Data Security Software

Home Solutions Enterprise Security for IBM i Back-Up Encryption

Back-Up Encryption

With Enforcive™/Back-Up Encryption, Enforcive offers save file encryption for backups, providing the ability to encrypt and save entire libraries as well as individual objects. A series of commands allow easy integration of Enforcive object encryption into back-up processes. Organizations backing their data up to tape, now have an easy way to make sure the data cannot be read by anyone who is not authorized in case their tapes end up in the wrong hands.

How:

Enterprise Security Back-Up Encryption is a mechanism that encrypts save files. When encryption is activated for a save file, the original object is replaced by an encrypted object of the same name. The encrypted object cannot be used either on or off the system until unencrypted in Enterprise Security. When a save file is encrypted, additional objects are created for the purpose of decrypting and restoring the original file. Backups and high availability definitions will need to be reviewed and possibly adapted to include the encryption objects created.
The Object Registry Manager acts as the main screen of the Object Encryption Module, on which the objects to be encrypted are specified. The screen contains any registry entries already created.
Click the picture to view screenshot

Benefits:

User Friendly. The encryption's management console is a GUI-based module that has been fully integrated into the Enterprise Security product, simplifying operation by using a familiar and intuitive interface.
5 Steps to Encrypt:
  • Define at least one master key.
  • Define at least one data key.
  • Add an object registry. This defines encryption for a specific save file.
  • Start back-up encryption for the file.
  • When no longer required, stop back-up encryption for the file.
Master Key. The master key is an encrypted string based on a user-entered or automatically generated text string. It is used in the encryption algorithm of the data key, which is in turn used for encrypting and decrypting the chosen file. At least one master key is required and there is no limit to the number that may be defined. One master key can serve any number of data keys.
Data Key. The date key is an encrypted string, based on a user-entered or automatically generated text string, in combination with a specified master key. It is used in the encryption algorithm of the data field. At least one data key is required and there is no limit to the number that may be defined. One data key can serve any number of object registries.
Object Registry.  Add the save file, the data key, and select the encryption algorithm for the object.
Click the picture to view screenshot
Choice of Algorithms. Organizations have a large variety of algorithms to choose from. Security officers have standards such as TDES 8, TDES 16, TDES 24, DES, AES 128, AES 192 or AES 256 at their disposal.
  • Symmetric key algorithms use the same key to both encrypt and decrypt data. These algorithms are usually faster than asymmetric key algorithms and are used to encrypt large blocks of data. These algorithms include DES, TripleDES, RC5, and AES.
  • Asymmetric key algorithms call for two encryption keys: one is used to encrypt the data and the other is used to decrypt the data. It doesn’t matter which does the encrypting and decrypting; it’s just that you can’t use one key for both encrypting and decrypting the data. These algorithms are usually used for authentication. Asymmetric key algorithm types include RSA and Elliptic Curve.
  • Hash algorithms create a result that cannot be decrypted. They are usually used to compare two values and to make sure that they are the same. MD5 and SHA-1 are two examples of hash algorithms.
High Availability Compatibility. Back-Up Encryption works in high availability environments without any special measures being taken. HA backup databases will be identical to the production system and will contain the master and data keys needed to encrypt and decrypt the data.
Key Management. The product offers flexible key management. It is based on two-tier encryption requiring master keys in order to generate data keys. This ensures strict seperation between those who generate the keys and those who use them. As an dditional measure of security, Enforcive can encrypt each key used to manage the encyrption algorithm.
Full Audit Capabilities. The start and end operations are all logged in the Central Audit at the beginning and end of the process.
Click the picture to view screenshot
Click the picture to view screenshot
*Note: Data Key location can be local or remote.
Starting and Ending Encryption. Starting encryption on the file can only be done if it’s not currently encrypted. To start encryption of the file, select the appropriate registry entry and click “Start Encryption”. A confirmation window is displayed from which you can submit the encryption job immediately or schedule it for a later time. Ending of encryption can only be done if the registry item is currently encrypted. To end encryption of the file, select the appropriate registry entry and click “End Encryption”
Want to learn more?