End-to-end, message-level security for IBM MQ environments
IBM® MQ Advanced Message Security extends the security features available in IBM MQ by providing end-to-end message-level security through signing and encryption. It can help ensure the integrity and privacy of all messages, even when they are at rest in queues. IBM MQ Advanced Message Security enables enterprise-wide, remote management of security polices and can be deployed to existing production environments without changes to existing IBM MQ applications.
IBM MQ Advanced Message Security is available as a separate entitlement or through IBM MQ Advanced.
IBM MQ Advanced Message Security includes:
- End-to-end, message-level security that offers data protection for your point-to-point messaging infrastructure.
- Data encryption and authentication that provides security-rich data transport throughout the messaging cycle.
- Centralized policy capabilities that help enforce message security standards and aid compliance.
- Integration with IBM MQ and other products for easy use with your existing messaging backbone.
End-to-end, message-level security
- Provides application-level, end-to-end data protection for your point-to- point messaging infrastructure, using either encryption or digital signing of messages.
- Supports Hardware Security Modules (HSM) for tamper-proof key storage.
- Uses data encryption, authorization policies and authentication with digital signatures.
- Allows security at the message level, instead of at the queue or connection level.
- Uses public key infrastructure (PKI) technology to provide authentication, authorization, confidentiality and data integrity services.
Data encryption and authentication
- Encrypt messages at the point of inception and keep them encrypted and unable to be modified until they reach their final destination.
- Strengthen data privacy by prohibiting messages from being read in plain text, including in memory, in data queues, in log files and in trace processes.
- Work with message headers in plain text for proper routing by the queue manager.
- Decrypt and authenticate messages only at their final, authorized destination.
- Use digital signatures to verify message origin and integrity.
Centralized policy capabilities
- Provide centralized, remote management of message security policies for mainframe and distributed servers.
- Enable administrators to specify a range of messaging restrictions, such as authorizing signers and recipients of messages on specific queues.
- Manage and enforce messaging policies using the graphical IBM MQ Explorer tool or command line tools.
- Configure message-level security policies that assist with your auditing and compliance requirements.
- Comprehensive security without writing complex security code or modifying or recompiling existing applications.
Integration with IBM MQ and other products
- Integrates with existing IBM MQ, IBM MQ Managed File Transfer and IBM Integration Bus deployments and applications for additional security.
- Built-in to IBM MQ, eliminating the need for a separate product installation.
- Integrates with IBM MQ Managed File Transfer, providing an end-to-end secure messaging solution for file contents.
- Speeds deployment by eliminating the need for additional servers, daemon processes or changes to existing applications.
- Eliminates complex, time-consuming configuration often required with additional security management systems.