Data encryption is an essential element of effective IBM i security. It is the final layer of protection for all business-critical data, making data meaningless to anyone passing through other protection layers.
To stay in compliance with PCI-DSS, HIPAA, GDPR, SOX, and other regulatory bodies, sensitive parts of your data are required to be encrypted, ensuring the safety of your company and customer's critical information.
The iSecurity Encryption solution, part of the iSecurity suite, allows you to adequately protect all sensitive data and meet your compliance and regulatory requirements.
Encryption at Rest and/or in Transit for IBM i data
Fully automated encryption, taking advantage of built-in IBM i Field Level Encryption
Fulfills Audit and Compliance requirements
Built on modern technology without having to maintain compatibility with legacy encryption tools
Uses industry standard AES-256 encryption
Built-in layers of iSecurity Encryption segregate keys into hierarchical systems, designed to secure your keys from hackers. If hackers gain access to one layer, they are still unable to break through encryption or key retrieval. Using Authorization Groups, you can enable additional security, allowing users to view sensitive information based on specific authority levels. Non-authorized users have no access to view data, while pre-authorized users see encrypted data as hidden, masked, or shown in clear text.
Automated renewal or refreshed key operations have no impact on accessibility to previously encrypted data by a discontinued key. Inactive key information is retained in the original system where encryption first took place. Transition from old key to new key is automatic, facilitating access to old, encrypted data. Files are never locked. They are available for application use even when encryption keys are refreshed. Key Encrypting Keys (KEKs), as well as Data Keys, can be automatically changed, without administrator involvement.
A single controlling IBM i system to manage all keys from a central repository can be configured. In a multi-site environment, a single key manager can be set to support all sites, centralizing all keys-related activity. Keys are hexadecimal based rather than character based, providing much stronger encryption for the same usage of computer resources. Key Manager, Data Manager, and Token Manager can optionally be installed on different IBM i LPARs.
With our fundamental logs and reports, you can fulfill your Audit and Compliance requirements. A full journaling system guarantees that any parameter changes are logged. iSecurity Encryption uses NIST encryption standards and provides full adherence to both PCI and COBIT standards. Based on IBM Native APIs, iSecurity Encryption supports 128-bit, 192-bit, and 256-bit AES encryption.
A fully comprehensive identification system helps you discover all sensitive fields needing encryption. All database fields are considered. The product offers identification & selection aids based on field size, name, text and column headings. This prevents a situation where sensitive data is kept clear in a forgotten and copied version of a file.