SlideShare a Scribd company logo

Streamlining Data Encryption While Maintaining IBM i Availability

Download as PPTX, PDF
Precisely
Precisely

Encryption is not a simple on/off switch. Organizations need to decide which data to encrypt, at what stage (rest or in transit), and how to integrate encryption with existing systems and workflows. This can involve significant planning and potential disruptions. One of the biggest challenges is minimizing downtime or performance hit during the encryption process. One of the best solutions is to leverage a replication offering. This approach can limit downtime on the primary system used for constant data access. During this webinar, we will explore: Common encryption challenges Benefits of encrypting sensitive data How Encrypt While Active works

1 of 32
Download to read offline
Streamlining Data Encryption While Maintaining IBM i Availability Bill Hammond | Director, Product Marketing Bill Peedle | Principal Sales Engineer
Today’s Topics • Benefits of encryption • Challenges of encryption • Comparing encryption strategies • Field-level encryption on IBM i • Encrypt While Active option • Q & A 2
What is Encryption? 3 • Data encryption is the process of converting data into a format that is unreadable, known as ciphertext, to protect sensitive information from unauthorized access. • This is accomplished using an encryption algorithm and a key. • The encryption algorithm is a mathematical formula that scrambles the data, while the key is a secret value that is used to decrypt the data.
Why use encryption at all? 4 • Data Protection • Confidentiality: Prevents unauthorized access to sensitive information • Integrity: Ensures that data remains unaltered and accurate – at rest and in motion • Availability: Protects data from being held hostage through ransomware attacks. • Compliance and Regulatory Adherence • Industry Standards: Many industries have strict data protection regulations (HIPAA, GDPR, CCPA) that mandate encryption. • Risk Mitigation: Commitment to data security and reduces the risk of legal and financial penalties. • Brand Reputation and Customer Trust • Data Breach Prevention: These can damage a company's reputation and lead to customer loss. • Customer Confidence: Builds trust by demonstrating a strong commitment to data security. • Competitive Advantage • Intellectual Property Protection: Safeguards valuable innovations and trade secrets. • Secure Business Operations: Enables secure collaboration and information sharing.
Protect your stored data with AES Encryption • The encryption methods recognized by the National Institute of Standards and Technology (NIST) ensure that your data is protected to the highest standards. • The US government and agencies have accepted the Advanced Encryption Standard (AES) as a format standard for encrypting data in databases. • For PCI-DSS, HIPAA, and specific government privacy rules, AES is the preferred encryption method. • Use the Advanced Encryption Standard (AES-256) 5
What is a key management server? 6 When encrypting fields in a file, an encryption key is required • Many customers use an external key manager to store and manage the master key as well as the encryption keys for the individual fields. • They may already have an external key manager for other platforms and can leverage that server for the IBM i encryption as well. • An example of an external key server would be Thales Cipher trust or Alliance Key Manager. There are others as well. • For those who do not want to support an external key manager on a Windows or Linux server, a local key store can be used on the IBM i to store and manage the keys. Third party encryption tools typically include a local key store for this use case.
Protect your encryption keys and data by keeping them separate If you keep your encrypted data and keys in the same place, it’s like placing your house key beneath the mat Security best practices require you to store encryption keys separately from your encrypted data and manage them with an encryption key manager 7
Encryption Challenges and Best Practices
Encryption Challenges and Best Practices Presentation name 9 Key management • Lifecycle management • Generation • Distribution • Usage • Rotation • Revocation • Destruction • Compliance • Human error Performance • Processing power • Encryption/Decryption overhead • Hardware Acceleration • Network latency • Storage • Application Security and usability • Algorithm selection • Quantum computing • User experience • Compatibility • Access management Key length and strength • Length • Longer keys yield stronger encryption • Balancing security and performance • Strength • Robust algorithm • Effective key management strategies • Additional considerations • Threats • Compliance • Future computing power Implementin g encryption • Technical challenges • Performance • Integration • Algorithm selection • Data recovery • Organization challenges • Cost • Human error • Industry specific regulations • User acceptance • Balancing security and usability
Implementing encryption has its challenges EXCLUSIVE LOCKS SMALL WINDOW • IBM i Field Procedures (FieldProc) needs an Exclusive Lock on file data to add/remove an encryption program and encrypt/decrypt a column • Your maintenance window may be too small to encrypt/decrypt all files during the allotted time APPLICATION RISK • Encryption processing changes every record within a file – increasing risk to applications 10
Comparing encryption strategies
