SlideShare a Scribd company logo

Key Concepts for Protecting the Privacy of IBM i Data

Precisely
Precisely

The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more. With all the options available for securing IBM i data at rest and in motion, how do you know where to begin? View this webinar on-demand to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees. Topics include: • Protecting data with encryption and the need for strong key management • Use cases that are best for tokenization • Options for permanently de-identifying data • Securing data in motion across networks

Technology
1 of 42
Download to read offline
Key Concepts for Protecting the Privacy of IBM i Data 1 Patrick Townsend Founder and CEO, Townsend Security Becky Hjellming Senior Director, Product Marketing, Syncsort
Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers. • If you need technical assistance with the web interface or audio, please reach out to us using the chat window. Questions Welcome • Submit your questions at any time during the presentation using the chat window. • We will answer them during our Q&A session following the presentation. Recording and slides • This webcast is being recorded. You will receive an email following the webcast with a link to download both the recording and the slides. Patrick Townsend Becky Hjellming 2
Protecting data is fundamental to your business • Customers, partners and employees trust you to prevent breaches • Your business suffers negative publicity if breached Regulations require that personally identifiable information (PII), payment card information (PCI) and personal health information (PHI) be encrypted • HIPAA • GDPR • PCI DSS Data could be compromised from the inside or outside • Users should see only the data they need as part of their jobs • Data must be protected from internal staff, contractors and business partners – as well as criminal intruders Data Privacy Is Essential • State privacy laws • And more 3
Health Insurance Portability and Accountability Act (HIPAA) 4 Scope of Regulation Originally enacted August 21, 1996 Establishes US national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers HITECH Act builds on HIPAA data security standard Cybersecurity Requirements • Access control • Electronic healthcare information protection • Many references to NIST standards for encryption and key management • Guidance on key management recommends NIST FIPS 140-2 • Protection of data in motion • Monitoring of logins and system accesses • Policies for reporting breaches The only safe harbor from breach notification is encryption
California Consumer Privacy Act (CCPA) 5 Scope of Regulation Enforcement date: January 1, 2020 Provides California citizen with the right to see the personal data being collected about them, know whether their information is being sold, and request that their data be deleted Applies to organizations that collect personal information about California citizens, or on the behalf of which information is collected, and meets certain thresholds for gross revenue and consumer records buys, sells or shares consumer information Cybersecurity Requirements • Audit interaction with consumer data • Detect security incidents • Pseudonymize personal information • Deidentify personal information used in aggregate • Access controls for data
Payment Card Industry Data Security Standard (PCI DSS) 6 Scope of Regulation V1 released on December 15, 2004 Information security standard for organizations that handle branded credit cards from the major card schemes Created to increase controls around cardholder data to reduce credit card fraud Validation of compliance is required annually Cybersecurity Requirements • Firewalls • Password security • Multi-factor authentication • System and data access restrictions • Cardholder data protection • Encryption of data in motion • Encryption key management • Monitoring of network and data access • Regular security testing
Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
• Encryption transforms readable information into an unreadable format (or “cyphertext”) • Encryption is based on proven, well-known algorithms • The best encryption algorithms are open and vetted • Common algorithms include AES, RSA, Triple DES and others • Algorithms are continuously scrutinized and attempts are made to break them • Algorithms rely on secret “keys” for encrypting/decrypting data • The best encryption solutions are independently certified to validate compliance with standards (e.g. NIST) • The encryption algorithm is never the secret, but the encryption keys must be kept secret Encryption is mature science that has been used for thousands of years What Is Encryption? 8
Encryption Key Management Is Critical • Hackers don’t break encryption algorithms – they find the keys • Encryption keys are THE secret that must be protected since the algorithms are public • Compliance regulations (PCI, HIPAA, GLBA/FFEIC, and others) require proper key management • There are industry standards and best practices for key management (FIPS 140-2) 9
Protects keys from theft and loss • Stores keys separately from the encrypted data • Restricts access to keys • Backs up keys securely • Supports regular key rotation Supports best practices for key management • Separation of duties between data manager and key manager • Dual control of key management processes • Split knowledge of complete key values • Ensuring origin and quality of keys • As with encryption, key manager certifications are available; e.g. Federal Information Processing Standards (FIPS) 140-2 • KMIP-compliance ensures future compatibility with encryption solutions What Does a Key Manager Do? 10
