IBM i Field Level Data Encryption

iSecurity Encryption

Data encryption is an essential element of effective IBM i security. It is the final layer of protection for all business-critical data, making data meaningless to anyone passing through other protection layers.

To stay in compliance with PCI-DSS, HIPAA, GDPR, SOX, and other regulatory bodies, sensitive parts of your data are required to be encrypted, ensuring the safety of your company and customer's critical information.

The iSecurity Encryption solution, part of the iSecurity suite, allows you to adequately protect all sensitive data and meet your compliance and regulatory requirements.

image
image

Encryption at Rest and/or in Transit for IBM i data

image

Fully automated encryption, taking advantage of built-in IBM i Field Level Encryption

image

Fulfills Audit and Compliance requirements

image

Built on modern technology without having to maintain compatibility with legacy encryption tools

image

Uses industry standard AES-256 encryption

Features of iSecurity Encryption

image

Layered field encryption based on user authorization

Built-in layers of iSecurity Encryption segregate keys into hierarchical systems, designed to secure your keys from hackers. If hackers gain access to one layer, they are still unable to break through encryption or key retrieval. Using Authorization Groups, you can enable additional security, allowing users to view sensitive information based on specific authority levels. Non-authorized users have no access to view data, while pre-authorized users see encrypted data as hidden, masked, or shown in clear text.

Keys are kept for several generations

Automated renewal or refreshed key operations have no impact on accessibility to previously encrypted data by a discontinued key. Inactive key information is retained in the original system where encryption first took place. Transition from old key to new key is automatic, facilitating access to old, encrypted data. Files are never locked. They are available for application use even when encryption keys are refreshed. Key Encrypting Keys (KEKs), as well as Data Keys, can be automatically changed, without administrator involvement.

image
image

Multi LPARs managed with a single key

A single controlling IBM i system to manage all keys from a central repository can be configured. In a multi-site environment, a single key manager can be set to support all sites, centralizing all keys-related activity. Keys are hexadecimal based rather than character based, providing much stronger encryption for the same usage of computer resources. Key Manager, Data Manager, and Token Manager can optionally be installed on different IBM i LPARs.

Complete Audit Trail

With our fundamental logs and reports, you can fulfill your Audit and Compliance requirements. A full journaling system guarantees that any parameter changes are logged. iSecurity Encryption uses NIST encryption standards and provides full adherence to both PCI and COBIT standards. Based on IBM Native APIs, iSecurity Encryption supports 128-bit, 192-bit, and 256-bit AES encryption.

image
image

Sensitive data fields, or reference fields needing encryption can be easily identified

A fully comprehensive identification system helps you discover all sensitive fields needing encryption. All database fields are considered. The product offers identification & selection aids based on field size, name, text and column headings. This prevents a situation where sensitive data is kept clear in a forgotten and copied version of a file.

Latest Blogs

image
IBM i
May 22, 2024
Hardware Security & Auditing Considerations for IBM i Servers
image
IBM i
May 10, 2024
Integrating IBM i Data with SIEM Solutions
image
IBM i
April 24, 2024
Using Exit Point Programming to Control IBM i Access

LET’S GET IN TOUCH

We’re happy to answer any questions about our software and what we do.

CONTACT US NOW