|
View previous topic :: View next topic
|
| Author |
Message |
Samir Mishra
New User
Joined: 01 Jun 2009
Posts: 11
Location: Bangalore
|
|
|
|
Hi Everyone,
I would like to know whether we have any IBM routines available to scramble the data and encrpt them? What I want to achieve is to copy data from one VSAM file to another but only after I scramble and encrypt the data from the source file.
If there are no IBM routines available could any one suggest one very viable method to achieve the afore mentioned goal?
Thanks,
Samir |
|
| Back to top |
|
 |
expat
Global Moderator
Joined: 14 Mar 2007
Posts: 8796
Location: Welsh Wales
|
|
|
|
| Have you read about REPRO - I am sure that there is something about cryptography in there somewhere. I've never used it, so I'll leave it up to you to investigate. |
|
| Back to top |
|
|
MBabu
Active User
Joined: 03 Aug 2008
Posts: 400
Location: Mumbai
|
|
| Back to top |
|
|
Samir Mishra
New User
Joined: 01 Jun 2009
Posts: 11
Location: Bangalore
|
|
|
|
| I haven't used REPRO for scrambling the data and also couldn't find any information on REPRO being used for any cryptography... So the question still remains... how do I scramble data from a VSAM File? |
|
| Back to top |
|
|
Samir Mishra
New User
Joined: 01 Jun 2009
Posts: 11
Location: Bangalore
|
|
|
|
Hi MBabu,
The requirement is to copy Production data into a test region after scrambling the demographics of a customer... I initially tried to write a COBOL program but the scrambling and encrypting doesn't seem to be hard core enough...
Samir |
|
| Back to top |
|
|
MBabu
Active User
Joined: 03 Aug 2008
Posts: 400
Location: Mumbai
|
|
|
|
| If you just want to change things like ages, tax numbers, and things like that, then a cobol program that just makes up data at random within some defined limits should work fine. Encryption would make the data unreadable by your target programs. |
|
| Back to top |
|
|
Samir Mishra
New User
Joined: 01 Jun 2009
Posts: 11
Location: Bangalore
|
|
|
|
| So, do you mean to say that we don't have any IBM routines that can be used for data scrambling purposes? Actually I wanted a universal kind of a platform which could be used for scrambling... something that's available at every vendor mainframe to be used and executed... A COBOL program can definitely be written... but I was looking out for a way to make use of any available resource... |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
You could not have posted the question in a worst way,
what You are asking for is "Data Masking"
there are commercial tools to do that...
data scrambling and encrypting will not create a field with the same properties as the source one
data masking is not the simple issue of shuffling bits around..
serious data masking implies rebuild an output dataset with the same overall properties...
for numerics, for example, the masked amount should be of the same sign and whitin some application defined range
there might be the requirement that the masked fields retain the same overall sequence,
in a more sophisticated environment there might also be the need to maintain the same statistic properties and so on
better find out the exact requirements and rely on standard tools
by the way IBM does provide encryption routines,
a complete environment for cryptographic management of files
and machine instruct for encrypting and decripting
see the POP for the KM and KMC
| Quote: |
| encrypting doesn't seem to be hard core enough... |
Your algorithm was not hard core enough, or plain wrong |
|
| Back to top |
|
|
MBabu
Active User
Joined: 03 Aug 2008
Posts: 400
Location: Mumbai
|
|
|
|
| Thanks Enrico. I don't know the correct terminology either, but your 3rd paragraph is what I was referring to by the phrase "within some defined limits" |
|
| Back to top |
|
|
Samir Mishra
New User
Joined: 01 Jun 2009
Posts: 11
Location: Bangalore
|
|
|
|
Yes Thanks a lot Enrico...
Even I didn't know the exact term to be used for my requirement...
Can you exemplify any program available in a standard mainframe installation to be used for data-masking... Like just pass an input field example name "SAMIR" into the program and and it returns with a masked name... or like you mentioned in your 3rd paragraph... it would always return with the same result everytime...
And yes... your quote is correct... My requirements themselves aren't hard core enough... how can encryption or anything else be... I'm still working on the document...  |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
| Quote: |
| My requirements themselves aren't hard core enough |
the requirements are just incomplete or badly specified...
the Xness ( hard core index ) is a useless indicator
when masking data an organization must ensure compliance with data protection legislation and governing bodies like ...
HIPAA --> Health Insurance Portability and Accountability
SOX --> Sarbane Oxely act
PCI DSS --> Payment Card Industry (PCI) Data Security Standard
DPA --> Data Protection Act
just to quote a few of them
involve the upper management and not just shuffle bits
searching for data masking and the acronyms I posted should give Your organization a better idea of the complexity of the issue
and why it could be better to rely on an product which has already all the compliance cerifications
Your upper management might get in serious trouble for misjudging the complexity of the issue and all the legalese involved |
|
| Back to top |
|
|
Samir Mishra
New User
Joined: 01 Jun 2009
Posts: 11
Location: Bangalore
|
|
|
|
Thanks a lot Enrico.
I'll for sure get back to u once I'm on with this project... |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
good luck,
all depends on the complexity of the environment,
the type of data being processed,
if people outside Your organization are involved in testing
anyway the situation looks a bit scary to me
You will need strong management support and involvement
too many people are likely to get in trouble
depending on the business area of Your company I would ask for a security requirements review/audit
the final solution should be formally approved by the security officials |
|
| Back to top |
|
|
|
|