• Beware of home-grown or non-standard encryption and key management • Look for independent assessments and certifications (FIPS-197; FIPS 140-2) of the implementation of a secure algorithm • Best option for applications requiring higher performance • Can be easily implemented for Db2 databases in IBM i 7.1 or greater using FieldProc solutions with few (if any) application or database changes • 3rd party solutions provide APIs and CL commands to encrypt IFS files, backups, etc. • Open Access for RPG (OAR) handlers simplify your project if you have legacy RPG applications and need to encrypt indexes • FIELDPROC exits expose security challenges. Make sure you also implement access logging, automatic masking, access control for common utilities (like DBU, Display Physical File Member, and FTP), access control for encryption keys 11 IBM i Encryption Tips
Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
• Replaces sensitive data with substitute values or “tokens” • Tokens are stored in a database or “token vault” that maintains the relationship between the original value and token • Format-preserving tokens retain the characteristics of the original data (e.g. a VISA number would still look like a VISA number and pass a LUHN check) • Token consistency enables the same token to be used for every instances of the original data • When tokenized data is displayed in its original form, it should be masked based on the privilege of the user What Is Tokenization? 13 Also known as pseudonymization
Tokenization Tips • Tokenizing a server’s data can remove it from the scope of compliance and reduce the risk of breach exposure • Encrypt the token vault and make the vault the focus of compliance • Tokens cannot be reversed with a key as there is no algorithmic relationship to the original data • Tokenization has a performance impact to register tokens and retrieve them • Good fit for BI and queries since tokenization maintains database relationships • Tokenization is available thru credit card payment networks for tokenizing credit card numbers 14
Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
• A form of tokenization that permanently replaces sensitive data with substitute values (or “tokens”) • Substitute values are not stored, so a secured token vault is not required • Format-preserving tokens retain the characteristics of the original data • Can replace every instances of a piece of original data with the same token • A variety of anonymization methods can be used (e.g. scrambling) • NOT a solution for use on a production server since tokens are unrecoverable What Is Anonymization? 16 Also known as deidentification or redaction
Anonymization Tips • As with Tokenization, Anonymization cannot be reversed with a key as there is no algorithmic relationship to the original data • Anonymization is not a solution for data on your production server • Ideally used for anonymizing sensitive data on a development or test system • Good for sending scrubbed data to outside services for processing or analysis in aggregate • Addresses requirements of GDPR and CCPA • When coupled with a high availability solution for replication to non-HA server, it can feed dev/test system with anonymized data • Note: Anonymization should be done before the data goes across the network for true compliance with regulations like GDPR 17
Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
Organizations of all sizes are required to encrypt sensitive IBM i data as it moves over public networks such as the Internet Secure file transfer is stipulated by a number of compliance regulations, such as: • PCI • HIPAA • SOX Partners demand that the data they exchange with you to be safely transferred and protected at the destination Security best practice calls for internal data that passes across an external network to be encrypted Secure File Transfer Requirements • GDPR • GLBA • State privacy laws 19
• Manual transfer processes are unwieldy and time consuming • Tracking transfers and resubmitting failed transfers is tedious • Capturing files from FTP servers for processing into an ERP system or other application is a cumbersome manual process or requires programming • Securely sending ACH and Positive Pay records to a financial services company’s FTP server is another burdensome transfer to manage • Manual management leaves too much margin for human error File Transfer Management Needs 20
• Secure file transfer solutions encrypt data moving across internal or external networks to protect it from being seen in “clear text” • Third-party solutions handle the technical details of network protocols, encryption standards, and firewall negotiation • File transfer solutions deliver automation to relieve your team’s workload and auditing and reporting required by auditors • APIs enable you to integrate secure file transfer with your applications and processes • Solutions may offer the ability to keep the data encrypted at the destination to ensure it remains private • Secure file transfer is a very mature discipline with standards and certifications available Secure File Transfer Solutions Deliver Many Benefits 21
Secure File Transfer Tips • Look for solutions that meet standards and have certifications • Ensure any solution you consider can navigate the complexities of your firewall configurations • Keep an audit trail of transfer activities • An archive of transferred files makes retries much simpler • Set up a hub-and-spoke configuration that manages all your file transfer activities 22
Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
• Masking obscures a portion of viewable data so that only the required minimum amount is shown to a user • Data can be fully or partially masked • One common example is seeing only the final 4 digits of your credit card number • Partial masks can be done in variety of ways (e.g. showing only the last four characters, or the first five, or other combinations) • Masking should be done when encrypted or tokenized data is displayed in clear text • Managing masking is easiest when they can be applied based on the user and group privileges What Is Masking? 24
