First Way to Secure Your Data
Encryption is the process of encoding information. Encryption is vital for protecting confidential information and expediting compliance with PCI-DSS, GDPR, HIPAA, SOX, other government regulations and state privacy laws.
Restricting access is sometimes sufficient, but encryption is stronger
What's Field Encryption used for?
Information that usually needs to be encrypted:
- Credit Card Numbers
- Personal Information, Medical information
- Account numbers, ID numbers
Segregate the way data is displayed:
- Clear text 5201 1234 5554 0830
- Masked **** **** **** 0830
- No data —————————-
Field Encryption supports a single Key Manager / single Token Manager for multiple Data Managers
iSecurity Field Encryption at a Glance
Compliance and Encryption
Encryption is also the way to ensure that sensitive data is presented in the way that suits the user, and the circumstances.
Those who are entitled to access your data will see the data in clear text, masked, scrambled, or not see it at all, as appropriate. PCI-DSS, HIPAA, GDPR and other regulatory bodies require encrypting sensitive parts of the data.
The iSecurity Field Encryption solution, part of the iSecurity suite, allows you to fully protect all sensitive data without modifying your software. A change that is done externally without changing the Level-Check of your file (i.e. Files remain intact), but is reflected in:
- Your programs, regardless of whether they use SQL or Native IO
- Any system utility including FTP, Query, DFU
IBM i 7.1 introduced the database exit program FIELDPROC. Using this feature for encryption makes it part of the database capabilities and eliminates use of additional files. iSecurity Encryption was designed after the FIELDPROC announcement and does not need to have backward capability with outdated technology – providing efficiency and simplicity.
- Files are never locked; they are available for application use even when encryption keys are refreshed.
- Supports all types of data: Character, Zoned Decimal, Packed Decimal, CLOB and BLOB. Supports null-capable data as well as non-null-capable data.
- Comprehensive Find Sensitive Fields system provides superior quality in searching based on iterations over partial estimation of size, type, name, text, etc.
- Works on a wrapper program, so does not require the program source.
- Optimized for data masking and consumes no CPU for decryption in such cases.
- KEK (Key encrypting Keys) as well as Data Keys can be automatically changed, unattended.
- In a multi-site environment, a single key manager can be set to support all sites, centralizing all key-related activity.
- Key Manager, Data Manager, and Token Manager can optionally be installed on different IBM i LPARs.
- Supports both Encryption and Tokenization.
- Policy driven security and limitation of capabilities ensures Separation of Duties.
- Comprehensive logs for tracing of activities.
- Full journaling system guarantees that any change in parameters is logged.
- Uses NIST encryption standards.
- Adheres to both GDPR, PCI and COBIT standards.
- 128-bit, 192-bit, and 256-bit AES encryption supported.
- Based on IBM Native APIs.