Security on IBM i

Secure data at rest

Secure your data at rest with the IBM i operating system option 45, Encrypted ASP Enablement. Data is encrypted when written out to disk and decrypted when read from disk. This function provides protection for your data when you lose physical control of the disk drive such as disk replacement where a drive fails, data flowing to a SAN, and mirroring. With improvements in 7.1, you can now turn ASP encryption on and off and change the data encryption key for an existing user ASP or IASP.

Encrypted Backup Enablement

The IBM i operating system option 44, Encrypted Backup Enablement provides you with the ability to encrypt your data to a tape device. This function requires Backup, Recovery, and Media Services (BRMS). This encryption solution is hardware independent, meaning that you do not need to use an encrypting tape drive or other type of encryption device to encrypt the backup data. Encrypted backup can be used to encrypt data going directly out to tape or to virtual tape and also supports media duplication (unencrypted to encrypted duplication). The media duplication provides the ability to save in an unencrypted way and then duplicate to encrypted which won't impact the save window.

Column Encryption via Field Procedures

To enhance data security, column encryption may be accomplished by using a new database feature called field procedures, available in release 7.1. Field procedures are user written exit programs that run every time a column is read, changed or new values are inserted into the column. One use of a field procedure can be to implement encryption of the column data. The field procedure can be used to encrypt and decrypt data stored in the column by implementing the encryption and key management logic in the exit program. The field procedure provides the capability to encrypt data in a column without having to change the application programs that manipulate the data and without having to change field lengths and data type of the column itself. Encryption algorithms often times produce a different length output for the encrypted data as well as a requirement to store the data with a binary data format. Changing the column length and data type can have significant impacts to both applications and related interfaces such as a query. Field procedures eliminate the need for changing column lengths and data type of the DB2 table as these changes are managed by the DB2 OS support. For more information on Field Procedures see the SQL Programming Guide.

IBM Lab Services and Training

Is your business protected from the threats to IT infrastructure? Has adequate protection been built into new requirements and environments? Are systems and data secure? Secure enough? IBM Systems and Technology Group (STG) Lab Services and Training and its security consultants can help you find the answers to these questions through service offerings that assist in the development of general enterprise security or just to make sure your system settings maximize the protection you want and need to prevent your organization from being tomorrow’s headline! We can work with you to implement password elimination and SSO, data encryption, or a system security healthcheck. We can help you address general security aspects from managing the process of security in your enterprise to finding the most cost effective way of implementing your security policies.

Learn more

• Updates and fixes
• Installation

Let us address the unique aspects and requirements of your security concerns

Learn more

Find detailed answers to your System i security questions

Learn more

Data encryption within the drive itself

Learn more