Masking Tips • Using masking can help enforce separation of duties • Masking can be used on otherwise unprotected data to protect the data from view. This does not protect the data from breach if someone takes it; it only protects it from view. 25
How Syncsort Can Help
Introducing Assure Security Complete IBM i Security and Compliance • Best in class IBM i security capabilities acquired from Cilasoft and Townsend Security • A common package for new installs and upgrades • A common monitoring console with Syncsort’s Assure Availability products MILESTONES • April 2019 Global Launch • May 2019 General Availability 27
Assure Security Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Choose the full product Choose a feature bundle Or select a specific capability Assure Compliance Monitoring Assure Security strengthens IBM i security and assures regulatory compliance 28 Assure Data Privacy Assure Encryption Assure Secure File Transfer
Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Assure Compliance Monitoring Assure Data Privacy protects IBM i data at-rest and in- motion from unauthorized access and theft using encryption, tokenization and masking 29
Assure Encryption Complete protection for data at rest • IBM i FieldProc exit point software for encryption • High performance encryption libraries • Built-in masking of decrypted data based on user or group • Provides key management with a local key store • Includes extensive data tokenization capabilities 30 The only NIST-certified AES encryption solution for IBM i
Assure Encryption Easy to manage and monitor data access • Easy-to-use management interface • User access controlled by policy with Group Profile support • Built-in data access auditing 31
Assure Encryption Integrates with other applications and key managers • Encryption commands for Save Files, IFS, and much more • Extensive encryption APIs for RPG and COBOL • Built to integrate with Townsend Security’s Alliance Key Manager for off-partition key management • Integrates with any OASIS KMIP-compliant key manager 32
Alliance Key Manager? Flexible • Works with all major business and cloud platforms • Integrates with all leading encryption applications • Multiple deploying options including a VMware VM, Hardware Security Module (HSM), or cloud module (AWS, Microsoft Azure) Compliant • FIPS 140-2 compliant – the US standard for approving cryptographic solutions with both hardware and software components • OASIS KMIP (Key Management Interoperability Protocol) compliant • Certified for PCI-DSS version 3 by Coalfire, a certified QSA auditor Easy and Cost Effective • Affordable for any size Enterprise • No additional client-side license or usage fees • Ready-to-use client software speeds deployment and reduces IT costs 33
Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Assure Compliance Monitoring Assure Data Privacy protects IBM i data at-rest and in- motion from unauthorized access and theft using encryption, tokenization and masking 34
Secures data transferred with trading partners or customers • Encrypts data before transfer and decrypts it at the destination • Encrypts any file type including Db2 database files, flat files, IFS files, Save Files, and spooled files • Supports encrypted ZIP and PDF formats • Supports common transfer protocols • Secure Shell (SSH SFTP) • Secure FTP (SSL FTPS) • Records all encryption and file transfer activity to meet compliance requirements • Offers a PGP option to encrypt data at the source and destination • PGP encrypted files can be received from other platforms such as Windows, Linux, and UNIX Assure Secure File Transfer 35
Enables centralized management and automation • Automates secure transfers with centrally managed policies • Configurable in a hub-and-spoke configuration to automatically manage file transfer needs • Allows administrators to easily retransmit any file from the archive of backup libraries • Provides email, SNMP, message notifications and alerts • Supports email confirmation of transfer with distribution list • Provides APIs and commands for integration with RPG, COBOL applications and CL programs Assure Secure File Transfer 36
Assure Secure File Transfer is compatible with a variety of: • Banks • Insurance companies • Authorization networks • Benefits providers • Medical claims services • EDI networks A partial list is shown here. Supported Banks, Insurance Companies, and Benefits Providers Banks Bank of America, Wachovia, Wells Fargo, US Bank, State Street, ABN Amro, CitiGroup, JPMorgan Chase, BankOne, and others Medical Blue Cross Blue Shield, State of California, State of Florida, Hewitt Associates, ZirMed, WebMD, and others Services Merrill Lynch, Fidelity, ADP, Frick, TALX, eTRAFX, AllTel, Bell South, and others Networks GXS, Inovis, Sterling, IBM Advantis (now GXS), Pantellos, and others Authorizations Visa, American Express, ADS, Chase Paymentech, First Data, ValueLink, and others 3rd Party Tools SAP, PeopleSoft, CostPoint, Concur, and others 37
Today’s Topics 1 – Common regulatory requirements 2 – Security solutions that align with regulations 3 – How Syncsort and Townsend Security can help 4 – Resources 5 – Q&A
39 Download our eBooks To learn more about technologies for ensuring the privacy of data at rest…… To learn more about protecting the privacy of data in-motion…..
40 Learn More About the layers of security by visiting the Syncsort website Download Syncsort’s White Paper on “The Essential Layers of IBM i Security”
Questions?
Key Concepts for Protecting the Privacy of IBM i Data

