Linoma Adds Features to i OS Encryption Utility
August 4, 2009 Alex Woodie
System i professionals will have an easier time implementing field-level data encryption using the latest release of Linoma Software‘s Crypto Complete. Unveiled July 15, version 2.0 adds several time-saving features, including more flexibility when encrypting alphanumeric fields, more fine-toothed security access control, and pre-formatted audit reports. All told, the enhancements combine to make field-level encryption on the System i less painful.
Linoma unveiled Crypto Complete nearly two years ago as companies began implementing field-level encryption, the strongest level of encryption recommended by the Payment Cardholder Industry (PCI) group. The software uses encryption algorithms that are included in i OS, but which can be difficult to use. According to Linoma, whereas IBM’s APIs require working with 30 or so parameters, Crypto Complete only asks the programmer or administrator to worry about a handful of them–maybe five or six parameters.
With Crypto Complete version 2.0, Linoma has worked to streamline certain elements of the System i encryption equation. For example, this release brings the capability to encrypt alphanumeric fields of any length, without having to change field definitions or store the encrypted values externally.
Previously, the software could only do in-field encryption of alphanumeric data if the size of the field was divisible by 16 or 24. Otherwise, the field needed to be expanded, or the encrypted data needed to be stored in an external file (created and managed by the software). Version 2.0 lifts that restriction, making it easier to automatically encrypt alphanumeric data. However, encryption of numeric data fields still requires the external-file approach.
The new version also provides more nuanced access control for decryption routines. With this release, administrators can grant users the right to view decrypted data at the field level based on the role assigned to them under the i OS authorization list. Alternatively, the administrator can allow the users to only see masked values.
One of the best parts of Crypto Complete–its capability to automatically encrypt fields as they are modified over time–has also been improved with version 2. This automation is a product of Crypto Complete’s “field encryption registry,” which the customers use at the outset to indicate which files should be encrypted (performed in one giant batch encryption), and which also keeps all changes and additions to a file encrypted over time.
Linoma offers two methods for detecting when files have been changed and need to be encrypted: use of native API calls or SQL triggers. In version 2, the SQL trigger method has been improved with new SQL functions and stored procedures to support embedded SQL and remote database connections via JDBC and ODBC.
This release adds support for automated encryption of fields contained in multi-member files. Administrators also can choose to use Crypto Complete’s field-level encryption only with certain user-selectable records. Customers also get support for encrypting and decrypting multiple files on the IFS using wildcard names, according to Linoma.
Another handy addition to Crypto Complete are customizable security alerts. With version 2, administrators can be notified of unauthorized attempts to use the software, or of any security-related changes to a customer’s implementation. The feature works with i OS system messages and e-mail.
Getting instant notification of suspicious activity is helpful if the administrator is in a position to take immediate steps to stop the breach. But the more likely scenario involves discovering abnormalities after the fact, via the audit trail. Crypto Complete keeps an audit log of all activity for after-the-fact reporting and regulatory compliance purposes. And with version 2, the reporting capability has been improved with more powerful filters that allow demonstrators to sort by user profile, data and time ranges, and audit types.
Version 2 also includes a copy of the free Find Database Fields (FNDDBFLD) tool that Linoma introduced earlier this month. FNDDBFLD tells users if their databases contain sensitive data, such as credit card numbers or Social Security numbers, which can be a huge liability if left unprotected. Linoma is allowing anybody to download the free tool, which makes good business sense, as it may lead to more Crypto Complete sales, but including the tool in the Crypto Complete package only seemed fair.
The new release of Crypto Complete is easier to use, according to Bob Luebbe, chief architect at Linoma Software, which is based near Omaha, Nebraska. “We wanted to make it simple for customers to encrypt sensitive data and achieve compliance with PCI and privacy laws,” he says in a press release. “I believe this new 2.0 release of Crypto Complete achieves that goal, while providing a strong integrated key management system and detailed audit trails.”
Crypto Complete version 2 is available now. Pricing, which is tier-based, has not changed, and ranges from about $4,000 to about $14,000. For more information, visit the company’s Web site at www.linomasoftware.com.