Encryption, Tokenization, and Anonymization for IBM i: A Quick Guide to Protecting Sensitive Data

Understanding Encryption, Tokenization and Anonymization for IBM i

Over the years, high-profile security breaches have spawned new and ever-expanding compliance regulations. These regulations are forcing companies to increase measures to protect sensitive data, especially personally identifiable information, to prevent it from being seen by unauthorized parties. This not only applies to the activity of hackers. It applies equally to internal staff, contractors, and business partners, all of whom should be able to view only the information they are required to access in order to do their jobs.

Three major solutions that are effective for keeping sensitive data out of the view of prying eyes are encryption, tokenization, and anonymization.  This guide will help you gain a high-level understanding of each, learn how the underlying technologies work, and recognize the situations in which companies typically use these solutions.

The method that organizations have used the longest to protect sensitive data is encryption, which combines one or more publicly available algorithms with a specialized, secret piece of data called an encryption key. Together, the algorithm and the encryption key transform human readable information (sometimes referred to as plain text) into an unreadable format (sometimes referred to as cipher text). When the data needs to be decrypted to return it to its original form, it is done through the use of the same encryption key that was used when the data was originally encrypted.

Encryption can be used to protect data at rest or data in motion. The data at rest on IBM i that is a candidate for encryption includes any sensitive data stored on the system, whether that data resides in specific fields within a database file, across entire databases, in save files, in spooled files, or on backup tapes. Data in motion refers to data that is transmitted over a network from one system to another, or one entity to another. This may be done using SFTP (SSH Secure File Transfer Protocol), FTPS (FTP over SSL), encrypted Telnet, or HTTPS. Regardless of whether data is to be encrypted at rest or in motion, you will need to obtain or create a solution that provides the specific type of encryption you require. The solution must include implementation of an approved
encryption algorithm such as Advanced Encryption Standard (AES), generation of strong encryption keys, and protection of encryption keys by a key management solution.

Download this eBook to learn how Precisely can help bring you a team of experts – all with an in-depth knowledge of encryption, tokenization, and anonymization. In addition, our Assure Security portfolio of IBM i security products includes a range of industry-leading encryption, tokenization, and anonymization software – making it easy to find the approach that best meets your company’s specific requirements.