Recommended

Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
Precisely
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key Management
Stuart Marsh
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
Paul Gillingwater, MBA
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
Sam Bowne
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 

Recommended

Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
Precisely
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key Management
Stuart Marsh
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
Paul Gillingwater, MBA
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
Sam Bowne
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset Security
Sam Bowne
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSS
ControlCase
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
Security Innovation
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
 
National Digital ID Platform Technical Forum
National Digital ID Platform Technical ForumNational Digital ID Platform Technical Forum
National Digital ID Platform Technical Forum
Narudom Roongsiriwong, CISSP
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
Sam Bowne
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
TechSoup
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
Sam Bowne
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
Sam Bowne
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
Sam Bowne
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
Blackbaud
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Information
hypknight
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
Sam Bowne
 
Java zone ASVS 2015
Java zone ASVS 2015Java zone ASVS 2015
Java zone ASVS 2015
Joachim Van der Auwera
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)
Sam Bowne
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
Askozia
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
Karthikeyan Dhayalan
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
Greg Stone
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 

More Related Content

What's hot

CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset Security
Sam Bowne
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSS
ControlCase
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
Security Innovation
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
 
National Digital ID Platform Technical Forum
National Digital ID Platform Technical ForumNational Digital ID Platform Technical Forum
National Digital ID Platform Technical Forum
Narudom Roongsiriwong, CISSP
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
Sam Bowne
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
TechSoup
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
Sam Bowne
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
Sam Bowne
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
Sam Bowne
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
Blackbaud
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Information
hypknight
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
Sam Bowne
 
Java zone ASVS 2015
Java zone ASVS 2015Java zone ASVS 2015
Java zone ASVS 2015
Joachim Van der Auwera
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)
Sam Bowne
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
Askozia
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
Karthikeyan Dhayalan
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
Greg Stone
 

What's hot (20)

CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset Security
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSS
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
 
National Digital ID Platform Technical Forum
National Digital ID Platform Technical ForumNational Digital ID Platform Technical Forum
National Digital ID Platform Technical Forum
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Information
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
Java zone ASVS 2015
Java zone ASVS 2015Java zone ASVS 2015
Java zone ASVS 2015
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
 

Similar to Key Concepts for Protecting the Privacy of IBM i Data

Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field Security
Precisely
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 
Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?
Zach Gardner
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
Joseph Wojowski
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Precisely
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
Aptera Inc
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
Bozhidar Bozhanov
 
