Field Encryption on the IBM i just got easier. SQL Field Procedures are a new DB2 feature in version 7.1 that allows a user-specified "exit" program to be called whenever data is read from, inserted into, or updated in a field (column). This is somewhat similar to database column triggers; however there are two distinct advantages:
- Field Procedures allow data to be modified on a Read operation, which allows the exit program to automatically decrypt the field value before it is returned to the customer's application.
- Field Procedures provide a separate internal space to store the encrypted version of the field value. This allows organizations to encrypt numeric fields such as packed decimal, signed decimal and integer data types without having to store the encrypted values in a separate file.
While IBM provided the hooks into the database with Field Procedures, they rely on 3rd party vendors like us to provide the encryption functions and key management. We worked closely with IBM to test the new Field Procedures and provide feedback to their development team during the early release beta program for 7.1. This also allowed us sufficient time to fully integrate Field Procedures into Crypto Complete for readiness when i 7.1 ships.
We're excited about Field Procedures since it will allow customers to implement column-level encryption on the IBM i without modifying their applications. This is especially important if a customer is running a canned application and/or does not want to modify their source code.