database encryption, and application encryption.

Full disk and tape encryption

Full disk and tape encryption protects against intrusion, tamper or removal of physical infrastructure.

File or data set encryption

File or data set encryption is managed through z/OS®, and provides simple policy controls that allow clients to protect data in mission critical databases including DB2®, IMS™ and VSAM. Additionally, z/OS data set encryption gives clients the ability to eliminate storage administrators from the compliance scope.

Database encryption

Database encryption provides selective encryption and granular key management control of sensitive data.

Application encryption

Application encryption is used to encrypt sensitive data when lower levels of encryption are not available or suitable.

z/OS provides the following capabilities for pervasive encryption: z/OS data set encryption, z/OS Coupling Facility encryption, and z/OS Encryption Readiness Technology (zERT).

For access to interactive resources related to Pervasive Encryption for IBM Z®, see Pervasive Encryption for IBM Z .