• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • PSGi Offers Field-Level Encryption for IBM i Database

    April 19, 2023 Alex Woodie

    IBM i professionals who are concerned about the disclosure of sensitive data in their legacy applications may be interested in a new field-level encryption utility from Precision Solutions Group (PSGi). The software essentially functions as an easy-to-use wrapper for IBM’s native Field Proc for database encryption, delivering flexible data protection for legacy applications.

    PSGi has made a name for itself by providing third-party maintenance and support for aging IBM i-based ERP systems. Customers running older applications like JD Edwards World, PRMS, PRISM, and KBM rely on PSGi to keep their ERP systems running well decades after they were first created.

    As a third-party support provider and consultancy, PSGi has a front-row view into the application concerns of its customers. “At PSGi, we’re in the business of making sure people can get ROI from their legacy applications,” says PSGi President Larry Dube. “We want them to stay there. We don’t want to give them reasons to go.”

    Security is a big and growing topic among these customers, and security audits are becoming more common, Dube says. In particular, IBM i shops are becoming concerned about the security of their data, especially as they open up their databases to access via interfaces other than the primary ERP system, he says.

    “With the legacy applications now, all this processing is done outside of the application,” Dube tells IT Jungle. “There’s a lot of data moving around to BI tools, to interfaces of other products, to financials, to shopfloor systems. Everything is moving around, especially with best-of-breed applications.”

    PSGi’s customers needed a way to protect this data as it resides in Db2 for i, where other users and applications have access to it. There are several methods to secure data, each working at different levels of the stack. At a system level, whole-disk encryption could be used. At the OS level, the administrator could implement restrictive user profiles, blocking read or read/write access to the entire database.

    But none of these approaches would work with a production ERP system, Dube says. That’s because employees at times do need to access to data, including sensitive data. Using restrictive user profiles would protect the data, but at the cost of allowing access to data that’s necessary for getting work done, he says.

    “They can certainly keep them from having read access to the file,” Dube says. “But that breaks the ERP.”

    To pass security audits and ensure the integrity of data, companies needed a more fine-grained approach to protecting data, he says. Luckily, IBM provides such a method. The field encryption procedure, or Field Proc, debuted in 2010 with the launch of IBM i version 7.1.

    The Field Proc was unique because, for the first time, it gave customers the ability to restrict access to data on a field-by-field basis. Instead of forcing customers between the blunt-force approach of restricting access to entire files, or requiring the equivalent of major heart surgery to implement field-level encryption directly in the application, IBM gave customers a much less invasive and more targeted approach to protecting field-level data with the Field Proc.

    While the Field Proc is recognized in the IBM i community as being good technology, it does have its drawbacks. The biggest one is that it’s not exactly easy to work with. You need to be knowledgeable of SQL on the platform and know how to work with triggers and constraints to implement it. That restricts the potential pool of companies that might make use of the Field Proc, Dube says.

    “We can do it from a consulting perspective,” Dube says. “But we’d also just like to allow companies that we’re working with, if they have staff, to take it on themselves and keep protecting it. Because like I said, our main goal is to make sure that these legacy applications stay out there for a long time.”

    After surveying the market and seeing nothing that matched PSGi’s client needs, Dube and company decided to build their own utility. The name of the product is Field Level Security Management, and it’s now available at version 1.0.

    “Essentially all our product does it put a wrapper around [the Field Proc] and make it a lot easier to deal with, so that anybody can use it,” Dube says. “You have to have some knowledge of the database. But you don’t have to be able to write SQL. You don’t have to be able to add triggers and constraints to the file.”

    Field Level Security Management is a Web-based application that runs atop the IBM HTTP Server (the one powered by Apache). It was written in a mix of PHP and JQuery, and allows administrators to quickly set up encryption for group user profiles on a field-by-field basis.

    During a demo, PSGi walked IT Jungle through the process of setting up field-level protecting through Field Level Security Management. The administrator starts out by selecting the field that they want to encrypt, such as the credit card number or Social Security number. The administrator is then given the option to obfuscate the entire value of the field, or perhaps just the first 20 characters of a 25-character field. That allows a user to see the last few digits of a Social Security or credit card number, but not see the entire value.

    PSGi’s tool can also be used to prevent users from entering new values and overwriting old values. If a user tries to do that, a trigger built into the tool would prevent the user from updating the database, Dube says.

    This approach gives users the ability to prevent employees from accessing sensitive pieces of data while preserving ERP function, Dube says. “They are allowed to go in and look at orders of customers, but they shouldn’t be able to see the prices of things,” he says.

    PSGi achieves this, but without the headache of using Field Proc and without the need to open up the application itself, which won’t protect the database from outside threats, Dube says.

    “We really wanted to make sure it was done at the database level, like it’s designed to do, rather than the legacy application itself,” Dube says. “In some of the more sophisticated legacy applications, they actually have some coding within the application that allow you to have field-level security, but then that doesn’t protect you from outside the application. It [Field Level Security Management] protects somebody from writing SQL or some other interface or just a query over the data.”

    This is the first shrink-wrapped product from PSGi. But it won’t be the last. Stay tuned for more product development from this new software vendor in the future.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: DB2 for i, ERP, Field Proc, IBM i, JQuery, PHP, Precision Solutions Group, PSGi, SQL

    Sponsored by
    Maxava

    Migrate IBM i with Confidence

    Tired of costly and risky migrations? Maxava Migrate Live minimizes disruption with seamless transitions. Upgrading to Power10 or cloud hosted system, Maxava has you covered!

    Learn More

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Four Hundred Monitor, April 19 How IBM Improved Application Development with the Spring 2023 TRs

    Leave a Reply Cancel reply

TFH Volume: 33 Issue: 23

This Issue Sponsored By

  • ProData
  • Focal Point Solutions Group
  • Greymine
  • ARCAD Software
  • Manta Technologies

Table of Contents

  • IBM i Education Goes a Mile High at COMMON’s POWERUp 2023
  • How IBM Improved Application Development with the Spring 2023 TRs
  • PSGi Offers Field-Level Encryption for IBM i Database
  • Four Hundred Monitor, April 19
  • The Downshifting Of IT Spending Growth Continues Apace

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Public Preview For Watson Code Assistant for i Available Soon
  • COMMON Youth Movement Continues at POWERUp 2025
  • IBM Preserves Memory Investments Across Power10 And Power11
  • Eradani Uses AI For New EDI And API Service
  • Picking Apart IBM’s $150 Billion In US Manufacturing And R&D
  • FAX/400 And CICS For i Are Dead. What Will IBM Kill Next?
  • Fresche Overhauls X-Analysis With Web UI, AI Smarts
  • Is It Time To Add The Rust Programming Language To IBM i?
  • Is IBM Going To Raise Prices On Power10 Expert Care?
  • IBM i PTF Guide, Volume 27, Number 20

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle