• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Field-Level Encryption Handles Security Compliance for Collections Firm

    September 6, 2011 Dan Burger

    Data encryption has taken on a much larger role in IT departments ever since the protection of sensitive and confidential information became a high priority for so many companies. We hear a lot of complaints about regulatory compliance, but without it your personal information is an easy target for those with criminal intentions. For many IBM i companies, the question is not about whether to encrypt data, it’s how to encrypt data. A good example is Bass & Associates P.C., a law firm providing national debt recovery services.

    Financial institutions have really felt the heat of regulatory compliance. They handle data that criminals covet: bank accounts, credit cards, and Social Security numbers directly tied to plenty of personal or business information. Bass works in this arena. And because you’re reading about them in IT Jungle, you know there’s an IBM i (or perhaps an IBM System i, iSeries or AS/400) playing a mission critical role in the business.

    Bass is a collections and bankruptcy firm that contracts debt-recovery services to companies in the credit-granting industries. It provides professional portfolio management for consumer and commercial debt, which includes student loans, bankruptcy, collateral liquidation, litigation action, and probate services.

    Its technology-intensive automated system relies on two Power7 servers running IBM i 7.1. And it meets regulatory compliance security obligations using field-level encryption software from Linoma Software, a company that specializes in protecting sensitive data and automating data movement. Linoma has more than 3,000 customers around the world, including Fortune 500 companies, non-profit organizations, and government entities.

    The communications network at Bass stretches beyond its customer base and includes accesses to major credit bureaus, bankruptcy and civil court records, and various government databases.

    The IT department consists of a six-person staff that’s responsible for maintaining and implementing the Bass networks, servers, and applications. The core application is a recovery management system (RMS) by FICO (formerly known as Fair Isaac Corporation).

    When Ian Atkinson, chief information executive at Bass, started hearing from customers that security audits were pointing out that sensitive data needed to be protected in the database and throughout each company’s network, he began to research encryption. At that time, the core business was run on an iSeries Model 810 production box with a System i Model 520 as a high availability backup. The leases on both boxes were expiring.

    “We started the project in April 2010 with enquiries to vendors, including FICO’s plans for the RMS product,” Atkinson said. “We looked at this search in terms of the needs of our clients and also our desire to protect our own sensitive data.”

    Initially, full disk encryption was being considered as a possible option. However, it was determined to be unnecessarily complex involving multiple logical partitions, the modification of applications, and it did not allow field-level data masking, which was desirable feature for Bass.

    “The field-level encryption in Linoma’s Crypto Complete gives us the advantage of allowing the encryption to occur at a more granular level,” Atkinson explained. “For example, it’s easy for us to control which internal users at Bass are greatly limited in the amount of data they can see, which ones have certain data partially masked, and which employees get to see all the data.”

    This field-level data masking feature in Crypto Complete is backward compatible to the V5R2 version of the operating system, but only users of IBM i 7.1 can take advantage of the DB2 field procedure feature that allows encryption and decryption of data to occur without program changes. That enhancement is not just convenient; it’s a time saver that avoids code manipulation.

    It was a fortunate coincidence that Bass was ready to make a hardware upgrade, which carried with it an OS upgrade to IBM i 7.1, allowing the company to use the new DB2 field procedure feature right away.

    During the hardware and operating system upgrade there were four machines in use, Atkinson explained. That included the old production and backup machines and the new production and backup machines. MIMIX high availability from Vision Solutions was being used to replicate data on both the old and new servers and the machines were running in parallel.

    “At that juncture, I could only test the DB2 field procedures in Crypto Complete on 7.1,” Atkinson said. “I could not do any production encryption until we upgraded to the new boxes.”

    “One or more fields in a database file can be targeted for encryption and can be activated at one time,” said Ron Byrd, senior software engineer at Linoma. “When the customer is ready to activate the encryption, they just need to make sure no users are in the targeted files in order to maintain their integrity. The files will then get locked and all the existing values will get encrypted during the initial activation. After the activation, the files are unlocked and are ready again for use. Then any new or changed field values will be automatically encrypted.”

    When the migration to the new Power7 servers running IBM i 7.1 was completed–which was not a difficult task after running the old and new systems in parallel for several months–it was encryption time.

    Typically you would expect to read that absolutely nothing went wrong and then you’d begin to doubt the credibility of this story. Both Atkinson and Byrd, however, talked about a glitch. In the midst of moving to a new OS and working out high availability issues along with incorporating encryption, the HA target server was balky about getting in synch.

    After a couple of days, the kink was ironed out with a patch from Linoma and a PTF from IBM.

    “If I were to approach this same encryption implementation today, I’d say it could be accomplished in two to three hours,” Atkinson said.

    Part of the FICO application presentation at Bass is a Windows-based client front end and auxiliary pieces of the system are built for browsers. Because the encryption is applied to the database, there’s automatic field decryption/masking even when the data is accessed through the browser. The same is true for data that’s downloaded to spreadsheets using ODBC connections, because it is decrypted automatically with the same masking parameters.

    Atkinson is very satisfied with the outcome. He describes the project as “a key component in our security strategy and compliance strategy.”

    RELATED STORIES

    Swiss Bank Adopts Linoma’s IBM i Encryption Tool

    Linoma Breaks Crypto Tool into Two

    Linoma Bolsters Encryption Tool with New Data Masking Feature

    Linoma is Ready for New Automated Encryption Feature in i/OS 7.1

    Linoma Adds Tokenization to i/OS Encryption Tool

    Linoma Adds Features to i OS Encryption Utility



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    PowerTech:  2011 Security Event of the Year. September 22–23 in Las Vegas. RVSP today!
    VAULT400:  IBM Power7 Upgrade and HA/DR Webinars. Sept 27, Oct 25. Get a FREE white paper!
    Four Hundred Monitor Calendar:  Latest info on national conferences, local events, & Webinars

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Admin Alert: Two PC5250 Configuration Secrets Adobe Flash Builder for the iSeries Programmer, Part 2

    Leave a Reply Cancel reply

Volume 11, Number 28 -- September 6, 2011
THIS ISSUE SPONSORED BY:

ProData Computer Services
Help/Systems
ASNA
VAULT400
RJS Software Systems

Table of Contents

  • Field-Level Encryption Handles Security Compliance for Collections Firm
  • Infor Hits the Road with New ‘Infor10’ Brand
  • Bug Busters Refines HA Software
  • looksoftware Wants it Rich and Thin
  • Oracle Loses to SAP in Appeals Court
  • IBM Bolsters Performance and Capacity of DS3500 Array
  • Las Vegas Sands Taps SAS for Predictive Analytics
  • IntelliChief OEMs OCR from IBM
  • Fiserv Updates Banking App
  • SunGard Launches Recover2Cloud

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • The IBM i Power10 Upgrade Cycle Forecast Looks Favorable
  • White Hats Completely Dismantle Menu-Based Security
  • Cloud Software To Drive Enterprise Application Growth
  • How Do You Stay In Touch With The IBM i Community?
  • IBM i PTF Guide, Volume 25, Number 6
  • Security Still Top Concern, IBM i Marketplace Study Says
  • Bob Langieri Shares IBM i Career Trends Outlook for 2023
  • Kisco Brings Native SMS Messaging to IBM i
  • Four Hundred Monitor, February 1
  • 2023 IBM i Predictions, Part 4

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.