Confidentiality in IBM MQ
We can implement confidentiality in IBM MQ by encrypting messages.
Confidentiality can be ensured in an IBM MQ environment as follows:- After a sending MCA gets a message from a transmission queue, IBM MQ uses TLS to encrypt the message before it is sent over the network to the receiving MCA. At the other end of the channel, the message is decrypted before the receiving MCA puts it on its destination queue.
- While messages are stored on a local queue, the access control mechanisms provided by IBM MQ might be considered sufficient to protect their contents against unauthorized disclosure. However, for a greater level of security, we can use Advanced Message Security to encrypt the messages stored in the queues.
- Messages stored on local queues can be encrypted at rest using
z/OS data set encryption.
See the section, confidentiality for data at rest on IBM MQ for z/OS with data set encryption. for more information.
Parent topic: IBM MQ security mechanisms
Related concepts