Compliance regulations like HIPAA and PCI DSS have us all looking for more efficient and secure ways to keep sensitive data protected, especially the personal information fields we’ve all come to rely on: social security numbers, credit card numbers, birth dates, driver’s license numbers, insurance policy ID numbers, etc.
Fortunately, IBM is working hard to meet the growing demands of companies who must store and share private information and compliance auditors who govern how it must be done. When it released IBM i 7.1, it included a feature for encrypting DB2 form fields to give IT staffs more control.
Surprisingly, not everyone is taking full advantage of these DB2 FieldProcs either because they’re not aware of their benefit, or because they’re waiting for an even more comprehensive approach.
If you fall into either of these groups, then we’ve got good news. The Linoma Software team is hosting a webinar next week to share tips for how to maximize the DB2 FieldProcs feature in IBM i 7.1. In addition, we’ll provide some options that could give your processes even more functionality, making things more efficient.
We invite you to grab some lunch and join us for “IBM i Field Procedures Simplified with DB2 Field Procedures“ on June 13 at noon central. There will be lots of opportunities to ask questions, and we’ll also record the webinar so you can share it with your colleagues.
Hope you’ll be able to join us!
Now that corporate applications are easier to access via remote and mobile channels, it’s even more important to determine which sensitive data is accessible and where possible breaches may occur. Unfortunately, legions of hackers with Wi-Fi and mobile hacking tools make it imperative that organizations prepare for and defend against potential attacks with even more pervasive security procedures.
One step in creating a stronger defense is to employ field or column-level encryption to protect sensitive data at rest.
Implementing a custom field encryption project on IBM i used to be a notoriously long and painful process. Programming code changes for field level encryption required a steep learning curve, costly programming resources, and even more time in testing, validating and updating the changed application source code. Most companies simply could not justify the additional strain on their budgets for this level of project development requirements.
In response to this challenge, IBM released its OS version 7.1 with DB2 field procedure (FieldProcs) in April of 2010 that greatly simplified the field encryption process. With the new FieldProcs technology, encryption projects can be streamlined because the field procedures are invoked at the database level, making it transparent to the applications. The FieldProcs can be coded to automatically encrypt the field on Inserts and Updates, and subsequently decrypt the field only for authorized users on Read operations. Subsequently, FieldProcs have become very important to those businesses that have legacy applications and limited budgets.
FieldProcs are a great step for improving the viability of field level encryption projects. But even with this, many companies don’t have the resources to integrate and manage the FieldProcs which is why third-party software solutions, like Linoma Software’s Crypto Complete, are valuable. Crypto Complete will generate and manage the FieldProcs on the fields within the files.
Crypto Complete also includes the key management, audit logs and access controls needed for PCI DSS and data privacy compliance. The value of using Crypto Complete for field encryption cannot be understated as it can greatly minimize the learning curve and reduce the implementation resource requirements from weeks to hours.