Volume 11, Number 28 -- September 6, 2011

Field-Level Encryption Handles Security Compliance for Collections Firm

Published: September 6, 2011

by Dan Burger

Data encryption has taken on a much larger role in IT departments ever since the protection of sensitive and confidential information became a high priority for so many companies. We hear a lot of complaints about regulatory compliance, but without it your personal information is an easy target for those with criminal intentions. For many IBM i companies, the question is not about whether to encrypt data, it's how to encrypt data. A good example is Bass & Associates P.C., a law firm providing national debt recovery services.

Financial institutions have really felt the heat of regulatory compliance. They handle data that criminals covet: bank accounts, credit cards, and Social Security numbers directly tied to plenty of personal or business information. Bass works in this arena. And because you're reading about them in IT Jungle, you know there's an IBM i (or perhaps an IBM System i, iSeries or AS/400) playing a mission critical role in the business.

Bass is a collections and bankruptcy firm that contracts debt-recovery services to companies in the credit-granting industries. It provides professional portfolio management for consumer and commercial debt, which includes student loans, bankruptcy, collateral liquidation, litigation action, and probate services.

Its technology-intensive automated system relies on two Power7 servers running IBM i 7.1. And it meets regulatory compliance security obligations using field-level encryption software from Linoma Software, a company that specializes in protecting sensitive data and automating data movement. Linoma has more than 3,000 customers around the world, including Fortune 500 companies, non-profit organizations, and government entities.

The communications network at Bass stretches beyond its customer base and includes accesses to major credit bureaus, bankruptcy and civil court records, and various government databases.

The IT department consists of a six-person staff that's responsible for maintaining and implementing the Bass networks, servers, and applications. The core application is a recovery management system (RMS) by FICO (formerly known as Fair Isaac Corporation).

When Ian Atkinson, chief information executive at Bass, started hearing from customers that security audits were pointing out that sensitive data needed to be protected in the database and throughout each company's network, he began to research encryption. At that time, the core business was run on an iSeries Model 810 production box with a System i Model 520 as a high availability backup. The leases on both boxes were expiring.

"We started the project in April 2010 with enquiries to vendors, including FICO's plans for the RMS product," Atkinson said. "We looked at this search in terms of the needs of our clients and also our desire to protect our own sensitive data."

Initially, full disk encryption was being considered as a possible option. However, it was determined to be unnecessarily complex involving multiple logical partitions, the modification of applications, and it did not allow field-level data masking, which was desirable feature for Bass.

"The field-level encryption in Linoma's Crypto Complete gives us the advantage of allowing the encryption to occur at a more granular level," Atkinson explained. "For example, it's easy for us to control which internal users at Bass are greatly limited in the amount of data they can see, which ones have certain data partially masked, and which employees get to see all the data."

This field-level data masking feature in Crypto Complete is backward compatible to the V5R2 version of the operating system, but only users of IBM i 7.1 can take advantage of the DB2 field procedure feature that allows encryption and decryption of data to occur without program changes. That enhancement is not just convenient; it's a time saver that avoids code manipulation.

It was a fortunate coincidence that Bass was ready to make a hardware upgrade, which carried with it an OS upgrade to IBM i 7.1, allowing the company to use the new DB2 field procedure feature right away.

During the hardware and operating system upgrade there were four machines in use, Atkinson explained. That included the old production and backup machines and the new production and backup machines. MIMIX high availability from Vision Solutions was being used to replicate data on both the old and new servers and the machines were running in parallel.

"At that juncture, I could only test the DB2 field procedures in Crypto Complete on 7.1," Atkinson said. "I could not do any production encryption until we upgraded to the new boxes."

"One or more fields in a database file can be targeted for encryption and can be activated at one time," said Ron Byrd, senior software engineer at Linoma. "When the customer is ready to activate the encryption, they just need to make sure no users are in the targeted files in order to maintain their integrity. The files will then get locked and all the existing values will get encrypted during the initial activation. After the activation, the files are unlocked and are ready again for use. Then any new or changed field values will be automatically encrypted."

When the migration to the new Power7 servers running IBM i 7.1 was completed--which was not a difficult task after running the old and new systems in parallel for several months--it was encryption time.

Typically you would expect to read that absolutely nothing went wrong and then you'd begin to doubt the credibility of this story. Both Atkinson and Byrd, however, talked about a glitch. In the midst of moving to a new OS and working out high availability issues along with incorporating encryption, the HA target server was balky about getting in synch.

