Menu Close
Data infrastructure optimization, availability & security software
Data integration & quality software
The Next Wave of technology & innovation

Protecting IBM i Data Privacy

Protecting the privacy of IBM i (AS 400) data is crucial to both meeting compliance regulations and avoiding data breaches which could your cost your organization thousands or millions in lost revenue, brand damage and more

Contact our IBM i security experts

Four Pillars of Data Privacy: Encryption, Tokenization, Anonymization and Secure File Transfer

Effective data privacy technology for IBM i should keep sensitive data obscured even if a hacker or unauthorized internal user is able to break through all other lines of defense. Keeping data private, even if it falls into the wrong hands, relies on four critical elements: encryption, tokenization, anonymization, and secure file transfer.

Encrypting data makes it unreadable unless a user has the key to unlock it. Data encryption is required by most regulations related to consumer data privacy or for industries that store or process sensitive data. Encryption combines the implementation of one or more publically available algorithms with a secret piece of data called an encryption key. Together, the algorithm and the encryption key turn plain text into unreadable text or ciphers. Data is then returned it to its original form for users with the proper key.

Encryption can be used to protect data at rest in Db2 database fields, IFS files, spooled files or on backup tapes. Beginning with IBM i 7.1, a Field Procedure, also referred to as a FieldProc, was added to Db2 for IBM i to significantly simplify encryption.

Read our eBook to learn more: IBM i Encryption with FieldProc and Assure Encryption.

Encryption isn’t new, and older algorithms are vulnerable to hackers, which is why it’s important to protect your IBM i systems with algorithms that meet the latest standards. Because encryption algorithms are publicly available, and only encryption keys are private, it’s also important to implement a reliable system for creating, distributing and storing those keys. Encryption keys should have a managed lifecycle that includes creation, activation, use, rotation, expiration, retirement, and destruction after a period of time.

Some regulations, such as PCI DSS, require encryption key management practices such as separation of duties and dual-control processes in which two or more people are involved with managing encryption keys.

Read our eBook to learn more: IBM i Encryption 101.

Tokenization (also known as pseudonymization) substitutes sensitive data such as credit card or bank account numbers with non-sensitive, format-preserving tokens that map back to the sensitive data. Both encryption and tokenization address the security of IBM i data at rest. However, unlike encryption, tokenization cannot be algorithmically reversed to find the original value. Because tokens have no relationship to the data they replace, they can’t be “cracked.” Rather, the original data is stored in a database called a token vault that must be isolated, encrypted, and secured.

Since tokenization separates sensitive data in the token vault from the production environment, it’s an effective way to remove servers from the scope of compliance.

Read our eBook to learn more: Encryption, Tokenization and Anonymization for IBM i: A Quick Guide to Protecting Sensitive Data.

Anonymization (sometimes called de-identification or redaction) is similar to tokenization except that it permanently replaces sensitive data at rest with token values, eliminating the token vault. This is sometimes referred to as using non-recoverable tokens.

Required by consumer data privacy regulations such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR), anonymization is an effective means of removing personal information from data being shared with third parties. It is also recommended for data sets used on test or dev systems.

Read our eBook to learn more: What the California Consumer Privacy Act (CCPA) and Similar Regulations Mean for You.

Secure File Transfer protects data as it moves over internal or external networks by using forms of encryption that encrypt data while in motion. For complete file transfer security, the file should also be encrypted at the source and destination points, so its contents cannot be viewed by unauthorized users at any time before or after the transfer.

Whether executing transfers between business partners, government agencies, reporting bureaus or intra-company departments, a full-featured secure file transfer solution also automates file transfer management capabilities. These capabilities include process automation, application integration and a centralized, consistent method of handling every aspect of the file transfer process.

Managed, secure file transfer solutions enable administrators to be assured of data security and free developers to focus their valuable time and attention on strategic priorities.

Read our eBook to learn more: The Essential Guide to Secure and Managed File Transfers on the IBM i.

Stay compliant. Stay competitive.

Data breaches come with serious costs and consequences. As regulations expand (along with tangible and intangible costs of violations), an effective data privacy solution is critical to allow your organization to:

  • Achieve and maintain compliance with the data security requirements of GDPR, PCI DSS, HIPAA, SOX and other state and industry regulations
  • Protect intellectual property as well as the data entrusted to you by customers, partners and employees
  • Ensure the privacy of confidential data both at-rest and in-motion
  • Provide real segregation of duties
  • Implement security best practices

Assure Security offers encryption, tokenization, anonymization and secure file transfer capabilities for IBM i. These features can be licensed individually or as the Assure Data Privacy feature bundle. In addition, Assure Security offers IBM i access control, elevated authority management, multi-factor authentication, alerting and reporting on system and database activity and more to prevent security breaches and assure compliance.

Learn more about Assure Security.

I want to learn more about Data Security Solutions from Syncsort

Simply fill out the form and one of our Product Experts will be in touch!