What is disk level encryption? 12 • On the IBM i, full disk encryption allows you to encrypt data that is stored in basic disk pools and independent disk pools • Full disk encryption protects data from several different threats: • Protects data transmission to and from the disk drive (important in a SAN environment) • Protects data transmission in the cross-site mirroring environment (only when the data being mirrored is on an encrypted independent disk pool) • Protects data in the case of theft of the disk drive
What is field level encryption? 13 • Field procedures can provide field level (or column level) encryption on DB2 for IBM i • A field procedure is a user-written exit routine to transform values in a single column • When values in the column are changed, or new values inserted, the field procedure is invoked for each value • The field procedure can transform values (encode it) in any way. • The encoded value is then stored • When values are retrieved from the column, the field procedure is invoked for each encoded value. • The field procedure decodes each value back to the original value. • Any indexes defined on a column that uses a field procedure are built with encoded values. • The fields are encrypted at rest and will be decrypted when a database operation is performed against the file that has the field in it. • Fields can be ”masked” based on specific users or groups.
What is field level masking? 14 Individual fields can be “masked” in addition to being encrypted • One of the big benefits of field level masking versus disk level encryption. • For example, a Social Security Number (SSN) field can be masked so that: • Only certain users or groups can see the fully unmasked SSN data • Other users or groups can be masked to see only the last four digits of the field • Other users will see a fully- masked SSN Let’s use the Social Security Number 123456789 as an example • For users that need to see the full SSN such as a payroll administrator, the field is encrypted but gets decrypted on the fly and they can see the full number • For other users, you may decide that they should not see the full SSN, so in that case, you can mask the first 5 digits, so the SSN# would look like this: XXXXX6789 • You can mask the entire field for certain people or groups if appropriate, so the SS# would look like this: XXXXXXXXX
Field level masking • If the field in question is a numeric field, the mask will be the number 9. However, if the field in question is a character field, you can choose the character that you want to use for the mask. • For example, if you want to mask a credit card number that happens to be a character field, you can choose “X” or whatever other character you want to use for the mask. • Let’s use the credit card number 1234567890123456 as an example. If we decide to mask everything but the last 4 digits (or characters in this case), it looks like this: XXXXXXXXXXXX3456 • If you decide to mask the entire field, it looks like this: XXXXXXXXXXXXXXXX 15
Field-level encryption on IBM i
What does field level encryption look like on the IBM i? 17 The best way to see that the field or fields are encrypted on the IBM i is by leveraging the DSPFFD command. Below is an example of a social security number that is not encrypted:
What does field level encryption look like on the IBM i? 18 After encrypting a field with field level encryption, you will notice new attributes on the field called “Field Procedure Name” and “Field Procedure Library”. Below is an example of a social security number that is encrypted via a field procedure.
How do I encrypt sensitive fields in a file? Working with Field Procedures Field procedures are part of the IBM i OS. They can be used for other purposes but are primarily used for encryption and masking A field procedure is a procedure that can be written by hand and attached to the field, however, that can be a large undertaking The best way to encrypt and decrypt fields with field procedures is to use a third- party interface that will develop the code for you, attach it to the field in question and help you to manage and track which fields are encrypted or decrypted and to set up the masking rules 19
Implications for field level encryption 20 • While encrypting or decrypting a file, the IBM i requires an exclusive lock on the file until the encryption or decryption has completed. This means users need to be out of the file until the operation has completed. • For smaller files, this may not be an issue as you may be able to lock the file for a short period of time. However, for larger files, this process can take several hours. • In addition, many customers have requirements to “roll” the encryption keys periodically, which requires decryption and then re-encryption of the fields with a new key. • For legacy RPG-ILE programs, if the encrypted field is an index or key on the file, the sort order will be based on the encrypted data instead of the actual values. There are technologies that can help overcome this situation available on the market. Once you have decided on a tool to develop and manage field level encryption on your IBM i, there are some technical considerations:
Minimizing the downtime required to encrypt/decrypt fields 21 • In order to avoid the downtime required to encrypt fields in larger files, there are technologies that allow you to ”Encrypt while active”. • This technology allows you to make a copy of the file empty (using CRTDUPOBJ) into a temporary library. Once the file is duplicated, it can encrypt while it is empty. • The “Encrypt while active” technology will then copy all the records from the production copy of the file into the temporary copy. As they are being copied in, the records are encrypted. • This technology keeps the file in sync with ongoing changes since the file is still being used by end users and applications.
