IBM Database Encryption Expert for LUW

ARWinner · #1 (**permalink**) 04-06-10, 15:55

Has anyone used IBM Database Encryption Expert for LUW? I have been told from those on high that we will need to become FISMA compliant sometime soon. So we need a way to encrypt the data on the server.

Andy

Marcus_A · #2 (**permalink**) 04-06-10, 19:16

All of the companies I have worked with encrypt the data on the application side before it gets to the database server. So it is just stored as regular character data (VARCHAR or CLOB) on DB2. Otherwise someone can intercept the data over the network between the app server and database server.

Cougar8000 · #3 (**permalink**) 04-07-10, 10:14

Andy, I have done it with a CC numbers. It is not that complex. Let me know if you have any specific questions. I will check if I have a doc on it handy.

You have to consider the following. Doing encryption on the DB level, you MUST remove access to a syscat.views and I think few other objects from MOST users as your key will be stored there. If you do not, there is no point in encrypting as the key is visible.

This is the reason I think Marcus has suggested to do app encryption.

Performance vise I saw no difference.

ARWinner · #4 (**permalink**) 04-08-10, 09:01

Quote:

Originally Posted by Cougar8000

Andy, I have done it with a CC numbers. It is not that complex. Let me know if you have any specific questions. I will check if I have a doc on it handy.

You have to consider the following. Doing encryption on the DB level, you MUST remove access to a syscat.views and I think few other objects from MOST users as your key will be stored there. If you do not, there is no point in encrypting as the key is visible.

This is the reason I think Marcus has suggested to do app encryption.

Performance vise I saw no difference.

Basically, what I need to know is how do I take our current DB2 servers and put them under Encryption Expert. We are currently using DB2 9.5 on Redhat EL 5.3.

Changing the application to do the encryption is out of the question. It would entail a total rewrite of the application.

Thanks,

Andy

guhongying · #5 (**permalink**) 04-08-10, 10:44

actually this tool is not developed by IBM. IBM has chosen Vormetric's encryption technology to provide data protection within DB2 environments through IBM's Database Encryption Expert product. some backgrounds here: Vormetric - Partners

sathyaram_s · #6 (**permalink**) 04-08-10, 11:34

I found a link to the user guide for the product at http://publib.boulder.ibm.com/infoce...v1r0/index.jsp

ARWinner · #7 (**permalink**) 04-08-10, 12:07

I already downloaded the User Guide, a developerworks article, and a redbook that cover Encryption Expert. What I want is someone that actually has used it so I can pick their brain on what I would have to look out for. I have to come up with several solutions to present the higher ups. And the more information I can obtain on a product the better. Something might look good on paper (manuals, brochures, etc), but be a bear to work with.

Andy

Internet Services

Web Development

Digital Marketing

Consumer Tech