Securing Data Across the Extended Enterprise
Securing Data Across the Extended EnterpriseSecuring Data Across the Extended Enterprise
Securing Data Across the Extended Enterprise
Zach Gardner
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
Sam Bowne
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantage
at MicroFocus Italy ❖✔
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 

Similar to Key Concepts for Protecting the Privacy of IBM i Data (20)

Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field Security
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
 
Securing Data Across the Extended Enterprise
Securing Data Across the Extended EnterpriseSecuring Data Across the Extended Enterprise
Securing Data Across the Extended Enterprise
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantage
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 

More from Precisely

Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...
信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...
信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...
Precisely
 
AI-Ready Data - The Key to Transforming Projects into Production.pptx
AI-Ready Data - The Key to Transforming Projects into Production.pptxAI-Ready Data - The Key to Transforming Projects into Production.pptx
AI-Ready Data - The Key to Transforming Projects into Production.pptx
Precisely
 
Building a Multi-Layered Defense for Your IBM i Security
Building a Multi-Layered Defense for Your IBM i SecurityBuilding a Multi-Layered Defense for Your IBM i Security
Building a Multi-Layered Defense for Your IBM i Security
Precisely
 
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdfOptimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Precisely
 
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdfChaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Precisely
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Precisely
 
Navigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful MigrationNavigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful Migration
Precisely
 
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google ChronicleUnlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Precisely
 
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
Precisely
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Precisely
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
Precisely
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
Precisely
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Precisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
Precisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
Precisely
 

More from Precisely (20)

Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...
信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...
信頼できるデータでESGイニシアチブを成功に導く方法.pdf How to drive success with ESG initiatives with...
 
AI-Ready Data - The Key to Transforming Projects into Production.pptx
AI-Ready Data - The Key to Transforming Projects into Production.pptxAI-Ready Data - The Key to Transforming Projects into Production.pptx
AI-Ready Data - The Key to Transforming Projects into Production.pptx
 
Building a Multi-Layered Defense for Your IBM i Security
Building a Multi-Layered Defense for Your IBM i SecurityBuilding a Multi-Layered Defense for Your IBM i Security
Building a Multi-Layered Defense for Your IBM i Security
 
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdfOptimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
 
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdfChaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdf
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
 
Navigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful MigrationNavigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful Migration
 
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google ChronicleUnlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
 
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 

Recently uploaded

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 

Recently uploaded (20)

Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 

Key Concepts for Protecting the Privacy of IBM i Data

  • 1. Key Concepts for Protecting the Privacy of IBM i Data 1 Patrick Townsend Founder and CEO, Townsend Security Becky Hjellming Senior Director, Product Marketing, Syncsort
  • 2. Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers. • If you need technical assistance with the web interface or audio, please reach out to us using the chat window. Questions Welcome • Submit your questions at any time during the presentation using the chat window. • We will answer them during our Q&A session following the presentation. Recording and slides • This webcast is being recorded. You will receive an email following the webcast with a link to download both the recording and the slides. Patrick Townsend Becky Hjellming 2
  • 3. Protecting data is fundamental to your business • Customers, partners and employees trust you to prevent breaches • Your business suffers negative publicity if breached Regulations require that personally identifiable information (PII), payment card information (PCI) and personal health information (PHI) be encrypted • HIPAA • GDPR • PCI DSS Data could be compromised from the inside or outside • Users should see only the data they need as part of their jobs • Data must be protected from internal staff, contractors and business partners – as well as criminal intruders Data Privacy Is Essential • State privacy laws • And more 3
  • 4. Health Insurance Portability and Accountability Act (HIPAA) 4 Scope of Regulation Originally enacted August 21, 1996 Establishes US national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers HITECH Act builds on HIPAA data security standard Cybersecurity Requirements • Access control • Electronic healthcare information protection • Many references to NIST standards for encryption and key management • Guidance on key management recommends NIST FIPS 140-2 • Protection of data in motion • Monitoring of logins and system accesses • Policies for reporting breaches The only safe harbor from breach notification is encryption
  • 5. California Consumer Privacy Act (CCPA) 5 Scope of Regulation Enforcement date: January 1, 2020 Provides California citizen with the right to see the personal data being collected about them, know whether their information is being sold, and request that their data be deleted Applies to organizations that collect personal information about California citizens, or on the behalf of which information is collected, and meets certain thresholds for gross revenue and consumer records buys, sells or shares consumer information Cybersecurity Requirements • Audit interaction with consumer data • Detect security incidents • Pseudonymize personal information • Deidentify personal information used in aggregate • Access controls for data
  • 6. Payment Card Industry Data Security Standard (PCI DSS) 6 Scope of Regulation V1 released on December 15, 2004 Information security standard for organizations that handle branded credit cards from the major card schemes Created to increase controls around cardholder data to reduce credit card fraud Validation of compliance is required annually Cybersecurity Requirements • Firewalls • Password security • Multi-factor authentication • System and data access restrictions • Cardholder data protection • Encryption of data in motion • Encryption key management • Monitoring of network and data access • Regular security testing
  • 7. Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
  • 8. • Encryption transforms readable information into an unreadable format (or “cyphertext”) • Encryption is based on proven, well-known algorithms • The best encryption algorithms are open and vetted • Common algorithms include AES, RSA, Triple DES and others • Algorithms are continuously scrutinized and attempts are made to break them • Algorithms rely on secret “keys” for encrypting/decrypting data • The best encryption solutions are independently certified to validate compliance with standards (e.g. NIST) • The encryption algorithm is never the secret, but the encryption keys must be kept secret Encryption is mature science that has been used for thousands of years What Is Encryption? 8
  • 9. Encryption Key Management Is Critical • Hackers don’t break encryption algorithms – they find the keys • Encryption keys are THE secret that must be protected since the algorithms are public • Compliance regulations (PCI, HIPAA, GLBA/FFEIC, and others) require proper key management • There are industry standards and best practices for key management (FIPS 140-2) 9
  • 10. Protects keys from theft and loss • Stores keys separately from the encrypted data • Restricts access to keys • Backs up keys securely • Supports regular key rotation Supports best practices for key management • Separation of duties between data manager and key manager • Dual control of key management processes • Split knowledge of complete key values • Ensuring origin and quality of keys • As with encryption, key manager certifications are available; e.g. Federal Information Processing Standards (FIPS) 140-2 • KMIP-compliance ensures future compatibility with encryption solutions What Does a Key Manager Do? 10
  • 11. • Beware of home-grown or non-standard encryption and key management • Look for independent assessments and certifications (FIPS-197; FIPS 140-2) of the implementation of a secure algorithm • Best option for applications requiring higher performance • Can be easily implemented for Db2 databases in IBM i 7.1 or greater using FieldProc solutions with few (if any) application or database changes • 3rd party solutions provide APIs and CL commands to encrypt IFS files, backups, etc. • Open Access for RPG (OAR) handlers simplify your project if you have legacy RPG applications and need to encrypt indexes • FIELDPROC exits expose security challenges. Make sure you also implement access logging, automatic masking, access control for common utilities (like DBU, Display Physical File Member, and FTP), access control for encryption keys 11 IBM i Encryption Tips
