Home » Encryption » Field Encryption

iSecurity Field Encryption: Strong Encryption for IBM i

Field Encryption for IBM i Servers

Field Encryption for IBM i

iSecurity Field Encryption protects sensitive data using strong encryption, integrated key management and auditing. Encryption is vital for protecting confidential information and expediting compliance with PCI-DSS, GDPR, HIPAA, SOX, other government regulations and state privacy laws.

Filed Encryption for IBM i
Play Video

iSecurity Field Encryption Key Features

  • Files are never locked; they are available for application use even when encryption keys are refreshed.
  • Supports all types of data: Character, Zoned Decimal, Packed Decimal, Clob and Blob. Supports null-capable data as well as non-null-capable data.
  • Comprehensive Find Sensitive Fields system provides superior quality in finding based on iterations over partial estimation of size, type, name, text, etc.
  • Get trillions of encryption combinations that each can be decrypted to its original value.
  • Works on a wrapper program thus does not require the program source.
  • Optimized for data masking and consumes no CPU for decryption in such cases.
  • KEK (Key encrypting Keys) as well as Data Keys can be automatically changed, unattended.
  • In a multi-site environment, a single key manager can be set to support all sites, centralizing all keys-related activity.
  • Key Manager, Data Manager, and Token Manager can optionally be installed on different IBM i LPARs.
  • Supports both Encryption and Tokenization.
  • Maintains unencrypted sort settings that have been activated prior to encryption.
  • Policy driven security and limitation of capabilities ensures Separation of Duties.
  • Comprehensive logs for tracing of activities.
  • Full journaling system guarantees that any change in parameters is logged.
  • Uses NIST encryption standards.
  • Adheres to both GDPR, PCI and COBIT standards.
  • 128-bit, 192-bit, and 256-bit AES encryption supported.
  • Based on IBM Native APIs.

Data encryption is an increasingly essential element of effective computer security systems. It is the final layer of protection for your business-critical data from those who managed to pass through other protection techniques that you may have. So, even if the data is accessed, it is entirely meaningless.

Encryption is also the way to ensure that sensitive data is presented in the way that suits the user, and the circumstances. Those who are entitled to access your data will see the data in clear text, masked, scrambled, or not see it at all, as appropriate.

PCI-DSS, HIPAA, GDPR and other regulatory bodies require encrypting sensitive parts of the data.

Raz-Lee Security’s iSecurity Field Encryption solution, part of the iSecurity suite, allows you to fully protect all sensitive data without modifying your software. A change that is done externally without changing the Level-Check of your file (i.e. Files remain intact), but is reflected in:

  • Your programs, regardless of whether they use SQL or Native IO
  • Any system utility including FTP, Query, DFU
  • DB-Journal

IBM i 7.1 introduced the database exit program FIELDPROC. Using this feature for encryption makes it part of the database capabilities and eliminates use of additional files. iSecurity Encryption was designed after the FIELDPROC announcement and does not need to have backward capability with outdated technology – providing efficiency and simplicity.

A known disadvantage of the wonderful FIELDPROC capability is that if the commonly used command Change Physical File (CHGPF) with the SRCFILE parameter is used against an encrypted file, the file becomes decrypted without any warning. iSecurity Encryption has been designed with a checks and balances system to prevent CHGPF with SRCFILE option from causing all Field Procedures to decrypt all the encrypted data in the file. Before being processed, the user (if in an interactive session) or the QSYSOPR must confirm the action. Even when confirmed, an alert is sent as a further measure of security. If the user is not allowed to see the decrypted data, iSecurity Field Encryption stops the process of CHGPF.

In addition, an independent “Watch-Dog” system ensures that encryption of fields is in place. It is possible to define which encrypted fields alerts should be sent about.  A special option allows to set it so that it will be alerted only after the first encryption.

A fully comprehensive system is provided to help you discover ALL your sensitive fields. All database fields are considered and the product offers selection aids based on field size, name, text, and column headings. This prevents a situation where sensitive data is kept in the clear in a forgotten, copied version of a file.

