SlideShare a Scribd company logo

Why Disk Level Encryption is Not Enough for Your IBM i

Download as PPTX, PDF
Precisely
Precisely

Full disk encryption may be the most used encryption strategy in practice today for data at rest, but it may not be the best choice for every situation.  File-based encryption is another form of transparent encryption that fills in the gaps where full disk encryption falls short. As companies look to leverage encryption as part of their security landscape, it can be tempting to just implement disk-level encryption. As security requirements continue to grow and compliance regulations become even more stringent for the IBM i environment, administrators are finding they need to implement encryption at the field level versus disk level encryption. Watch this on-demand webinar to learn: - What are the use cases for disk level and field level encryption? - How do I satisfy PCI compliance auditors' requirements for encryption? - What types of fields should be encrypted? -What are IBM i Field Procedures?

Technology
1 of 29
Why Disk-Level Encryption is not enough for Your IBM i Bill Peedle | Principal Sales Engineer
Today’s Topics • Benefits of encryption • Comparing encryption strategies • Field-level encryption on IBM I • Additional considerations • How Precisely can help 2
Why use encryption at all? 3 • Applications frequently use and store sensitive data such as confidential personal details, payment information, or proprietary data. • In some jurisdictions, this type of data is subject to governance, privacy, and security compliance mandates. • Unauthorized access of sensitive data or a failure to comply with a mandate often results in significant reputation damage and financial penalties. • Therefore, it is important to keep sensitive data secure to protect your corporate data from unauthorized access.
Protect your stored data with AES Encryption • The US government and agencies have accepted the Advanced Encryption Standard (AES) as a format standard (FIPS -197) for encrypting data in databases. • For PCI-DSS, HIPAA, and specific government privacy rules, AES is the preferred encryption method. • The encryption methods recognized by the National Institute of Standards and Technology (NIST) ensure that your data is protected to the highest standards. 4
5 Protect your encryption keys and data by keeping them separate If you keep your encrypted data and keys in the same place, it’s like placing your house key beneath the mat Security best practices require you to store encryption keys separately from your encrypted data and manage them with an encryption key manager
What is a key management server? 6 When encrypting fields in a file, an encryption key is required • Many customers use an external key manager to store and manage the master key as well as the encryption keys for the individual fields. • They may already have an external key manager for other platforms and can leverage that server for the IBM i encryption as well. • An example of an external key server would be Thales Cipher trust or Alliance Key Manager. There are others as well. • For those who do not want to support an external key manager on a Windows or Linux server, a local key store can be used on the IBM i to store and manage the keys. Third party encryption tools typically include a local key store for this use case.
Comparing encryption strategies
What is disk level encryption? 8 • On the IBM i, full disk encryption allows you to encrypt data that is stored in basic disk pools and independent disk pools • Full disk encryption protects data from several different threats: • Protects data transmission to and from the disk drive (important in a SAN environment) • Protects data transmission in the cross-site mirroring environment (only when the data being mirrored is on an encrypted independent disk pool) • Protects data in the case of theft of the disk drive
9 What is field level encryption? • Field procedures can provide field level (or column level) encryption on DB2 for IBM i • A field procedure is a user-written exit routine to transform values in a single column • When values in the column are changed, or new values inserted, the field procedure is invoked for each value • The field procedure can transform values (encode it) in any way. • The encoded value is then stored • When values are retrieved from the column, the field procedure is invoked for each encoded value. • The field procedure decodes each value back to the original value. • Any indexes defined on a column that uses a field procedure are built with encoded values. • The fields are encrypted at rest and will be decrypted when a database operation is performed against the file that has the field in it. • Fields can be ”masked” based on specific users or groups.
What is field level masking? 10 Individual fields can be “masked” in addition to being encrypted • One of the big benefits of field level masking versus disk level encryption. • For example, a Social Security Number (SSN) field can be masked so that: • Only certain users or groups can see the fully unmasked SSN data • Other users or groups can be masked to see only the last four digits of the field • Other users will see a fully- masked SSN Let’s use the Social Security Number 123456789 as an example • For users that need to see the full SSN such as a payroll administrator, the field is encrypted but gets decrypted on the fly and they can see the full number • For other users, you may decide that they should not see the full SSN, so in that case, you can mask the first 5 digits, so the SSN# would look like this: XXXXX6789 • You can mask the entire field for certain people or groups if appropriate, so the SS# would look like this: XXXXXXXXX
Field level masking • If the field in question is a numeric field, the mask will be the number 9. However, if the field in question is a character field, you can choose the character that you want to use for the mask. • For example, if you want to mask a credit card number that happens to be a character field, you can choose “X” or whatever other character you want to use for the mask. • Let’s use the credit card number 1234567890123456 as an example. If we decide to mask everything but the last 4 digits (or characters in this case), it looks like this: XXXXXXXXXXXX3456 • If you decide to mask the entire field, it looks like this: XXXXXXXXXXXXXXXX 11
Field-level encryption on IBM i
What does field level encryption look like on the IBM i? 13 The best way to see that the field or fields are encrypted on the IBM i is by leveraging the DSPFFD command. Below is an example of a social security number that is not encrypted:
What does field level encryption look like on the IBM i? 14 After encrypting a field with field level encryption, you will notice new attributes on the field called “Field Procedure Name” and “Field Procedure Library”. Below is an example of a social security number that is encrypted via a field procedure.
