This document describes the options available for encrypting data in an IDMS database.

Modern security attitudes dictate that encryption is becoming a more pressing concern in database implementations. This article summarizes the possibilities within IDMS.

Release: All supported releases.

The only component within IDMS specifically designed for encrypting data is the support of the Pervasive Encryption introduced at z/OS 2.3. However, this requires that the database files use VSAM as the file access method. For more information, see Using Pervasive Encryption with CA IDMS.

Using VSAM as the file access method in an IDMS database is much less prevalent than the standard IDMS method, EXCP against PS datasets. It is more widely used at VSE sites. For documentation on converting from one file access method to another, see Changing the Access Method of a File.

(Note: Some IDMS functionality does not support native VSAM files, for example file caching as is documented at DMCL Statement (scroll down to Caching Files in Memory). Support for native VSAM files (each VSAM record is read as a record in IDMS) and using VSAM as the access method (each VSAM record is an IDMS database page) are two very different things, and so functionality being documented as not supporting native VSAM does not mean it does not support VSAM as the access method.)

IDMS also has compression options which while they are not specifically designed for encryption, they can effectively be used to do so. However, these compression options can only compress the data beyond the last key field (index or calc) in a database record layout, and cannot be used to compress data in an SQL defined database.

There is also a third-party tool available - MegaCryption for IDMS from ASPG.