Clients often access UTM services via open networks. This may give unauthorized persons the opportunity to read data from the line and obtain passwords for UTM user IDs or sensible user data, for example. To prevent this, openUTM supports the encryption of passwords and user data on connections to UPIC clients and on BS2000 systems additionally on connections to certain terminal emulations.

Encryption in openUTM not only serves to secure the data on the connection between the client and the server application, but it can also be used to limit access for clients and access to certain services. Up to two encryption levels are available for selection (AES-CBC or AES-GCM algorithm, see "Data access control").

When communication with USP-socket applications or HTTP clients TLS connections can be used to allow for encrypted exchange of messages between the communcsation partners. A transport system access point for TLS connections is setup with the statement BCAMAPPL ..., T-PROT=(SOCKET, ..., SECURE), see chapter "BCAMAPPL - define additional application names".