15 Field procedures are part of the IBM i OS. They can be used for other purposes but are primarily used for encryption and masking The best way to encrypt and decrypt fields with field procedures is to use a third-party interface that will develop the code for you, attach it to the field in question and help you to manage and track which fields are encrypted or decrypted and to set up the masking rules A field procedure is a procedure that can be written by hand and attached to the field, however, that can be a large undertaking How do I encrypt sensitive fields in a file? Working with Field Procedures
Implications with for field level encryption • While encrypting or decrypting a file, the IBM i requires an exclusive lock on the file until the encryption or decryption has completed. This means users need to be out of the file until the operation has completed. • For smaller files, this may not be an issue as you may be able to lock the file for a short period of time. However, for larger files, this process can take several hours. • In addition, many customers have requirements to “roll” the encryption keys periodically, which requires decryption and then re-encryption of the fields with a new key. • For legacy RPG-ILE programs, if the encrypted field is an index or key on the file, the sort order will be based on the encrypted data instead of the actual values. There are technologies that can help overcome this situation available on the market. Once you have decided on a tool to develop and manage field level encryption on your IBM i, there are some technical considerations:
Minimizing the downtime required to encrypt/decrypt fields 17 • In order to avoid the downtime required to encrypt fields in larger files, there are technologies that allow you to ”Encrypt while active”. • This technology allows you to make a copy of the file empty (using CRTDUPOBJ) into a temporary library. Once the file is duplicated, it can encrypt while it is empty. • The “Encrypt while active” technology will then copy all the records from the production copy of the file into the temporary copy. As they are being copied in, the records are encrypted. • This technology keeps the file in sync with ongoing changes since the file is still being used by end users and applications.
Minimizing the downtime required to encrypt/decrypt fields (cont.) 18 • Once you have a maintenance window and have users out of the file, the process that keeps the file in sync is ended, the old copy of the file can be moved out of production, and new encrypted version of the file can be moved into production. • The file is moved into production using the MOVOBJ command which simply updates the pointer to the location of the file from the temporary library to the production library. It does not perform a full copy of the data so the process is very quick. • The ”Encrypt while active” technology can save many hours of downtime on initial encryption, and then also during the roll of the key when the file needs to be decrypted and re-encrypted with a new key.
What can I do if I have legacy RPG-ILE programs that no longer sort correctly by an encrypted key field? There are technologies available to help with the sorting issues that may occur because of an encrypted key field in legacy RPG-ILE programs These technologies require access to your source code Handler software can be used to convert traditional record-oriented file access to SQL Query Engine (SQE) access Only one line of code is added to make this conversion Presentation name 19
Presentation name What can I do if I have legacy RPG-ILE programs that no longer sort correctly by an encrypted key field? (cont.) 20 • This is what the additional line of code would look like to handle the sorting issues in a legacy RPG-ILE program: • The handler program converts record-oriented reads into SQL access which corrects the sorting issues experienced by having an encrypted key in legacy RPG-ILE programs
Additional considerations
Field level encryption performance considerations 22 Any time you add a new process into the mix when dealing with database transactions, expect to have additional overhead on your IBM i processing time Since a program will get executed each time a new record is read to perform the decryption and then re-encryption, that will produce overhead Expect programs to run longer than they currently do when the fields are not encrypted Testing and benchmarking should be done so that you will know what impact the addition of field level encryption will have in your environment Performance is also dependent on the conditions of your system – additional resources may be required to support the additional overhead of encrypting fields in your database
How does field level encryption work with a HA/DR solution? • If you have a replication solution in place for high availability or disaster recovery in your environment, there are a few considerations • First off, the field procedure program needs to be included in replication. The best practice is to generate the field procedure in the same library as the file that has encrypted fields. • Depending on your third-party software solution for encryption, you should have the product installed and licensed on the HA/DR systems so they are ready to go for a role swap. • If you are using an external key manager, your HA/DR partition will need to be able to access the server as it did on the production system
So why is field level encryption better than disk level encryption? 24 Disk level encryption utilizes the same key for everything. If the key gets compromised, all the data on the system can be decrypted with one key Field level encryption can utilize a different key for every field, or every file depending on how you want to implement it. If one key gets compromised, the rest of your data is still protected Disk level encryption does not allow for masking individual fields, whereas field level encryption allows for masking to hide sensitive data from those that may have access to the file but shouldn’t be able to see the sensitive field data
How Precisely can help
Assure Encryption 26 Complete protection for data at rest and in motion • IBM i FieldProc exit program-based encryption • High performance encryption libraries • Built-in masking of decrypted data based on user or group • Simplifies and ensures secure encryption key management • Includes extensive data tokenization capabilities The only NIST-certified AES encryption solution for IBM i
Assure Encryption 27 Integrates with other applications and key managers • Encryption commands for Save Files, IFS, and much more • Extensive encryption APIs for RPG and COBOL • Native support for Townsend Security’s Alliance Key Manager • Integrates with any OASIS KMIP-compliant key manager
Questions?
Why Disk Level Encryption is Not Enough for Your IBM i

