Linoma Automates IFS Encryption
October 8, 2013 Dan Burger
Protecting sensitive information takes a well-developed plan and a variety of skills and strategies. Not only are the operators of IBM midrange computers learning more about tightening down the security of their systems, they are also deploying data encryption to provide another barrier between sensitive information and those who are coming after it. Linoma Software‘s CryptoComplete is an encryption product designed to protect sensitive information and its automation features should give more companies a reason to take a closer look.
Encryption can be a hairy monster that adds complexity and manual processes to security efforts. Keeping things simple is a huge benefit to IT departments that are already up to their armpits in complexity. Software companies that can automate processes have an advantage over competitors that require more time and effort to deploy.
One area of security that is gaining attention in the IBM i community is the integrated file system, commonly referred to as the IFS. Organizations storing sensitive documents in the IFS are becoming aware that encryption can be an important layer of protection.
Use of the IFS to store files is increasing. One of the biggest reasons for this is imaging software used for scanning paper documents and converting them into PDFs. Companies also use the IFS as a staging area for database documents. It’s common to see physical files converted to an Excel files and temporarily stored it on the IFS before they are sent to customers or business partners.
Exposure within the IFS was the reason Linoma introduced a CryptoComplete encryption module specifically for this potential vulnerability two years ago. It’s taken an extensive research and development process to update that product with automated features that simplify its use, but last week Linoma announced it has reached that goal.
Since the introduction of the original CryptoComplete module for the IFS, it has been well received in the IBM midrange community. Even though it was necessary to use commands to encrypt or decrypt files, that manual process provided the level of protection companies sought.
Thanks to the built-in automation, the CryptoComplete IFS module now allows users to choose which directories to encrypt on an on-going basis. Any files that are dropped into designated folders will automatically trap those events and automatically encrypt them as they are being written.
Systems admins, IBM i operators, or, in large enterprises, the security administrators have the capability to target folders they want to protect and the encryption is automatic. It requires no special hardware or operating system upgrade. Linoma designed it to be backward compatible to i5/OS V5R3.
The automation built in to the IFS module of CryptoComplete 3.3–the newest version of the product–required a year’s worth of R & D.
“It was pretty complex,” says Bob Luebbe, chief technology officer and founder of Linoma Software. “There are many different types of applications that can write to the IFS–not only local applications on the system, but also PC applications, third-party imaging systems, and client access. We had to trap for all those different types of applications. It was quite a challenge. Not only those apps that write data, but those that read data as well.”
Lube says there are many companies taking a closer look at the IFS and its accessibility. Often it is the result of regulatory compliance auditors advising companies of potential holes in their security.
“Auditors find fault whenever sensitive information is accessible. The auditors are a lot smarter than they used to be,” Luebbe says. “They dig deeper and are looking for security specifics. They are asking tough questions to make sure there are protections for things like Social Security numbers and credit card numbers. We have people calling us right after an audit.
“It is easy to gain access to the IFS with client access if you have authority,” he continues. “Some companies have opened the IFS to their end users through the network file system (NFS). It’s nice for end users who can quickly grab files generated on the IBM i and move them down to PCs, but that access has created some vulnerabilities. Shops set it up so users can get to the IFS drive. That’s fine if there are no sensitive documents there.”
The CryptoComplete IFS module is one of three modules. The other CryptoComplete modules are for field-level encryption and backup encryption. They can be purchased individually or as a group, where a price discount is available.
IFS encryption pricing begins at $1,995 for the P05 processor group and increases by $1,000 for the subsequent processor groups. That price includes the key management aspect of the product, which is sometimes priced separately in encryption products.
Pricing for Linoma’s backup encryption model price structure is the same as IFS.
The field level encryption module begins at $4,995 for P05, and increases to $5,995 for the P10 and $7,995 for the P20 processor groups. A 20 percent discount is available when multiple modules are purchased.