There are many ways to skin a cat.
You can rely on industry standards like certificates and CA's.
You can also use your own methods.
You can use both. Yes, double security.
What I could do:
1. Establish some secure file transfer. It can be FTPS, sftp, commercial
MFT applications like Sterling Connect, MQ MFT, etc.
2. Just to sleep better I would also encipher the dataset before it is
sent. Again, it can be done using commercial tools like Encryption
Facility or Megacryption or other. Of course it is feasible to encrypt
dataset using your own tools.
Why two methods?
Well, both are safe ...until someone made a mistake. Assuming some
separation of duties it would be more idiotproof and proof of malicious
insider.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 22.07.2021 o 16:07, Colin Paice pisze:
I was wondering the best way customers send sensitive data between z/OS
images.
I was thinking about exporting one's private certificates.
1. I can create a dataset of the private certificates on system 1 and
have it encrypted. I can send it to the other system. How can I decrypt
it on the remote system as it needs shared certificates? It seems a
chicken and egg problem
2. I can put a password on the file through JCL and use FTPS to send
it. This could easily be broken
This is hypothetical, but I would be interested in how to do it.
Colin Paice
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