Minimizing the downtime required to encrypt/decrypt fields (cont.) 22 • Once you have a maintenance window and have users out of the file, the process that keeps the file in sync is ended, the old copy of the file can be moved out of production, and new encrypted version of the file can be moved into production. • The file is moved into production using the MOVOBJ command which simply updates the pointer to the location of the file from the temporary library to the production library. It does not perform a full copy of the data so the process is very quick. • The ”Encrypt while active” technology can save many hours of downtime on initial encryption, and then also during the roll of the key when the file needs to be decrypted and re-encrypted with a new key.
What can I do if I have legacy RPG- ILE programs that no longer sort correctly by an encrypted key field? • There are technologies available to help with the sorting issues that may occur because of an encrypted key field in legacy RPG-ILE programs • These technologies require access to your source code • Handler software can be used to convert traditional record-oriented file access to SQL Query Engine (SQE) access • Only one line of code is added to make this conversion 23
What can I do if I have legacy RPG-ILE programs that no longer sort correctly by an encrypted key field? (Continued) 24 • This is what the additional line of code would look like to handle the sorting issues in a legacy RPG-ILE program: • The handler program converts record-oriented reads into SQL access which corrects the sorting issues experienced by having an encrypted key in legacy RPG-ILE programs
Encrypt While Active
Introducing Encrypt While Active 26 Combines market-leading Assure technology to: • Create a pre-production copy of your encrypted data • Promote that file to production with only minutes of downtime • Optionally compress the file being encrypted by removing deleted records Based on Assure MIMIX and Assure Security products • Assure MIMIX Enterprise for replication • Assure MIMIX Promoter, a feature of MIMIX High Availability, for file promotion • Assure Encryption, a component a Assure Security, for encryption Combination of Software and Services • Software to facilitate encryption without downtime and remove encryption risks • Expert services to manage the process and ensure a successful outcome
Encrypt While Active Architecture 27 ENCRYPT WHILE ACTIVE STEPS 1. Install Assure MIMIX HA (includes Assure MIMIX Promoter) and Assure Encryption on both systems 2. Create TEMP and ARCHIVE libraries on the Source System 3. Create empty duplicate objects of files being encrypted into the TEMP library with all logicals and PFs joined by joined logical (if any exist) 4. Configure Assure MIMIX HA for replication to the Target System and use Assure MIMIX Promoter for moving PROD (future encrypted Production files) to the TEMP Library 5. Configure Assure Encryption for fields being encrypted and start encryption on TEMP files which are empty. This is very fast. PROD TEMP ARCHIVE ARCHIVE TEMP PROD Source System Target System Replication Replication Replication a c d b Assure MIMIX HA* Assure Encryption Assure MIMIX HA* Assure Encryption * Includes Assure MIMIX Promoter
Encrypt While Active Architecture 28 ENCRYPT WHILE ACTIVE STEPS (continued) 6. Start Copy While Active (CPYACTF) process with Remove Deleted Records option, if desired (a). Assure MIMIX Promoter will copy all the records from PROD to TEMP then wait for additional changes to PROD files. CPYACTF will encrypt the fields as they are copied into the TEMP file and keep the files in sync until you are ready to cutover (b). 7. At cutover, during an outage window, Assure MIMIX Promoter is ended. PROD files are moved to the ARCHIVE library (c) and encrypted files in the TEMP library are moved to the PROD library (d). 8. Encrypted field definitions are modified to the PROD library for all files moved from the TEMP library to the PROD library. 9. Assure MIMIX HA replication is in place is in place. In the event of disk failure or disaster, copies are available on the Target System. An Assure MIMIX HA system does not need to be in place for this solution, but it is a good idea. PROD TEMP ARCHIVE ARCHIVE TEMP PROD Source System Target System Replication Replication Replication a c d b Assure MIMIX HA* Assure Encryption Assure MIMIX HA* Assure Encryption * Includes Assure MIMIX Promoter
Presentation name Encrypt While Active is useful throughout the lifetime of your encryption project INITIAL ENCRYPTION REMOVING ENCRYPTION • Adding encryption to fields/files not currently encrypted • Removing encryption from fields/files currently encrypted KEY ROTATION • Cycling an encrypted file from one set of encryption keys to another (annually or on another regular interval to meet compliance requirements) 29
Benefits of Encrypt While Active • Minimizes downtime for encryption operations • Mitigates the risk of application failure after encryption • Ensures HA/DR-readiness throughout the encryption process 30 As an added benefit, deleted records can be removed from the file during the encryption – a Compress While Active service
Questions?
Streamlining Data Encryption While Maintaining IBM i Availability
Ad