After a couple of days, the kink was ironed out with a patch from Linoma and a PTF from IBM.

"If I were to approach this same encryption implementation today, I'd say it could be accomplished in two to three hours," Atkinson said.

Part of the FICO application presentation at Bass is a Windows-based client front end and auxiliary pieces of the system are built for browsers. Because the encryption is applied to the database, there's automatic field decryption/masking even when the data is accessed through the browser. The same is true for data that's downloaded to spreadsheets using ODBC connections, because it is decrypted automatically with the same masking parameters.

Atkinson is very satisfied with the outcome. He describes the project as "a key component in our security strategy and compliance strategy."


Swiss Bank Adopts Linoma's IBM i Encryption Tool

Linoma Breaks Crypto Tool into Two

Linoma Bolsters Encryption Tool with New Data Masking Feature

Linoma is Ready for New Automated Encryption Feature in i/OS 7.1

Linoma Adds Tokenization to i/OS Encryption Tool

Linoma Adds Features to i OS Encryption Utility

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

Don't be a D'Bu in headlights!

RDB Connect provides full SQL access to remote databases
from all System i high-level languages.

                                                                     Microsoft SQL
                                                                     and More!

Learn how to access remote data with our RDB Connect On-Demand Webinar

Download your free trials NOW.

Editor: Alex Woodie
Contributing Editors: Dan Burger, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

PowerTech:  2011 Security Event of the Year. September 2223 in Las Vegas. RVSP today!
VAULT400:  IBM Power7 Upgrade and HA/DR Webinars. Sept 27, Oct 25. Get a FREE white paper!
Four Hundred Monitor Calendar:  Latest info on national conferences, local events, & Webinars


IT Jungle Store Top Book Picks

BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

The iSeries Express Web Implementer's Guide: List Price, $49.95
The iSeries Pocket Database Guide: List Price, $59
The iSeries Pocket SQL Guide: List Price, $59
The iSeries Pocket WebFacing Primer: List Price, $39
Migrating to WebSphere Express for iSeries: List Price, $49
Getting Started with WebSphere Express for iSeries: List Price, $49
The All-Everything Operating System: List Price, $35
The Best Joomla! Tutorial Ever!: List Price, $19.95

The Four Hundred
More Details Emerge on Future Power7+ and Power8 Chips

IBM Taps Software Exec For Power Systems Marketing

EnterpriseDB Sets Sights on Oracle's MySQL

As I See It: Paying Attention

Mad Dog 21/21: How To Downgrade Your Business Partner

Four Hundred Guru
An Indicator By Any Other Name

Add a Record to Any File

Admin Alert: Two PC5250 Configuration Secrets

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
September 25, 2010: Volume 12, Number 39

September 18, 2010: Volume 12, Number 38

September 11, 2010: Volume 12, Number 37

September 4, 2010: Volume 12, Number 36

August 28, 2010: Volume 12, Number 35

August 21, 2010: Volume 12, Number 34

TPM at The Register
Microsoft: Our clouds are cheaper than VMware clouds

US tech-sector job stats flattened by Verizon strike

Intel love bombs US.gov for supercomputing tax dollars

Big Blue's math shows Algorithmics worth $387m

IBM opens Power8 kimono (a little bit more)

VMware sneak-peeks future 'disruptive' cloudy tech

VMware, Cisco stretch virtual LANs across the heavens

VMware reaches deeper into iPad, Android, desktop

Virtualization is the new hardware, says virt kingpin

Dell floats cloud built on ... VMware

HP mates blades with VMware vSphere

Cloud.com goes open source


ProData Computer Services
RJS Software Systems

Printer Friendly Version

Field-Level Encryption Handles Security Compliance for Collections Firm

Infor Hits the Road with New 'Infor10' Brand

Bug Busters Refines HA Software

looksoftware Wants it Rich and Thin

Oracle Loses to SAP in Appeals Court

News Briefs and Product Shorts:

IBM Bolsters Performance and Capacity of DS3500 Array . . . Las Vegas Sands Taps SAS for Predictive Analytics . . . IntelliChief OEMs OCR from IBM . . . Fiserv Updates Banking App . . . SunGard Launches Recover2Cloud . . .

Four Hundred Stuff


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2011 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement