As we wrap up Cybersecurity Awareness Month, it wouldn’t be complete without touching on the importance of key management.
The key management journey begins with the need to protect data. Data breaches continue to grab headlines and cost companies millions of dollars.
Encryption is an impactful way to protect data and enterprise-wide encryption strategies have continued to increase from year to year. However, the safest door in the world can become useless if the keys to that door are lost, stolen, or otherwise compromised. In other words, data is only as secure as the keys that are protecting it.
When implementing encryption strategies, it becomes vital to have a key management strategy in place. Unified Key Orchestrator for IBM® z/OS® (UKO for z/OS®) is a key management solution that was initially borne out of the need to support key management for dataset encryption. Since its inception, UKO for z/OS®, previously known as Enterprise Key Management Foundation – Web Edition (EKMF Web), has expanded to not only provide centralized key management on-premise but also across hybrid multiclouds from a single pane of glass. UKO for z/OS®, which is deployed as a z/OS software, also now aligns with IBM’s SaaS offering, IBM Cloud Hyper Protect Crypto Services with Unified Key Orchestrator.
The release of UKO for z/OS® V3.1 builds upon the capabilities of EKMF Web and introduces:
· An updated, award-winning user interface that provides visuals of key expiration statuses, managed key states, and encryption statuses of datasets.
· Additional access controls with the introduction of secure repositories for cryptographic keys and keystores known as vaults. Vaults can support multi-tenancy by being used to define access at the business level.
· Key rotation support for applicable cloud KMS and z/OS KMS agent-based keystores that can rotate keys on demand in accordance with policy standards.
· Bring Your Own Key (BYOK) to Google Cloud (in addition to previously supported BYOK to IBM Key Protect, Microsoft Azure, and Amazon AWS)
UKO for z/OS® is designed to enable clients to scale key management workloads with their enterprise by providing a central dashboard from which to manage keys across a variety of endpoints (both on-premise and in the cloud). Keys are generated on a FIPS140-2 Level 4 certified, tamper-responsive cryptographic hardware. The central repository database supports the need for long term access and availability of keys. Audit logging and the various types of access controls also support the need for security and compliance when managing encryption keys. In providing the types of features and capabilities mentioned, UKO for z/OS® aims to address the key management challenges seen today: scalability, key lifecycle management, availability, and auditability and compliance.
Learn more about Unified Key Orchestrator for IBM® z/OS® and how it can support enterprise-wide encryption strategies with the following resources:
Announcement
UKO for z/OS webpage