Recommended

Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
 
WBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptxWBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptx
Precisely
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
Security Innovation
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
Precisely
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field Security
Precisely
 
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxEncrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Neo4j
 
Protect your private data with ORC column encryption
Protect your private data with ORC column encryptionProtect your private data with ORC column encryption
Protect your private data with ORC column encryption
Owen O'Malley
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Formal Lecture.ppt
Formal Lecture.pptFormal Lecture.ppt
Formal Lecture.ppt
EqinNiftalyev
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
Precisely
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Dharma Atluri
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
LennartF
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
Ulf Mattsson
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing them
MuhammedYaseen39
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Tony Pearson
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
Tony Pearson
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
Tony Pearson
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made Easy
Precisely
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?
HelpSystems
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management system
Rabin BK
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
Druva
 
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
 
Ad

More Related Content

Similar to Streamlining Data Encryption While Maintaining IBM i Availability (20)

Protect your private data with ORC column encryption
Protect your private data with ORC column encryptionProtect your private data with ORC column encryption
Protect your private data with ORC column encryption
Owen O'Malley
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Formal Lecture.ppt
Formal Lecture.pptFormal Lecture.ppt
Formal Lecture.ppt
EqinNiftalyev
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
Precisely
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Dharma Atluri
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
LennartF
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
Ulf Mattsson
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing them
MuhammedYaseen39
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Tony Pearson
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
Tony Pearson
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
Tony Pearson
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made Easy
Precisely
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?
HelpSystems
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management system
Rabin BK
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
Druva
 
Protect your private data with ORC column encryption
Protect your private data with ORC column encryptionProtect your private data with ORC column encryption
Protect your private data with ORC column encryption
Owen O'Malley
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely
 
Formal Lecture.ppt
Formal Lecture.pptFormal Lecture.ppt
Formal Lecture.ppt
EqinNiftalyev
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
Precisely
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Dharma Atluri
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
LennartF
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
Ulf Mattsson
 
Homomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing themHomomorphic Encryption: Unveiling secrets without exposing them
Homomorphic Encryption: Unveiling secrets without exposing them
MuhammedYaseen39
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Tony Pearson
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
Tony Pearson
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
Tony Pearson
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made Easy
Precisely
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?
HelpSystems
 
Data encryption in database management system
Data encryption in database management systemData encryption in database management system
Data encryption in database management system
Rabin BK
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
Druva
 

More from Precisely (20)

Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
 
AI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdfAI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdf
Precisely
 
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdfAutomate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Precisely
 
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdfUnlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Precisely
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
Precisely
 
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdfOptimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Precisely
 
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdfAI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
Precisely
 
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Precisely
 
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdfTransform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Precisely
 
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely
 
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely
 
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdfTaking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Precisely
 
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdfPrecisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely
 
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Precisely
 
pp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptxpp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptx
Precisely
 
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptxWBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
Precisely
 
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdfAutomating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Precisely
 
End-to-End Process Automation for Faster and Simpler SAP Master Data.pdf
End-to-End Process Automation for Faster and Simpler SAP Master Data.pdfEnd-to-End Process Automation for Faster and Simpler SAP Master Data.pdf
End-to-End Process Automation for Faster and Simpler SAP Master Data.pdf
Precisely
 
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
 
AI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdfAI You Can Trust: The Critical Role of Governance and Quality.pdf
AI You Can Trust: The Critical Role of Governance and Quality.pdf
Precisely
 
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdfAutomate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Automate Studio Training: Building Scripts for SAP Fiori and GUI for HTML.pdf
Precisely
 
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdfUnlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Unlocking the Power of Trusted Data for AI, Analytics, and Business Growth.pdf
Precisely
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...End-to-end process automation: Simplifying SAP master data with low-code/no-c...
End-to-end process automation: Simplifying SAP master data with low-code/no-c...
Precisely
 
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdfOptimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Optimizing Your IBM i Availability: Storage vs. Software Replication.pdf
Precisely
 
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdfAI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
AI You Can Trust - The Role of Data Integrity in AI-Readiness.pdf
Precisely
 
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Top Tips to Get Your Data AI-Ready‎ ‎ ‎‎ ‎
Precisely
 
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdfTransform your IBM i and IBM Z data for proactive IT Operations.pdf
Transform your IBM i and IBM Z data for proactive IT Operations.pdf
Precisely
 
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely Demo Showcase - The Future of Location Data Management and Analytic...
Precisely
 
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely Automate Evolve vs SAP MDG : L'Automatisation SAP, quel que soit l...
Precisely
 
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdfTaking Your Legacy Data Beyond Modernization with AWS.pdf
Taking Your Legacy Data Beyond Modernization with AWS.pdf
Precisely
 
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdfPrecisely Showcase - Data Governance, Quality & MDM.pdf
Precisely Showcase - Data Governance, Quality & MDM.pdf
Precisely
 
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Precisely
 
pp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptxpp__international_ai_with_precisely_and_aws_final_240919.pptx
pp__international_ai_with_precisely_and_aws_final_240919.pptx
Precisely
 
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptxWBN_Eliminate AIX Downtime_E_DRAFT1.pptx
WBN_Eliminate AIX Downtime_E_DRAFT1.pptx
Precisely
 
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdfAutomating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Automating Data Integrity: Ensuring Trust in an Era of Complexity.pdf
Precisely
 
End-to-End Process Automation for Faster and Simpler SAP Master Data.pdf
End-to-End Process Automation for Faster and Simpler SAP Master Data.pdfEnd-to-End Process Automation for Faster and Simpler SAP Master Data.pdf
End-to-End Process Automation for Faster and Simpler SAP Master Data.pdf
Precisely
 
Ad

Recently uploaded (20)

