Beyond compliance: protecting sensitive data on the mainframe environment: in the light of the British Government data loss, part two of a rather poignant feature from Ulf T. Mattsson, chief technology officer for data security management provider, Protegrity.

Database and Network JournalVol. 37 Nbr. 6, December 2007

Author: Mattsson, Ulf T.

Position:: DATABASE AND NETWORK INTELLIGENCE

Linked as:

Summary

DATABASE AND NETWORK INTELLIGENCE

See the full content of this document

Extract

Beyond compliance: protecting sensitive data on the mainframe environment: in the light of the British Government data loss, part two of a rather poignant feature from Ulf T. Mattsson, chief technology officer for data security management provider, Protegrity.

Sending sensitive information over the internet or within your corporate network as clear text, defeats the point of encrypting the text in the database to provide data privacy. The sooner the encryption of data occurs, the more secure the environment. An enterprise-level data security management solution can provide the necessary key management for a solution to this problem. This solution will protect data at rest, and also while it is moving between the applications and the database, and between different applications and data stores.

DB2 v 8 column level encryption has the encryption key in a dump of the DB2 master task. The DB2 subtask in a mature solution should NOT have the key so it is not available in a dump of the DB2 master task. The subtask should only have the key-label which is not enough to encrypt the data and is meaningless since it's only the name of the key.

Encryption itself is not a protection against somebody who illicitly gains access to a password because DB2 will happily decrypt data on behalf of an authorised user. Thus, encryption and user ID/password controls are complementary aspects of security, helping to protect against different types of security exposures. When you select your tool to use--check what's in the DBM1 address space--it should never contain information about encryption keys in working storage. Keys should never be exposed in a DBM1 dump.

The IBM tool uses DB2 EDITPROCs where a key label is stored. The assignment of an EDITPROC to a table determines which key label to use for the table. ICSF itself determines the key and associates the master key with a key label as well as keeping track of these associations in its own CKDS data set, so ...

See the full content of this document

Sponsored links


Related topics

Related searches

Next >

ver las páginas en versión mobile | web

ver las páginas en versión mobile | web

© Copyright 2012, vLex. All Rights Reserved.

  • Language

Contents in vLex United Kingdom

Explore vLex

For Professionals

For Partners

Company

Other documents:

soldier discharged from army after drug-drive fast food trip [edition 3] | exclusive safe | -Rusrating Steadies Outlook of Russian Standard Bank | Deal Snapshot: Isbank Unloads Stake in Anadolu Sigorta to Reinsurance Unit | Cineplex Galaxy Income Fund Reports Fourth Quarter And Full Year 2004 Results. | 3Com Chief Technology Officer to Deliver Keynote Address at RSA Security Conference. | Lightspeed Venture Partners and Gemini Israel Funds Initiate Lab to Seed Israeli Internet Companies; Lab to Foster Gr... | Museum Foundation nears nonprofit status.