  • 12. Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
  • 13. • Replaces sensitive data with substitute values or “tokens” • Tokens are stored in a database or “token vault” that maintains the relationship between the original value and token • Format-preserving tokens retain the characteristics of the original data (e.g. a VISA number would still look like a VISA number and pass a LUHN check) • Token consistency enables the same token to be used for every instances of the original data • When tokenized data is displayed in its original form, it should be masked based on the privilege of the user What Is Tokenization? 13 Also known as pseudonymization
  • 14. Tokenization Tips • Tokenizing a server’s data can remove it from the scope of compliance and reduce the risk of breach exposure • Encrypt the token vault and make the vault the focus of compliance • Tokens cannot be reversed with a key as there is no algorithmic relationship to the original data • Tokenization has a performance impact to register tokens and retrieve them • Good fit for BI and queries since tokenization maintains database relationships • Tokenization is available thru credit card payment networks for tokenizing credit card numbers 14
  • 15. Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
  • 16. • A form of tokenization that permanently replaces sensitive data with substitute values (or “tokens”) • Substitute values are not stored, so a secured token vault is not required • Format-preserving tokens retain the characteristics of the original data • Can replace every instances of a piece of original data with the same token • A variety of anonymization methods can be used (e.g. scrambling) • NOT a solution for use on a production server since tokens are unrecoverable What Is Anonymization? 16 Also known as deidentification or redaction
  • 17. Anonymization Tips • As with Tokenization, Anonymization cannot be reversed with a key as there is no algorithmic relationship to the original data • Anonymization is not a solution for data on your production server • Ideally used for anonymizing sensitive data on a development or test system • Good for sending scrubbed data to outside services for processing or analysis in aggregate • Addresses requirements of GDPR and CCPA • When coupled with a high availability solution for replication to non-HA server, it can feed dev/test system with anonymized data • Note: Anonymization should be done before the data goes across the network for true compliance with regulations like GDPR 17
  • 18. Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
  • 19. Organizations of all sizes are required to encrypt sensitive IBM i data as it moves over public networks such as the Internet Secure file transfer is stipulated by a number of compliance regulations, such as: • PCI • HIPAA • SOX Partners demand that the data they exchange with you to be safely transferred and protected at the destination Security best practice calls for internal data that passes across an external network to be encrypted Secure File Transfer Requirements • GDPR • GLBA • State privacy laws 19
  • 20. • Manual transfer processes are unwieldy and time consuming • Tracking transfers and resubmitting failed transfers is tedious • Capturing files from FTP servers for processing into an ERP system or other application is a cumbersome manual process or requires programming • Securely sending ACH and Positive Pay records to a financial services company’s FTP server is another burdensome transfer to manage • Manual management leaves too much margin for human error File Transfer Management Needs 20
  • 21. • Secure file transfer solutions encrypt data moving across internal or external networks to protect it from being seen in “clear text” • Third-party solutions handle the technical details of network protocols, encryption standards, and firewall negotiation • File transfer solutions deliver automation to relieve your team’s workload and auditing and reporting required by auditors • APIs enable you to integrate secure file transfer with your applications and processes • Solutions may offer the ability to keep the data encrypted at the destination to ensure it remains private • Secure file transfer is a very mature discipline with standards and certifications available Secure File Transfer Solutions Deliver Many Benefits 21
  • 22. Secure File Transfer Tips • Look for solutions that meet standards and have certifications • Ensure any solution you consider can navigate the complexities of your firewall configurations • Keep an audit trail of transfer activities • An archive of transferred files makes retries much simpler • Set up a hub-and-spoke configuration that manages all your file transfer activities 22
  • 23. Technology Options 1 – Encryption 2 – Tokenization 3 – Anonymization 4 – Secure file transfer 5 – Masking
  • 24. • Masking obscures a portion of viewable data so that only the required minimum amount is shown to a user • Data can be fully or partially masked • One common example is seeing only the final 4 digits of your credit card number • Partial masks can be done in variety of ways (e.g. showing only the last four characters, or the first five, or other combinations) • Masking should be done when encrypted or tokenized data is displayed in clear text • Managing masking is easiest when they can be applied based on the user and group privileges What Is Masking? 24
