Linoma Bolsters Encryption Tool with New Data Masking Feature
December 7, 2010 Alex Woodie
Users who lack the proper authority to view sensitive IBM i data that’s been encrypted with the latest release of Linoma Software‘s Crypto Complete will instead be shown masked values when they try to access it. What’s more, this nifty security trick can be accomplished without fancy programming, in part because it’s based on the new DB2 Field Procedures functionality that IBM introduced with IBM i 7.1.
When IBM announced IBM i 7.1 earlier this year, Linoma was one of only two vendors that supported the new Field Procedures functionality, which was developed to eliminate the need to modify application source code to enable encryption features in DB2/400 (officially DB2 for IBM i). With the new Field Proc exit point, encryption and decryption routines can be called whenever data is read from, inserted into, or updated in DB2/400.
Linoma was ready for the Field Proc in April, when IBM i 7.1 shipped. With yesterday’s announcement of Crypto Complete 2.50, the Nebraska software vendor has refined its Field Proc repertoire to include the automated masking of field values.
The capability to automatically mask the value of a database field for users who aren’t authorized to view unmasked and unencrypted values should be well-received by Crypto Complete customers who are struggling to adhere to stringent new regulations on data governance. And because the new feature can be implemented by having an administrator work within Crypto Complete’s field encryption registry, it should save customers a lot of time and hassle.
Another enhancement included in Crypto Complete version 2.50 is the faster execution of encryption routines against IFS backups. Linoma says the performance is “significantly faster” when a large number of IFS files and directories are included with backup encryption routines. The decryption and restore commands are also executed faster.
Version 2.50 also provides additional authentication checks for users with all object (*ALLOBJ) authority. Instead of giving *ALLOBJ users carte blanche authority to view encrypted fields, administrators can override IBM i authority levels within Crypto Complete’s field-level authorization lists for individuals and groups. This release also gives administrators more fine-grained control over program-adopted authority.
This release also allows administrators to specify what values should be returned to users who lack authority to view unencrypted or unmasked data. It also includes better support for double byte character sets (DBCS) that are critical for supporting Asian languages, Linoma reports.
Crypto Complete provides encryption, data masking, and tokenization capabilities for data residing on IBM i, Windows, Linux, and other computer systems. Encryption capabilities include support for AES256, AES192, AES128 or TDES algorithms, and an integrated key management utility that complies with provisions of PCI DSS. The software, which runs on OS/400 V5R2 and higher, provides native IBM i and SQL interfaces for integrating encryption routines directly into applications, and collects a full audit trail for compliance purposes.
Crypto Complete version 2.50 is available now. Pricing is tier-based and begins at around $4,000. For more information see www.linoma.com.