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Ad

Streamlining Data Encryption While Maintaining IBM i Availability

  • 1. Streamlining Data Encryption While Maintaining IBM i Availability Bill Hammond | Director, Product Marketing Bill Peedle | Principal Sales Engineer
  • 2. Today’s Topics • Benefits of encryption • Challenges of encryption • Comparing encryption strategies • Field-level encryption on IBM i • Encrypt While Active option • Q & A 2
  • 3. What is Encryption? 3 • Data encryption is the process of converting data into a format that is unreadable, known as ciphertext, to protect sensitive information from unauthorized access. • This is accomplished using an encryption algorithm and a key. • The encryption algorithm is a mathematical formula that scrambles the data, while the key is a secret value that is used to decrypt the data.
  • 4. Why use encryption at all? 4 • Data Protection • Confidentiality: Prevents unauthorized access to sensitive information • Integrity: Ensures that data remains unaltered and accurate – at rest and in motion • Availability: Protects data from being held hostage through ransomware attacks. • Compliance and Regulatory Adherence • Industry Standards: Many industries have strict data protection regulations (HIPAA, GDPR, CCPA) that mandate encryption. • Risk Mitigation: Commitment to data security and reduces the risk of legal and financial penalties. • Brand Reputation and Customer Trust • Data Breach Prevention: These can damage a company's reputation and lead to customer loss. • Customer Confidence: Builds trust by demonstrating a strong commitment to data security. • Competitive Advantage • Intellectual Property Protection: Safeguards valuable innovations and trade secrets. • Secure Business Operations: Enables secure collaboration and information sharing.
  • 5. Protect your stored data with AES Encryption • The encryption methods recognized by the National Institute of Standards and Technology (NIST) ensure that your data is protected to the highest standards. • The US government and agencies have accepted the Advanced Encryption Standard (AES) as a format standard for encrypting data in databases. • For PCI-DSS, HIPAA, and specific government privacy rules, AES is the preferred encryption method. • Use the Advanced Encryption Standard (AES-256) 5
  • 6. What is a key management server? 6 When encrypting fields in a file, an encryption key is required • Many customers use an external key manager to store and manage the master key as well as the encryption keys for the individual fields. • They may already have an external key manager for other platforms and can leverage that server for the IBM i encryption as well. • An example of an external key server would be Thales Cipher trust or Alliance Key Manager. There are others as well. • For those who do not want to support an external key manager on a Windows or Linux server, a local key store can be used on the IBM i to store and manage the keys. Third party encryption tools typically include a local key store for this use case.
  • 7. Protect your encryption keys and data by keeping them separate If you keep your encrypted data and keys in the same place, it’s like placing your house key beneath the mat Security best practices require you to store encryption keys separately from your encrypted data and manage them with an encryption key manager 7
  • 9. Encryption Challenges and Best Practices Presentation name 9 Key management • Lifecycle management • Generation • Distribution • Usage • Rotation • Revocation • Destruction • Compliance • Human error Performance • Processing power • Encryption/Decryption overhead • Hardware Acceleration • Network latency • Storage • Application Security and usability • Algorithm selection • Quantum computing • User experience • Compatibility • Access management Key length and strength • Length • Longer keys yield stronger encryption • Balancing security and performance • Strength • Robust algorithm • Effective key management strategies • Additional considerations • Threats • Compliance • Future computing power Implementin g encryption • Technical challenges • Performance • Integration • Algorithm selection • Data recovery • Organization challenges • Cost • Human error • Industry specific regulations • User acceptance • Balancing security and usability
  • 10. Implementing encryption has its challenges EXCLUSIVE LOCKS SMALL WINDOW • IBM i Field Procedures (FieldProc) needs an Exclusive Lock on file data to add/remove an encryption program and encrypt/decrypt a column • Your maintenance window may be too small to encrypt/decrypt all files during the allotted time APPLICATION RISK • Encryption processing changes every record within a file – increasing risk to applications 10
  • 12. What is disk level encryption? 12 • On the IBM i, full disk encryption allows you to encrypt data that is stored in basic disk pools and independent disk pools • Full disk encryption protects data from several different threats: • Protects data transmission to and from the disk drive (important in a SAN environment) • Protects data transmission in the cross-site mirroring environment (only when the data being mirrored is on an encrypted independent disk pool) • Protects data in the case of theft of the disk drive
