Regulatory and industry-specific requirements, such as SOX, Visa PCI, HIPAA, and so on, require that sensitive data must be stored securely and protected against unauthorized access or modifications. Several of the requirements state that data must be encrypted. IBM® i5/OS® offers several options that allow customers to encrypt data in the database tables. However, encryption is not a trivial task. Careful planning is essential for successful implementation of data encryption project. In the worst case, you would not be able to retrieve clear text information from encrypted data. This IBM Redbooks® publication is designed to help planners, implementers, and programmers by providing three key pieces of information: Part 1, "Introduction to data encryption" on page 1, introduces key concepts, terminology, algorithms, and key management. Understanding these is important to follow the rest of the book. If you are already familiar with the general concepts of cryptography and the data encryption aspect of it, you may skip this part. Part 2, "Planning for data encryption" on page 37, provides critical information for planning a data encryption project on i5/OS. Part 3, "Implementation of data encryption" on page 113, provides various implementation scenarios with a step-by-step guide.

The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it. In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available. This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM. The focus in this publication is the integration of IBM 6.1 enhancements into the range of security facilities available within IBM i up through Version release level 6.1. IBM i 6.1 security enhancements include: - Extended IBM i password rules and closer affinity between normal user IBM i operating system user profiles and IBM service tools user profiles - Encrypted disk data within a user Auxiliary Storage Pool (ASP) - Tape data save and restore encryption under control of the Backup Recovery and Media Services for i5/OS (BRMS) product, 5761-BR1 - Networking security enhancements including additional control of Secure Sockets Layer (SSL) encryption rules and greatly expanded IP intrusion detection protection and actions. DB2® for i5/OS built-in column encryption expanded to include support of the Advanced Encryption Standard (AES) encryption algorithm to the already available Rivest Cipher 2 (RC2) and Triple DES (Data Encryption Standard) (TDES) encryption algorithms. The IBM i V5R4 level IBM Redbooks publication IBM System i Security Guide for IBM i5/OS Version 5 Release 4, SG24-6668, remains available.

This IBM® Redbooks® publication discusses IBM System Storage Open Systems Tape Encryption solutions. It specifically describes Tivoli Key Lifecycle Manager (TKLM) Version 2, which is a Java software program that manages keys enterprise-wide and provides encryption-enabled tape drives with keys for encryption and decryption. The book explains various methods of managing IBM tape encryption. These methods differ in where the encryption policies reside, where key management is performed, whether a key manager is required, and if required, how the tape drives communicate with it. The security and accessibility characteristics of encrypted data create considerations for clients which do not exist with storage devices that do not encrypt data. Encryption key material must be kept secure from disclosure or use by any agent that does not have authority to it; at the same time it must be accessible to any agent that has both the authority and need to use it at the time of need. This book is written for readers who need to understand and use the various methods of managing IBM tape encryption.

This IBM® Redbooks® publication explains how to configure and manage independent disk pool (IASP) functionality of IBM i 6.1. It is designed to help IBM technical professionals, business partners, and customers understand and implement independent disk pools in the IBM i 6.1. In addition, this publication provides the background information that is necessary to plan, implement, and customize this functionality to your particular environment. It provides guidance on running user applications with either application data or most application objects residing in an independent disk pool. Considering that you can also use independent disk pools in a cluster environment, this publication shows you the basic steps to make your independent disk pool switchable between two Power SystemsTM servers or a single server with multiple LPARs. Independent auxiliary storage pools have many business and technical advantages for Power Systems using IBM i. Not only are independent auxiliary storage pools (IASPs) easy to create and maintain, most applications can use them by simple work management changes. IASPs can provide immediate benefits to your enterprise.

This IBM® Redbooks® publication introduces a technical overview of the main new features, functions and enhancements available in IBM i 6.1 (formerly called i5/OS® V6R1). It gives a summary and brief explanation of new capabilities and what has changed in the operating system, and also discusses many of the licensed programs and application development tools associated with IBM i. Many other new and enhanced functions are described, such as virtualization of storage, security, JavaTM performance, improved performance with IBM System StorageTM devices, backup and recovery, including base IBM i, Backup, Recovery and Media Services (BRMS). The book introduces the PowerHATM product, IBM Systems Director-based system management and an easier Web enablement. The information provided in this book will be useful for customers, Business Partners, and IBM service professionals involved with planning, supporting, upgrading, and implementing IBM i 6.1 solutions.

This IBM® Redbooks® publication provides a technical overview of the features, functions, and enhancements available in IBM i 7.1, including all the Technology Refresh (TR) levels from TR1 to TR7. It provides a summary and brief explanation of the many capabilities and functions in the operating system. It also describes many of the licensed programs and application development tools that are associated with IBM i. The information provided in this book is useful for clients, IBM Business Partners, and IBM service professionals who are involved with planning, supporting, upgrading, and implementing IBM i 7.1 solutions.

Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions—they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company's sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming. The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators. This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.