Crypto Complete™, one of the most popular encryption solutions for the IBM i, just took things to a whole new level. Version 3.3 now allows users to automatically encrypt files stored on the Integrated File System (IFS).
“We don’t think there is any other solution out there that provides this feature,” said Ron Byrd, Senor Engineer for Crypto Complete. “Based on feedback we were getting from our customers, it seemed like the obvious next step for us.”
Version 3.3 can automatically protect the contents of any sensitive IFS files including PDF documents, text files, Excel spreadsheets, binary objects and other graphics files.
Administrators can designate which folders should be encrypted, and from then on, Crypto Complete will automatically encrypt any new files or data as soon as they are added to those targeted IFS folders.
Encrypted files will then automatically decrypt when accessed by specifically authorized users or groups. Tracking who accesses files is carefully logged with detailed audit trails.
Find out more about the newest release of Crypto Complete in this official announcement.
As technology staffs contend with ongoing changes to the data distribution landscape, it is important to keep abreast of data security risks and to understand the significant importance of properly managing customer’s private data.
The Ponemon Institute recently released its annual data breach report which provides stats on data security issues and trends. With more than 277 companies involved and 1400 individuals interviewed, this report provides a current and unique perspective of potential security risks associated with even the smallest data breach.
Below are highlights of the report which indicates data breaches remain a difficult challenge.
- The report identifies three key causes of data breaches worldwide:
- Malicious Attacks – 37%
- Negligence – 35%
- System Errors – 29%
- The average per capita costs of a data breach increased to $136 per capita over the $130 per capita from the previous year.
- The US had the highest total per incident cost of $5,403,644.
- In 2013 the average number of breached records was 23,647
- Healthcare, Financial and Pharmaceutical industries continue to be the top industries with the highest per capita costs incurred.
Ironically, the report noted that organizations that notified victims too soon following a data breach actually incurred higher costs. This is an indication that an incident management plan should be in place to properly mitigate the data breach event.
It’s clear, based on the data in this report, that companies need to look beyond technology solutions that secure systems and communications. It is important that the human factors are considered like employee training and creating an incident management plan to provide a full proof data security strategy.
Take a look at the full 2013 Ponemon Institute Data Breach report for more information on the top reasons that data breaches occurred and ways to decrease the risks and costs associated with them.
For information on how your company can build a better strategy to avoid data breaches, download our free white paper “Defending Against Data Breach: Developing The Right Strategy for Data Encryption.”
Compliance regulations like HIPAA and PCI DSS have us all looking for more efficient and secure ways to keep sensitive data protected, especially the personal information fields we’ve all come to rely on: social security numbers, credit card numbers, birth dates, driver’s license numbers, insurance policy ID numbers, etc.
Fortunately, IBM is working hard to meet the growing demands of companies who must store and share private information and compliance auditors who govern how it must be done. When it released IBM i 7.1, it included a feature for encrypting DB2 form fields to give IT staffs more control.
Surprisingly, not everyone is taking full advantage of these DB2 FieldProcs either because they’re not aware of their benefit, or because they’re waiting for an even more comprehensive approach.
If you fall into either of these groups, then we’ve got good news. The Linoma Software team is hosting a webinar next week to share tips for how to maximize the DB2 FieldProcs feature in IBM i 7.1. In addition, we’ll provide some options that could give your processes even more functionality, making things more efficient.
We invite you to grab some lunch and join us for “IBM i Field Procedures Simplified with DB2 Field Procedures“ on June 13 at noon central. There will be lots of opportunities to ask questions, and we’ll also record the webinar so you can share it with your colleagues.
Hope you’ll be able to join us!
Now that corporate applications are easier to access via remote and mobile channels, it’s even more important to determine which sensitive data is accessible and where possible breaches may occur. Unfortunately, legions of hackers with Wi-Fi and mobile hacking tools make it imperative that organizations prepare for and defend against potential attacks with even more pervasive security procedures.
One step in creating a stronger defense is to employ field or column-level encryption to protect sensitive data at rest.
Implementing a custom field encryption project on IBM i used to be a notoriously long and painful process. Programming code changes for field level encryption required a steep learning curve, costly programming resources, and even more time in testing, validating and updating the changed application source code. Most companies simply could not justify the additional strain on their budgets for this level of project development requirements.
In response to this challenge, IBM released its OS version 7.1 with DB2 field procedure (FieldProcs) in April of 2010 that greatly simplified the field encryption process. With the new FieldProcs technology, encryption projects can be streamlined because the field procedures are invoked at the database level, making it transparent to the applications. The FieldProcs can be coded to automatically encrypt the field on Inserts and Updates, and subsequently decrypt the field only for authorized users on Read operations. Subsequently, FieldProcs have become very important to those businesses that have legacy applications and limited budgets.
FieldProcs are a great step for improving the viability of field level encryption projects. But even with this, many companies don’t have the resources to integrate and manage the FieldProcs which is why third-party software solutions, like Linoma Software’s Crypto Complete, are valuable. Crypto Complete will generate and manage the FieldProcs on the fields within the files.
Crypto Complete also includes the key management, audit logs and access controls needed for PCI DSS and data privacy compliance. The value of using Crypto Complete for field encryption cannot be understated as it can greatly minimize the learning curve and reduce the implementation resource requirements from weeks to hours.