  • 13. What is field level encryption? 13 • Field procedures can provide field level (or column level) encryption on DB2 for IBM i • A field procedure is a user-written exit routine to transform values in a single column • When values in the column are changed, or new values inserted, the field procedure is invoked for each value • The field procedure can transform values (encode it) in any way. • The encoded value is then stored • When values are retrieved from the column, the field procedure is invoked for each encoded value. • The field procedure decodes each value back to the original value. • Any indexes defined on a column that uses a field procedure are built with encoded values. • The fields are encrypted at rest and will be decrypted when a database operation is performed against the file that has the field in it. • Fields can be ”masked” based on specific users or groups.
  • 14. What is field level masking? 14 Individual fields can be “masked” in addition to being encrypted • One of the big benefits of field level masking versus disk level encryption. • For example, a Social Security Number (SSN) field can be masked so that: • Only certain users or groups can see the fully unmasked SSN data • Other users or groups can be masked to see only the last four digits of the field • Other users will see a fully- masked SSN Let’s use the Social Security Number 123456789 as an example • For users that need to see the full SSN such as a payroll administrator, the field is encrypted but gets decrypted on the fly and they can see the full number • For other users, you may decide that they should not see the full SSN, so in that case, you can mask the first 5 digits, so the SSN# would look like this: XXXXX6789 • You can mask the entire field for certain people or groups if appropriate, so the SS# would look like this: XXXXXXXXX
  • 15. Field level masking • If the field in question is a numeric field, the mask will be the number 9. However, if the field in question is a character field, you can choose the character that you want to use for the mask. • For example, if you want to mask a credit card number that happens to be a character field, you can choose “X” or whatever other character you want to use for the mask. • Let’s use the credit card number 1234567890123456 as an example. If we decide to mask everything but the last 4 digits (or characters in this case), it looks like this: XXXXXXXXXXXX3456 • If you decide to mask the entire field, it looks like this: XXXXXXXXXXXXXXXX 15
  • 17. What does field level encryption look like on the IBM i? 17 The best way to see that the field or fields are encrypted on the IBM i is by leveraging the DSPFFD command. Below is an example of a social security number that is not encrypted:
  • 18. What does field level encryption look like on the IBM i? 18 After encrypting a field with field level encryption, you will notice new attributes on the field called “Field Procedure Name” and “Field Procedure Library”. Below is an example of a social security number that is encrypted via a field procedure.
  • 19. How do I encrypt sensitive fields in a file? Working with Field Procedures Field procedures are part of the IBM i OS. They can be used for other purposes but are primarily used for encryption and masking A field procedure is a procedure that can be written by hand and attached to the field, however, that can be a large undertaking The best way to encrypt and decrypt fields with field procedures is to use a third- party interface that will develop the code for you, attach it to the field in question and help you to manage and track which fields are encrypted or decrypted and to set up the masking rules 19
  • 20. Implications for field level encryption 20 • While encrypting or decrypting a file, the IBM i requires an exclusive lock on the file until the encryption or decryption has completed. This means users need to be out of the file until the operation has completed. • For smaller files, this may not be an issue as you may be able to lock the file for a short period of time. However, for larger files, this process can take several hours. • In addition, many customers have requirements to “roll” the encryption keys periodically, which requires decryption and then re-encryption of the fields with a new key. • For legacy RPG-ILE programs, if the encrypted field is an index or key on the file, the sort order will be based on the encrypted data instead of the actual values. There are technologies that can help overcome this situation available on the market. Once you have decided on a tool to develop and manage field level encryption on your IBM i, there are some technical considerations:
  • 21. Minimizing the downtime required to encrypt/decrypt fields 21 • In order to avoid the downtime required to encrypt fields in larger files, there are technologies that allow you to ”Encrypt while active”. • This technology allows you to make a copy of the file empty (using CRTDUPOBJ) into a temporary library. Once the file is duplicated, it can encrypt while it is empty. • The “Encrypt while active” technology will then copy all the records from the production copy of the file into the temporary copy. As they are being copied in, the records are encrypted. • This technology keeps the file in sync with ongoing changes since the file is still being used by end users and applications.