Recommended

Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxEncrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxNeo4j
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLMasahiko Sawada
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made EasyPrecisely
 

Recommended

Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxEncrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxNeo4j
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLMasahiko Sawada
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made EasyPrecisely
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made EasyPrecisely
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?HelpSystems
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management systemRabin BK
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeDharma Atluri
 
Formal Lecture.ppt
Formal Lecture.pptFormal Lecture.ppt
Formal Lecture.pptEqinNiftalyev
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakesJustin Black
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Encryption field and named credentials
Encryption field and named credentials Encryption field and named credentials
Encryption field and named credentials Vishesh Singhal
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICThe Linux Foundation
 
Top 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersTop 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersPrecisely
 
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADECreate a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADERocket Software
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossQuick Heal Technologies Ltd.
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Webinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBWebinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBMongoDB
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenPrecisely
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 

More Related Content

Similar to Why Disk Level Encryption is Not Enough for Your IBM i

Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made EasyPrecisely
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?HelpSystems
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management systemRabin BK
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeDharma Atluri
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakesJustin Black
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Encryption field and named credentials
Encryption field and named credentials Encryption field and named credentials
Encryption field and named credentials Vishesh Singhal
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICThe Linux Foundation
 
Top 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersTop 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersPrecisely
 
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADECreate a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADERocket Software
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossQuick Heal Technologies Ltd.
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Webinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBWebinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBMongoDB
 

Similar to Why Disk Level Encryption is Not Enough for Your IBM i (20)

Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made Easy
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management system
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
 
Formal Lecture.ppt
Formal Lecture.pptFormal Lecture.ppt
Formal Lecture.ppt
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakes
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Encryption field and named credentials
Encryption field and named credentials Encryption field and named credentials
Encryption field and named credentials
 
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICXPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGIC
 
Top 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i UsersTop 5 Encryption Myths for IBM i Users
Top 5 Encryption Myths for IBM i Users
 
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADECreate a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADE
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Webinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDBWebinar: Technical Introduction to Native Encryption on MongoDB
Webinar: Technical Introduction to Native Encryption on MongoDB
 

More from Precisely

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenPrecisely
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfPrecisely
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fPrecisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsPrecisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPPrecisely
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenPrecisely
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsPrecisely
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyPrecisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellencePrecisely
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation ManagementPrecisely
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowPrecisely
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckPrecisely
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformancePrecisely
 

More from Precisely (20)

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
 

Recently uploaded

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Why Disk Level Encryption is Not Enough for Your IBM i

