NEWSTEST DESIGNSafeguarding Mainframe Data in an Era of Continuous Breaches

With the integration of CA RC/Extract for Db2 for z/OS and CA Test Data Manager, you can now elevate the security of your mainframe Db2 data through intelligent masking capabilities.
Avatar John ConnerJanuary 20, 20205 min

Contributed by John Connor and Jeff Hughes

Willie Sutton, the famous bank robber once purportedly was asked why he robbed banks. He evidently said, “I rob banks because that’s where the money is”. The same logic can be applied to data on the Mainframe. Why would someone try to compromise mainframe security? Because that’s where the data is!

Did you know that approximately 80% of the world’s corporate data still resides on the Mainframe? With all the distributed technology these days, we tend to think that data, especially sensitive customer data, would be housed in the cloud or on servers somewhere. But digital transformation is driving the need to expand or extend access to your mainframe systems, requiring increased hyper-diligence in safeguarding personally identifiable (PII) data.  Fortunately, with the integration of CA RC/Extract for Db2 for z/OS and CA Test Data Manager, you can now elevate the security of your mainframe Db2 data through intelligent masking capabilities.

Mainframe Db2 data must frequently be extracted from one environment to another (such as from production systems to test environments). This new capability from Broadcom ensures that the extracted data remains secure through intelligent data masking — a unique method of creating a structurally similar but inauthentic version of an organization’s data.  With this new capability, you can specify the columns of data to be masked either in-flight or in-place. Additionally, you can define and subset Db2 data as part of the data masking process.

CA RC/Extract for Db2 for z/OS is a comprehensive data extraction utility that helps you build test environments and simplify data archiving. The product automates the act of extracting a subset of referentially intact data from one set of DB2 objects and loading it into another set of objects. Now for some more technical specifics:

The main function of RC/Extract is to fetch data from a particular set of tables and load it into another set of similar tables. It is a preferred tool of customers to generate data for testing in development environment from production databases. To make this generation of test data secure and reliable, RC/Extract has an inbuild feature which masks the extracted data and converts it into random values. The data retains the same attributes (character text is still character text, numerics remain numerics, dates and times are valid dates and times), but the sensitive data values are protected. You can keep data secure after it has been extracted from DB2 to tape or sequential files. 

 Cascading data masking is provided for primary and foreign key fields, so you can protect your data without compromising the relational integrity of the data. When you specify data masking for a primary or foreign key column, it is automatically applied to all referentially related columns in an RI structure when the extract object is processed. This applies to all tables in an RI structure, regardless of which table you specifically mask. For example, if you mask the foreign key in a child table, the primary key in the parent table is also masked. You can watch a 6 minute demo on how this done here. The next step is to mask the extracted data. This is where Test Data Manager come in.

Via an API, Broadcom Test Data Manager (TDM) can mask the extracted data either in-flight or in-place. TDM helps organizations automate test data management, deliver test data faster, mask sensitive data, create synthetic test data from scratch, shorten test cycles from weeks to days, and improve compliance. Having masked data helps organizations achieve and demonstrate greater compliance with numerous regulations that require sensitive data to be safeguarded at all times.

Further, the quality of your applications depends on thorough, continuous testing. Timely testing depends on having the right data, at the right time, and in the right format. As today’s testing and development teams move towards an agile approach, the time available for testing is compressed. Testing is often out of step with the demands of software development. Test Data Manager helps organizations automate test data management, deliver test data faster, create synthetic test data from scratch, shorten test cycles from weeks to days and improve compliance. The following graphic summarizes this new solution and its benefits.

To take advantage of this new capability, customers must have licenses for all of the following software components:

  • CA RC/Extract for Db2 for z/OS – Version 20.0 with PTF number SO11079 applied
  • CA Test Data Manager 5.4.18 for the mainframe
  • CA Test Data Manager 4.8.1 for distributed environments

For additional details, you can read more in the following CA RC/Extract for Db2 for z/OS documentation:

See the CA Database Management Solutions for Db2 for z/OS Release Notes for important information that may affect your ability to upgrade, install, access, and use the new features and enhancements in this announcement.

The mainframe and its data are still crucial to ongoing operations of any enterprise business. Because so much sensitive data resides on the mainframe, it’s imperative to deploy safeguards whenever data needs to be extracted. Having safeguards built into an extraction utility such as CA RC/Extract for Db2 for z/OS allows you to complete this task efficiently and securely.

Sign up for this webinar to learn more.

Avatar

John Conner