If you lose a computer tape and it falls into the wrong hands, how safe is the data on the tape? Can anyone with a little knowledge restore the data? Is your OS/400 or i5/OS data excluded from this concern? Are there rules and legislation that require you to report lost tapes, and are there fines associated with this? The answers are: not very safe, yes, no, and yes.
It's scary to think that your OS/400 data is not safe once it's put on tape, but the reality is that anyone with another OS/400 system can restore any of your tapes. All anyone needs to access your data is a little OS/400 background. Anyone with *ALLOBJ or Save/Restore authority on another system can take one of your business data tapes and restore your data.
Recently, privacy laws and legislation like the Sarbanes-Oxley act, Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry (PCI) Compliance Initiative have forced companies to take notice of this issue. Several companies already have been fined as a result of lost business data on tapes. You don't want to be the next IT professional responsible for losing business data.
What Can You Do?
Number One: Invest in cryptographic hardware that resides between the operating system and your backup device. These solutions provide encryption at the hardware level as the data is placed on tape. One drawback is that you need the same hardware at your hot site or anywhere else where you might need to restore the data. In addition, hardware encryption can be a very expensive solution, and it impacts the speed of your backups. And it requires all data to be encrypted. IBM does provide some hardware solutions. See the IBM Information Center for more information.
Number Two: Use APIs to encrypt the data in save files and save them to tape. This may sound easy, but you need to build a solution for managing the encryption keys used to unlock the data. Do you have enough time to build the elaborate system your security auditors require? This solution also impacts the speed of saves and can consume large amounts of disk space. See the IBM Information Center and search on Cryptography.
Number Three: Deploy the new Robot/SAVE Version 11 as a standard for encrypting your i5/OS and OS/400 business data. No programming is necessary to develop your plan for protecting your critical business data. Robot/SAVE supports AES 128 or 256, and DES encryption, along with granular backups. The system administrator defines the desired encryption level at system setup (see Figure 1).
Figure 1: Define the level of encryption at system setup. (Click images to enlarge.)
Robot/SAVE provides great flexibility as to what can be encrypted. Its setup panels let you establish the libraries or objects to be encrypted as they're saved to your desired media (see Figure 2).
Figure 2: Save encryption is optional at the object level.
At a hot site, just restore the operating system and Robot/SAVE and you're ready to go. Robot/SAVE decrypts the data for you—automatically. If necessary, a special subset of the Robot/SAVE restore commands allows you to restore encrypted data on another system that doesn't have Robot/SAVE installed. (In this case, you must know the encryption key to decrypt the data.)
Robot/SAVE to the Rescue
As many of our customers have learned, Robot/SAVE helps you take the final step toward data security. Whether you need data encryption for competitive or legal reasons, give Robot/SAVE a 30-day free trial. You won't be disappointed. Learn more about Robot/SAVE by clicking here. And check out Help/Systems' other offerings in the MC Showcase Buyer's Guide.
Tom Huntington is Vice President of Technical Services for Help/Systems, Inc. He can be reached at 952.563.1606 or at
LATEST COMMENTS
MC Press Online