The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it.

i for business 7 In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available.


Database security: Row and Column Access Control (RCAC)

Data is an asset. Some data is referred to as business critical because the company has an absolute need for the data to exist for the business to operate. Critical business assets merit a robust protection strategy. From a database perspective, clients consider topics like object access or table privileges to control who has the ability to access tables with the intent to read or the intent to change the data within the table. Row & Column Access Control (RCAC) capabilities provide DB2 for i clients additional constructs to limit the amount of data exposed to specific users. RCAC can be used once this Boss option is installed: 5770-SS1 Boss Option 47 - IBM Advanced Data Security for i.

RCAC provides several advantages:

Secure data at rest

Secure your data at rest with the IBM i operating system option 45, Encrypted ASP Enablement. Data is encrypted when written out to disk and decrypted when read from disk. This function provides protection for your data when you lose physical control of the disk drive such as disk replacement where a drive fails, data flowing to a SAN, and mirroring. With improvements in 7.1, you can now turn ASP encryption on and off and change the data encryption key for an existing user ASP or IASP.

Encrypted Backup Enablement

The IBM i operating system option 44, Encrypted Backup Enablement provides you with the ability to encrypt your data to a tape device. This function requires Backup, Recovery, and Media Services (BRMS). This encryption solution is hardware independent, meaning that you do not need to use an encrypting tape drive or other type of encryption device to encrypt the backup data. Encrypted backup can be used to encrypt data going directly out to tape or to virtual tape and also supports media duplication (unencrypted to encrypted duplication). The media duplication provides the ability to save in an unencrypted way and then duplicate to encrypted which won't impact the save window.

Column Encryption via Field Procedures

To enhance data security, column encryption may be accomplished by using a new database feature called field procedures, available in release 7.1. Field procedures are user written exit programs that run every time a column is read, changed or new values are inserted into the column. One use of a field procedure can be to implement encryption of the column data. The field procedure can be used to encrypt and decrypt data stored in the column by implementing the encryption and key management logic in the exit program. The field procedure provides the capability to encrypt data in a column without having to change the application programs that manipulate the data and without having to change field lengths and data type of the column itself. Encryption algorithms often times produce a different length output for the encrypted data as well as a requirement to store the data with a binary data format. Changing the column length and data type can have significant impacts to both applications and related interfaces such as a query. Field procedures eliminate the need for changing column lengths and data type of the DB2 table as these changes are managed by the DB2 OS support. For more information on Field Procedures see the SQL Programming Guide.

IBM Lab Services and Training

Is your business protected from the threats to IT infrastructure? Has adequate protection been built into new requirements and environments? Are systems and data secure? Secure enough? IBM Systems and Technology Group (STG) Lab Services and Training and its security consultants can help you find the answers to these questions through service offerings that assist in the development of general enterprise security or just to make sure your system settings maximize the protection you want and need to prevent your organization from being tomorrow’s headline! We can work with you to implement password elimination and SSO, data encryption, or a system security healthcheck. We can help you address general security aspects from managing the process of security in your enterprise to finding the most cost effective way of implementing your security policies.

IBM i security solutions Partner security solutions IBM Systems Lab Services and Training
IBM i is positioned to help with the governance and compliance considerations that impact your business
IBM i Business Partners offer a robust security solution portfolio
Let us address the unique aspects and requirements of your security concerns

Contact an IBM Sales Specialist

Browse Power Systems

Next generation applications for big data and analytics and cognitive computing are providing unprecedented insights into opportunities, threats and efficiencies. IBM Power Systems is at the forefront of delivering solutions to gain faster insights from analyzing both structured information and unstructured big data. With the secure, flexible and open platform of IBM Power Systems plus solutions and software, organizations can outpace their competitors by delivering faster services, providing differentiated offerings and turning operational cost into investment opportunity.

To draw insights and make better decisions, businesses rely on the secure, flexible and open platform of IBM Power Systems. Built with the first processor designed for big data workloads, the design of Power Systems combines the computing power, memory bandwidth and I/O in ways that are easier to consume and manage, building on strong resiliency, availability and security.

IBM Power Systems deliver flexibility and choice of operating systems to enable your business to support the next generation applications for big data and analytics and cognitive computing that are transforming how organizations work today. Whether running 1, 2, or all 3 - coupled with PowerVM, they maximize the benefit of Power Systems in your business.

Transform your business with Systems Software that enables virtualization, high availability, flexibility, security and compliance on Power Systems™. IBM’s integrated approach to developing Systems and Systems Software together delivers optimized results with Power Systems.

As an open innovation platform, Power Systems is optimized for big data and analytics performance and to deliver scale-out economics and security for the cloud. IBM and IBM Business Partner solutions exploit key capabilities in IBM Power Systems.

Over the last five years thousands of clients have migrated to IBM Power Systems for choice and flexibility. Learn how Power Systems has helped them revolutionise the way IT is developed and delivered, optimise for big data and analytics, and support private, public and hybrid offerings for scale-out or scale-up implementations all while improving business performance, reducing risk, and establishing a platform for growth.

IBM i Knowledge Center

Find detailed answers to your IBM i security questions

Data encryption

Data encryption within the drive itself