  • 1. Why Disk-Level Encryption is not enough for Your IBM i Bill Peedle | Principal Sales Engineer
  • 2. Today’s Topics • Benefits of encryption • Comparing encryption strategies • Field-level encryption on IBM I • Additional considerations • How Precisely can help 2
  • 3. Why use encryption at all? 3 • Applications frequently use and store sensitive data such as confidential personal details, payment information, or proprietary data. • In some jurisdictions, this type of data is subject to governance, privacy, and security compliance mandates. • Unauthorized access of sensitive data or a failure to comply with a mandate often results in significant reputation damage and financial penalties. • Therefore, it is important to keep sensitive data secure to protect your corporate data from unauthorized access.
  • 4. Protect your stored data with AES Encryption • The US government and agencies have accepted the Advanced Encryption Standard (AES) as a format standard (FIPS -197) for encrypting data in databases. • For PCI-DSS, HIPAA, and specific government privacy rules, AES is the preferred encryption method. • The encryption methods recognized by the National Institute of Standards and Technology (NIST) ensure that your data is protected to the highest standards. 4
  • 5. 5 Protect your encryption keys and data by keeping them separate If you keep your encrypted data and keys in the same place, it’s like placing your house key beneath the mat Security best practices require you to store encryption keys separately from your encrypted data and manage them with an encryption key manager
  • 6. What is a key management server? 6 When encrypting fields in a file, an encryption key is required • Many customers use an external key manager to store and manage the master key as well as the encryption keys for the individual fields. • They may already have an external key manager for other platforms and can leverage that server for the IBM i encryption as well. • An example of an external key server would be Thales Cipher trust or Alliance Key Manager. There are others as well. • For those who do not want to support an external key manager on a Windows or Linux server, a local key store can be used on the IBM i to store and manage the keys. Third party encryption tools typically include a local key store for this use case.
  • 8. What is disk level encryption? 8 • On the IBM i, full disk encryption allows you to encrypt data that is stored in basic disk pools and independent disk pools • Full disk encryption protects data from several different threats: • Protects data transmission to and from the disk drive (important in a SAN environment) • Protects data transmission in the cross-site mirroring environment (only when the data being mirrored is on an encrypted independent disk pool) • Protects data in the case of theft of the disk drive
  • 9. 9 What is field level encryption? • Field procedures can provide field level (or column level) encryption on DB2 for IBM i • A field procedure is a user-written exit routine to transform values in a single column • When values in the column are changed, or new values inserted, the field procedure is invoked for each value • The field procedure can transform values (encode it) in any way. • The encoded value is then stored • When values are retrieved from the column, the field procedure is invoked for each encoded value. • The field procedure decodes each value back to the original value. • Any indexes defined on a column that uses a field procedure are built with encoded values. • The fields are encrypted at rest and will be decrypted when a database operation is performed against the file that has the field in it. • Fields can be ”masked” based on specific users or groups.
  • 10. What is field level masking? 10 Individual fields can be “masked” in addition to being encrypted • One of the big benefits of field level masking versus disk level encryption. • For example, a Social Security Number (SSN) field can be masked so that: • Only certain users or groups can see the fully unmasked SSN data • Other users or groups can be masked to see only the last four digits of the field • Other users will see a fully- masked SSN Let’s use the Social Security Number 123456789 as an example • For users that need to see the full SSN such as a payroll administrator, the field is encrypted but gets decrypted on the fly and they can see the full number • For other users, you may decide that they should not see the full SSN, so in that case, you can mask the first 5 digits, so the SSN# would look like this: XXXXX6789 • You can mask the entire field for certain people or groups if appropriate, so the SS# would look like this: XXXXXXXXX
  • 11. Field level masking • If the field in question is a numeric field, the mask will be the number 9. However, if the field in question is a character field, you can choose the character that you want to use for the mask. • For example, if you want to mask a credit card number that happens to be a character field, you can choose “X” or whatever other character you want to use for the mask. • Let’s use the credit card number 1234567890123456 as an example. If we decide to mask everything but the last 4 digits (or characters in this case), it looks like this: XXXXXXXXXXXX3456 • If you decide to mask the entire field, it looks like this: XXXXXXXXXXXXXXXX 11
  • 13. What does field level encryption look like on the IBM i? 13 The best way to see that the field or fields are encrypted on the IBM i is by leveraging the DSPFFD command. Below is an example of a social security number that is not encrypted:
  • 14. What does field level encryption look like on the IBM i? 14 After encrypting a field with field level encryption, you will notice new attributes on the field called “Field Procedure Name” and “Field Procedure Library”. Below is an example of a social security number that is encrypted via a field procedure.
  • 15. 15 Field procedures are part of the IBM i OS. They can be used for other purposes but are primarily used for encryption and masking The best way to encrypt and decrypt fields with field procedures is to use a third-party interface that will develop the code for you, attach it to the field in question and help you to manage and track which fields are encrypted or decrypted and to set up the masking rules A field procedure is a procedure that can be written by hand and attached to the field, however, that can be a large undertaking How do I encrypt sensitive fields in a file? Working with Field Procedures