  • 25. Masking Tips • Using masking can help enforce separation of duties • Masking can be used on otherwise unprotected data to protect the data from view. This does not protect the data from breach if someone takes it; it only protects it from view. 25
  • 27. Introducing Assure Security Complete IBM i Security and Compliance • Best in class IBM i security capabilities acquired from Cilasoft and Townsend Security • A common package for new installs and upgrades • A common monitoring console with Syncsort’s Assure Availability products MILESTONES • April 2019 Global Launch • May 2019 General Availability 27
  • 28. Assure Security Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Choose the full product Choose a feature bundle Or select a specific capability Assure Compliance Monitoring Assure Security strengthens IBM i security and assures regulatory compliance 28 Assure Data Privacy Assure Encryption Assure Secure File Transfer
  • 29. Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Assure Compliance Monitoring Assure Data Privacy protects IBM i data at-rest and in- motion from unauthorized access and theft using encryption, tokenization and masking 29
  • 30. Assure Encryption Complete protection for data at rest • IBM i FieldProc exit point software for encryption • High performance encryption libraries • Built-in masking of decrypted data based on user or group • Provides key management with a local key store • Includes extensive data tokenization capabilities 30 The only NIST-certified AES encryption solution for IBM i
  • 31. Assure Encryption Easy to manage and monitor data access • Easy-to-use management interface • User access controlled by policy with Group Profile support • Built-in data access auditing 31
  • 32. Assure Encryption Integrates with other applications and key managers • Encryption commands for Save Files, IFS, and much more • Extensive encryption APIs for RPG and COBOL • Built to integrate with Townsend Security’s Alliance Key Manager for off-partition key management • Integrates with any OASIS KMIP-compliant key manager 32
  • 33. Alliance Key Manager? Flexible • Works with all major business and cloud platforms • Integrates with all leading encryption applications • Multiple deploying options including a VMware VM, Hardware Security Module (HSM), or cloud module (AWS, Microsoft Azure) Compliant • FIPS 140-2 compliant – the US standard for approving cryptographic solutions with both hardware and software components • OASIS KMIP (Key Management Interoperability Protocol) compliant • Certified for PCI-DSS version 3 by Coalfire, a certified QSA auditor Easy and Cost Effective • Affordable for any size Enterprise • No additional client-side license or usage fees • Ready-to-use client software speeds deployment and reduces IT costs 33
  • 34. Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Assure Compliance Monitoring Assure Data Privacy protects IBM i data at-rest and in- motion from unauthorized access and theft using encryption, tokenization and masking 34
  • 35. Secures data transferred with trading partners or customers • Encrypts data before transfer and decrypts it at the destination • Encrypts any file type including Db2 database files, flat files, IFS files, Save Files, and spooled files • Supports encrypted ZIP and PDF formats • Supports common transfer protocols • Secure Shell (SSH SFTP) • Secure FTP (SSL FTPS) • Records all encryption and file transfer activity to meet compliance requirements • Offers a PGP option to encrypt data at the source and destination • PGP encrypted files can be received from other platforms such as Windows, Linux, and UNIX Assure Secure File Transfer 35
  • 36. Enables centralized management and automation • Automates secure transfers with centrally managed policies • Configurable in a hub-and-spoke configuration to automatically manage file transfer needs • Allows administrators to easily retransmit any file from the archive of backup libraries • Provides email, SNMP, message notifications and alerts • Supports email confirmation of transfer with distribution list • Provides APIs and commands for integration with RPG, COBOL applications and CL programs Assure Secure File Transfer 36
  • 37. Assure Secure File Transfer is compatible with a variety of: • Banks • Insurance companies • Authorization networks • Benefits providers • Medical claims services • EDI networks A partial list is shown here. Supported Banks, Insurance Companies, and Benefits Providers Banks Bank of America, Wachovia, Wells Fargo, US Bank, State Street, ABN Amro, CitiGroup, JPMorgan Chase, BankOne, and others Medical Blue Cross Blue Shield, State of California, State of Florida, Hewitt Associates, ZirMed, WebMD, and others Services Merrill Lynch, Fidelity, ADP, Frick, TALX, eTRAFX, AllTel, Bell South, and others Networks GXS, Inovis, Sterling, IBM Advantis (now GXS), Pantellos, and others Authorizations Visa, American Express, ADS, Chase Paymentech, First Data, ValueLink, and others 3rd Party Tools SAP, PeopleSoft, CostPoint, Concur, and others 37
  • 38. Today’s Topics 1 – Common regulatory requirements 2 – Security solutions that align with regulations 3 – How Syncsort and Townsend Security can help 4 – Resources 5 – Q&A
  • 39. 39 Download our eBooks To learn more about technologies for ensuring the privacy of data at rest…… To learn more about protecting the privacy of data in-motion…..
  • 40. 40 Learn More About the layers of security by visiting the Syncsort website Download Syncsort’s White Paper on “The Essential Layers of IBM i Security”