Raz-Lee Claims Technological Edge with IBM i Encryption
July 20, 2016 Alex Woodie
IBM i shops that are on the hunt for an encryption solution to protect their sensitive data may want to check out the latest from Raz-Lee Security. The New York-based software company recently announced that it’s leveraging IBM‘s FieldProc technology to deliver field-level encryption that’s unlike anything else on the IBM i market. The company also announced a new PGP encryption solution.
Raz-Lee wasn’t the first IBM i security software provider to first to use the FieldProc, which can greatly simplify the process of adding encryption and decryption capabilities to a DB2 for i database, up to the point of eliminating the need to make code changes. Several other vendors came to market ahead with field-level encryption solutions ahead of Raz-Lee.
But according to Raz-Lee CEO Schmuel Zailer, the company’s approach gives the customer significant advantages over competing solutions, particularly when it comes to preventing the locking of database files.
During a press conference at the recent COMMON conference in New Orleans, Louisiana, Zailer claimed that competing encryption products could impose hefty wait times on database file locks when encryption keys are refreshed.
While other products impose locks on database files that can take seven to eight hours to let go, the encryption capability of the iSecurity suite, dubbed iSecurity Encryption, doesn’t work that way, Zailer says. “With our system, never is there to be a lock, except for the very first time” the product is implemented, he says.
Zailer says the reason his competitors have longer file lock times is because they developed their encryption solutions before IBM rolled out the FieldProc with the launch of IBM i 7.1 in 2010.
That extra time (six years’ worth, ostensibly) enabled Raz-Lee to develop a next-gen encryption solution designed specifically to work with the FieldProc, instead of modifying an existing encryption solution to work with it, as the other vendors did, Zailer says.
“Our software is so simple, so straightforward,” he says.
Another advantage of the iSecurity encryption feature, Zailer says, is that it can use a single IBM i encryption key to encrypt data on multiple IBM i servers or LPARs. Competing solutions require customers to separately log into each server or LPAR to perform key management tasks, such as changing keys.
“That’s not good, so we support a single key manager,” he says. The master key for iSecurity Encryption is implemented in hardware, which makes it more secure, he adds.
Raz-Lee also automates the process of finding sensitive data fields that should be encrypted. The software does this by automatically extracting the names of fields, including looking at column headings and the actual text. “We will never forget a file with a field that needs to be encrypted,” Zailer says.
In addition to encryption via standard crypto algorithms like AES-256, the Raz-Lee software can also mask and tokenize data. Masking data brings a smaller hit on performance while leaving the user interface more readable to the user. Tokenization, meanwhile, can minimize the impact that regulations like HIPAA can have on IT operations.
In addition to the FieldProc announcement, Raz-Lee announced the introduction of a new public-key encryption solution based on PGP.
PGP, which stands for Pretty Good Encryption, is often used for safeguarding the contents of texts, e-mails, files, and directories, and sometimes for entire disks too. In Raz-Lee’s case, the company sees PGP as an ideal solution for encrypting data that will flow across the wire. (The iSecurity Encryption solution discussed earlier is geared toward protecting data at rest).
The software allows users to encrypt an IBM i file using a public encryption key and one of several types of algorithms, including AES and TDES. After the file has been transmitted, it can be opened only by a person who has the right private key.
Raz-Lee says it provides a wide set of CL commands with its PGP implementation that covers many routines, including encrypting, decrypting, signing, identifying fingerprints, creating key pairs, and importing and exporting keys.
The solution uses a combination of encryption methodologies, including hashing, compression, symmetric-key cryptography and public key cryptography to protect data residing in the IBM i’s native file structure or in its IFS, the company says.
For more information, see the company’s website at www.razlee.com.