Results 1 to 7 of 7
  1. #1
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5

    Unanswered: IBM Database Encryption Expert for LUW

    Has anyone used IBM Database Encryption Expert for LUW? I have been told from those on high that we will need to become FISMA compliant sometime soon. So we need a way to encrypt the data on the server.

    Andy

  2. #2
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    All of the companies I have worked with encrypt the data on the application side before it gets to the database server. So it is just stored as regular character data (VARCHAR or CLOB) on DB2. Otherwise someone can intercept the data over the network between the app server and database server.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  3. #3
    Join Date
    Nov 2005
    Location
    IL
    Posts
    557
    Andy, I have done it with a CC numbers. It is not that complex. Let me know if you have any specific questions. I will check if I have a doc on it handy.

    You have to consider the following. Doing encryption on the DB level, you MUST remove access to a syscat.views and I think few other objects from MOST users as your key will be stored there. If you do not, there is no point in encrypting as the key is visible.

    This is the reason I think Marcus has suggested to do app encryption.

    Performance vise I saw no difference.
    --
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows

    DB2 v9.7.0.6 os 6.1.0.0

  4. #4
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    Quote Originally Posted by Cougar8000 View Post
    Andy, I have done it with a CC numbers. It is not that complex. Let me know if you have any specific questions. I will check if I have a doc on it handy.

    You have to consider the following. Doing encryption on the DB level, you MUST remove access to a syscat.views and I think few other objects from MOST users as your key will be stored there. If you do not, there is no point in encrypting as the key is visible.

    This is the reason I think Marcus has suggested to do app encryption.

    Performance vise I saw no difference.
    Basically, what I need to know is how do I take our current DB2 servers and put them under Encryption Expert. We are currently using DB2 9.5 on Redhat EL 5.3.

    Changing the application to do the encryption is out of the question. It would entail a total rewrite of the application.

    Thanks,

    Andy

  5. #5
    Join Date
    Apr 2010
    Posts
    5
    actually this tool is not developed by IBM. IBM has chosen Vormetric's encryption technology to provide data protection within DB2 environments through IBM's Database Encryption Expert product. some backgrounds here: Vormetric - Partners

  6. #6
    Join Date
    Aug 2001
    Location
    UK
    Posts
    4,650
    I found a link to the user guide for the product at http://publib.boulder.ibm.com/infoce...v1r0/index.jsp
    Visit the new-look IDUG Website , register to gain access to the excellent content.

  7. #7
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    I already downloaded the User Guide, a developerworks article, and a redbook that cover Encryption Expert. What I want is someone that actually has used it so I can pick their brain on what I would have to look out for. I have to come up with several solutions to present the higher ups. And the more information I can obtain on a product the better. Something might look good on paper (manuals, brochures, etc), but be a bear to work with.

    Andy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •