Most of us know that it is a good idea to encrypt data on our IBM i partitions.
However, many organizations do not take the time to understand why they should encrypt their data and what benefits encryption provides.
Here are three good reasons why organizations should encrypt their IBM i data and why it is critical for your business.
- Because information is mobile
Information is not static. Data can and will move off your IBM i machines.
Data can exist in many different places outside of your production environment. Data at rest (data that resides on IBM i hard drives) and Data in motion (data that is being transferred between locations) are both in danger of being hacked or intercepted.
Data in motion (also known as Data in transit or Data in flight) includes data that are regularly backed up to tape and disk; FTPed to other servers; replicated to a high availability or disaster recovery site; and posted to other sites, such as Dropbox.
Encryption is necessary to prevent bad actors from using stolen data that has been captured. Production data should be encrypted in its original location. Data being sent off site for backup, FTP, replication, disaster recovery, and other uses can also be encrypted. Without a matching encryption key, people may be able to steal your data, but they will not be able to use it.
- To help achieve regulatory compliance
Using hard drive database encryption, field level encryption, and SSL\TLS encryption can help satisfy mandatory regulatory requirements.
To stay in compliance for many regulatory standards such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the EU’s General Data Protect Regulation (GDPR), and Sarbanes-Oxley (SOX), sensitive parts of your data must be protected. Data at rest can be protected by encrypting your databases or by performing field-level encryption on a specific database, using products such as SEA Software’s iSecurity Encryption and absCompression. Our absCompression product can be extended with the absCrypt component, which allows you to decode encrypted IBM i data on a Windows desktop or Windows server.
IBM i data can be encrypted using the AES standard up to 256-bit encryption. Individual database fields can also be encrypted using the IBM i DB2 Field Procedure (FieldProc, also known as IBM i Field Level Encryption). FieldProc allows you to selectively encrypt sensitive fields in a database, instead of encrypting every field in the database.
Data in motion can be secured by using the Transport Layer Security (TLS) protocol or the older, phased-out Secure Sockets Layer (SSL) protocol to encrypt communication tunnels that transfer IBM i data. Encryption protocols can be enabled for securing Web communications (Hypertext Transport Protocol Secure, HTTPS), transmitting and receiving files between machines (SFTP, Secure File Transfer Protocol using SSH, or FTPS, FTP over TLS\SSL), logging into an organizational network (Virtual Private Network, VPN), and securing email (STARTTLS or TLS\SSL).
- To help prevent data breaches and their consequences
With encryption, sensitive data and fields cannot be read without an encryption key. If hackers steal your data, they will not be able to read it. Encryption protects all kinds of sensitive data on your system, including:
- Company strategies
- Intellectual property
- Trade secrets
- Personal Identity Information (PII) for everyone you do business with
- Financial information
There is a treasure trove of critical company and personal information you already have on your IBM i boxes, that becomes protected through encryption. Encryption can help protect against damages that occur with a data breach, including fines, government penalties, lawsuits, criminal charges, credit card number theft, and financial losses. Data breaches can also damage your company reputation and cause business losses, as vendors and customers may not want to work with a company that had a significant breach.
Charging out of the breach
While encryption is not the total solution for stopping hacking and data breaches, it can help minimize breaches that do occur. SEA Software recommends looking at encryption for your IBM i data to determine whether it can help you meet your regulatory requirements and secure your system against hackers and data breaches. After all, now is the time to think about data encryption, not after you have a data breach.