Unique design provides a more efficient product, which ensures that making your data safer does not require you to invest in additional resources.

With iSecurity Encryption:

  • Files are never locked; they are available for application use even when encryption keys are refreshed.
  • Supports all types of data: Character, Zoned Decimal, Packed Decimal, Clob and Blob. Supports null-capable data as well as non-null-capable data.
  • Comprehensive Find Sensitive Fields system provides superior quality in finding based on iterations over partial estimation of size, type, name, text…
  • Get trillions of encryption combinations that each can be decrypted to its original value.
  • Saves time – Copy the definitions Defining who can see decrypted fields: This is based on the current user of the job, BUT exceptions can be given based on the program that is used, the record format of the display file and through an API.
  • Works on a wrapper program thus does not require the program source.
  • Optimized for data masking and consumes no CPU for decryption in such cases.
  • KEK (Key encrypting Keys) as well as Data Keys can be automatically changed, unattended.
  • In a multi-site environment, a single key manager can be set to support all sites, centralizing all keys-related activity.
  • Optimized to display the standard masked data. Choosing this option greatly reduces performance impact.
  • Key Manager, Data Manager, and Token Manager can optionally be installed on different IBM i LPARs.
  • Supports both Encryption and Tokenization.
  • Maintains unencrypted sort settings that have been activated prior to encryption.
  • Policy driven security and limitation of capabilities ensures Separation of Duties.
  • Comprehensive logs for tracing of activities.
  • Full journaling system guarantees that any change in parameters is logged.
  • Uses NIST encryption standards.
  • Adheres to both GDPR, PCI and COBIT standards.
  • 128-bit, 192-bit, and 256-bit AES encryption supported.
  • Based on IBM Native APIs.

iSecurity PGP Encryption: Protecting Files in Transfer

PGP for IBM i Servers

Encryption PGP regulatory compliance check for iseries

iSecurity PGP Encryption allows you to encrypt files that are transferred to the cloud or to encrypt files on the cloud that are to be transferred to on-premises.

iSecurity PGP Encryption Key Features

  • Helps protect sensitive IBM i data.
  • Secures e-mail communications with automatic, policy-based message encryption.
  • Supports regulatory compliance requirements.
  • Prevents the need for manual processes to first transfer files to a PC and then encrypt them.
  • Ensures real end-to-end encrypted transmissions.

These days, everyone and everything is interconnected on the web, so security breaches easily become widespread. Transferring files between devices multiplies the risk of data being exposed to unauthorized entities. So files must be encrypted from source to target- oftentimes between different platforms, environments and devices- with the highest level of efficiency and accountability.

The world has chosen PGP to be the standard for file encryption; indeed file encryption is a basic requirement for industry regulations such as PCI-DSS, HIPAA, SOX, FDA and others.

Raz-Lee’s PGP for File Encryption solution allows users to encrypt IBM i files using a public encryption key. The product supports multiple encryption algorithms, including AES and TDES. Only users possessing the correct private key can decrypt and open the protected files. The product also provides key management capabilities, enabling users to create, import, and export the keys needed to encrypt and decrypt files.

Raz-Lee’s PGP implementation provides a wide set of CL commands which cover virtually all aspects of PGP, including encryption, decryption, signing, identifying fingerprints, creating key pairs, import, export, keeping key stores and more.

PGP for File Encryption supports unlimited sets of definition parameters to preserve different settings that may be required for different uses. A simple CL program can then be created and made part of the regular process. This eliminates manual processes and ensures that the entire transmission is encrypted end to end.

Files can be automatically encrypted and transmitted to recipients.  Received files can be automatically decrypted and processed by user applications.

PGP encryption uses a combination of encryption methodologies such as hashing, data compression, symmetric-key cryptography and public key cryptography to keep data secure. 

This process can be used to encrypt any type of Native or IFS file or directory.

  • Helps protect sensitive IBM i data
  • Helps secure e-mail communications with automatic, policy-based message encryption.
  • Supports regulatory compliance requirements
  • Prevents the need for manual processes to first transfer files to a PC and then encrypt them
  • Ensures real end-to-end encrypted transmissions