  • 16. Implications with for field level encryption • While encrypting or decrypting a file, the IBM i requires an exclusive lock on the file until the encryption or decryption has completed. This means users need to be out of the file until the operation has completed. • For smaller files, this may not be an issue as you may be able to lock the file for a short period of time. However, for larger files, this process can take several hours. • In addition, many customers have requirements to “roll” the encryption keys periodically, which requires decryption and then re-encryption of the fields with a new key. • For legacy RPG-ILE programs, if the encrypted field is an index or key on the file, the sort order will be based on the encrypted data instead of the actual values. There are technologies that can help overcome this situation available on the market. Once you have decided on a tool to develop and manage field level encryption on your IBM i, there are some technical considerations:
  • 17. Minimizing the downtime required to encrypt/decrypt fields 17 • In order to avoid the downtime required to encrypt fields in larger files, there are technologies that allow you to ”Encrypt while active”. • This technology allows you to make a copy of the file empty (using CRTDUPOBJ) into a temporary library. Once the file is duplicated, it can encrypt while it is empty. • The “Encrypt while active” technology will then copy all the records from the production copy of the file into the temporary copy. As they are being copied in, the records are encrypted. • This technology keeps the file in sync with ongoing changes since the file is still being used by end users and applications.
  • 18. Minimizing the downtime required to encrypt/decrypt fields (cont.) 18 • Once you have a maintenance window and have users out of the file, the process that keeps the file in sync is ended, the old copy of the file can be moved out of production, and new encrypted version of the file can be moved into production. • The file is moved into production using the MOVOBJ command which simply updates the pointer to the location of the file from the temporary library to the production library. It does not perform a full copy of the data so the process is very quick. • The ”Encrypt while active” technology can save many hours of downtime on initial encryption, and then also during the roll of the key when the file needs to be decrypted and re-encrypted with a new key.
  • 19. What can I do if I have legacy RPG-ILE programs that no longer sort correctly by an encrypted key field? There are technologies available to help with the sorting issues that may occur because of an encrypted key field in legacy RPG-ILE programs These technologies require access to your source code Handler software can be used to convert traditional record-oriented file access to SQL Query Engine (SQE) access Only one line of code is added to make this conversion Presentation name 19
  • 20. Presentation name What can I do if I have legacy RPG-ILE programs that no longer sort correctly by an encrypted key field? (cont.) 20 • This is what the additional line of code would look like to handle the sorting issues in a legacy RPG-ILE program: • The handler program converts record-oriented reads into SQL access which corrects the sorting issues experienced by having an encrypted key in legacy RPG-ILE programs
  • 22. Field level encryption performance considerations 22 Any time you add a new process into the mix when dealing with database transactions, expect to have additional overhead on your IBM i processing time Since a program will get executed each time a new record is read to perform the decryption and then re-encryption, that will produce overhead Expect programs to run longer than they currently do when the fields are not encrypted Testing and benchmarking should be done so that you will know what impact the addition of field level encryption will have in your environment Performance is also dependent on the conditions of your system – additional resources may be required to support the additional overhead of encrypting fields in your database
  • 23. How does field level encryption work with a HA/DR solution? • If you have a replication solution in place for high availability or disaster recovery in your environment, there are a few considerations • First off, the field procedure program needs to be included in replication. The best practice is to generate the field procedure in the same library as the file that has encrypted fields. • Depending on your third-party software solution for encryption, you should have the product installed and licensed on the HA/DR systems so they are ready to go for a role swap. • If you are using an external key manager, your HA/DR partition will need to be able to access the server as it did on the production system
  • 24. So why is field level encryption better than disk level encryption? 24 Disk level encryption utilizes the same key for everything. If the key gets compromised, all the data on the system can be decrypted with one key Field level encryption can utilize a different key for every field, or every file depending on how you want to implement it. If one key gets compromised, the rest of your data is still protected Disk level encryption does not allow for masking individual fields, whereas field level encryption allows for masking to hide sensitive data from those that may have access to the file but shouldn’t be able to see the sensitive field data
  • 26. Assure Encryption 26 Complete protection for data at rest and in motion • IBM i FieldProc exit program-based encryption • High performance encryption libraries • Built-in masking of decrypted data based on user or group • Simplifies and ensures secure encryption key management • Includes extensive data tokenization capabilities The only NIST-certified AES encryption solution for IBM i
  • 27. Assure Encryption 27 Integrates with other applications and key managers • Encryption commands for Save Files, IFS, and much more • Extensive encryption APIs for RPG and COBOL • Native support for Townsend Security’s Alliance Key Manager • Integrates with any OASIS KMIP-compliant key manager