Most IBM i professionals know it’s a good idea to encrypt data on their IBM i partitions. However, many organizations don’t encrypt their i server data or they don’t fully understand what benefits encryption provides.
Here are three good reasons why organizations should encrypt their IBM i data and why it is critical for your business.
#1: Because information is mobile & can be intercepted
Information is not static. Data exists in many different places inside and outside of your production environment.
Data can and will move off your IBM i machines. Data at rest refers to data that resides on IBM i storage. It can be vulnerable to theft through ransomware, internal and external bad actors and other cyberattacks.
Data in transit refers to data that is being transferred between locations. It includes data that are regularly backed up to tape and disk; FTPed to other servers; replicated to a high availability or disaster recovery site; or posted to other sites. Data in transit is vulnerable to being hacked or intercepted.
Encryption is necessary to prevent bad actors from using stolen data that has been captured. Production data can be encrypted in its original location. Data being sent off site for backup, FTP, replication, disaster recovery and other uses can also be encrypted. With encrypted data, bad actors may be able to steal your data, but they will not be able to decrypt and use it without an encryption key.
#2: To achieve regulatory compliance
Using hard drive database encryption, field level encryption, and the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption protocols can help satisfy mandatory regulatory requirements. Although SSL technology was replaced and updated by TLS as a successor protocol, the terms SSL and SSL/TLS are still frequently used to refer to the underlying encryption and authentication technology.
To stay in compliance for many regulatory standards such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the EU’s General Data Protection Regulation (GDPR), and Sarbanes-Oxley (SOX), sensitive parts of your data must be protected.
As part of the United States’s Federal zero trust architecture (ZTA) implementation (Executive Order 14028), executive departments and agencies must also encrypt data in transit and data at rest as ZTA is deployed.
Data at rest can be protected by encrypting your databases or by performing field-level encryption on a specific database, using products such as iSecurity Encryption and absCompression. absCompression can also be extended with the absCrypt component, which allows you to decode encrypted IBM i data on a Windows desktop or Windows server.
Data in transit can be secured by using the SSL/TLS protocol to encrypt communication tunnels that transfer IBM i data. Encryption protocols can be enabled for securing Web communications (Hypertext Transport Protocol Secure, HTTPS), transmitting and receiving files between machines (SFTP, Secure File Transfer Protocol using SSH, or FTPS, FTP over TLS\SSL), logging into an organizational network (Virtual Private Network, VPN), and securing email (STARTTLS or TLS\SSL).
IBM i data can be encrypted using the AES standard up to 256-bit encryption. Individual database fields can also be encrypted using the IBM i DB2 Field Procedure (FieldProc, also known as IBM i Field Level Encryption). FieldProc allows you to selectively encrypt sensitive fields in a database, instead of encrypting every field in the database.
#3: To help prevent data breaches and their consequences
With IBM i encryption, sensitive data and fields cannot be read without an encryption key. If hackers steal your data, they will not be able to read it. Encryption protects all kinds of sensitive data on your system, including:
- Company strategies
- Intellectual property
- Trade secrets
- Personal Identity Information (PII)
- Financial information
Encryption can help protect against damages that occur with a data breach, including fines, government penalties, lawsuits, criminal charges, personal identifiable information (PII) theft and financial losses. Data breaches can also damage your company reputation and cause business losses as vendors and customers may not want to work with a company that had a significant breach.
IBM i encryption can protect data that is stolen or compromised by internal and external hackers and cyberattacks. In addition to encrypting and renaming IBM i IFS files and objects, ransomware can also steal IBM i data and threaten to publish it to the Internet unless a second ransomware payment is received. If your IBM i data at rest is encrypted, stolen data is protected because the cyberattackers will not be able to decrypt the data.
Charging out of the breach
While encryption is not the total solution for stopping hacking and data breaches, it can help minimize breaches that do occur. SEA Software recommends looking at encryption for your IBM i data to determine whether it can help you meet your regulatory requirements and secure your system against hackers and data breaches. Now is the time to think about data encryption, not after you have a data breach.