  • 22. Minimizing the downtime required to encrypt/decrypt fields (cont.) 22 • Once you have a maintenance window and have users out of the file, the process that keeps the file in sync is ended, the old copy of the file can be moved out of production, and new encrypted version of the file can be moved into production. • The file is moved into production using the MOVOBJ command which simply updates the pointer to the location of the file from the temporary library to the production library. It does not perform a full copy of the data so the process is very quick. • The ”Encrypt while active” technology can save many hours of downtime on initial encryption, and then also during the roll of the key when the file needs to be decrypted and re-encrypted with a new key.
  • 23. What can I do if I have legacy RPG- ILE programs that no longer sort correctly by an encrypted key field? • There are technologies available to help with the sorting issues that may occur because of an encrypted key field in legacy RPG-ILE programs • These technologies require access to your source code • Handler software can be used to convert traditional record-oriented file access to SQL Query Engine (SQE) access • Only one line of code is added to make this conversion 23
  • 24. What can I do if I have legacy RPG-ILE programs that no longer sort correctly by an encrypted key field? (Continued) 24 • This is what the additional line of code would look like to handle the sorting issues in a legacy RPG-ILE program: • The handler program converts record-oriented reads into SQL access which corrects the sorting issues experienced by having an encrypted key in legacy RPG-ILE programs
  • 26. Introducing Encrypt While Active 26 Combines market-leading Assure technology to: • Create a pre-production copy of your encrypted data • Promote that file to production with only minutes of downtime • Optionally compress the file being encrypted by removing deleted records Based on Assure MIMIX and Assure Security products • Assure MIMIX Enterprise for replication • Assure MIMIX Promoter, a feature of MIMIX High Availability, for file promotion • Assure Encryption, a component a Assure Security, for encryption Combination of Software and Services • Software to facilitate encryption without downtime and remove encryption risks • Expert services to manage the process and ensure a successful outcome
  • 27. Encrypt While Active Architecture 27 ENCRYPT WHILE ACTIVE STEPS 1. Install Assure MIMIX HA (includes Assure MIMIX Promoter) and Assure Encryption on both systems 2. Create TEMP and ARCHIVE libraries on the Source System 3. Create empty duplicate objects of files being encrypted into the TEMP library with all logicals and PFs joined by joined logical (if any exist) 4. Configure Assure MIMIX HA for replication to the Target System and use Assure MIMIX Promoter for moving PROD (future encrypted Production files) to the TEMP Library 5. Configure Assure Encryption for fields being encrypted and start encryption on TEMP files which are empty. This is very fast. PROD TEMP ARCHIVE ARCHIVE TEMP PROD Source System Target System Replication Replication Replication a c d b Assure MIMIX HA* Assure Encryption Assure MIMIX HA* Assure Encryption * Includes Assure MIMIX Promoter
  • 28. Encrypt While Active Architecture 28 ENCRYPT WHILE ACTIVE STEPS (continued) 6. Start Copy While Active (CPYACTF) process with Remove Deleted Records option, if desired (a). Assure MIMIX Promoter will copy all the records from PROD to TEMP then wait for additional changes to PROD files. CPYACTF will encrypt the fields as they are copied into the TEMP file and keep the files in sync until you are ready to cutover (b). 7. At cutover, during an outage window, Assure MIMIX Promoter is ended. PROD files are moved to the ARCHIVE library (c) and encrypted files in the TEMP library are moved to the PROD library (d). 8. Encrypted field definitions are modified to the PROD library for all files moved from the TEMP library to the PROD library. 9. Assure MIMIX HA replication is in place is in place. In the event of disk failure or disaster, copies are available on the Target System. An Assure MIMIX HA system does not need to be in place for this solution, but it is a good idea. PROD TEMP ARCHIVE ARCHIVE TEMP PROD Source System Target System Replication Replication Replication a c d b Assure MIMIX HA* Assure Encryption Assure MIMIX HA* Assure Encryption * Includes Assure MIMIX Promoter
  • 29. Presentation name Encrypt While Active is useful throughout the lifetime of your encryption project INITIAL ENCRYPTION REMOVING ENCRYPTION • Adding encryption to fields/files not currently encrypted • Removing encryption from fields/files currently encrypted KEY ROTATION • Cycling an encrypted file from one set of encryption keys to another (annually or on another regular interval to meet compliance requirements) 29
  • 30. Benefits of Encrypt While Active • Minimizes downtime for encryption operations • Mitigates the risk of application failure after encryption • Ensures HA/DR-readiness throughout the encryption process 30 As an added benefit, deleted records can be removed from the file during the encryption – a Compress While Active service