Raz-Lee Security


(888) 729-5334 x1

Web Site:


iSecurity Field Encryption

iSecurity Field Encryption allows organizations to fully protect all sensitive data without modifying their software. A change that is done externally without changing the Level-Check of a file (i.e., files remain intact), but is reflected in:

  • Programs, regardless of whether they use SQL or Native IO
  • Any system utility including FTP, Query, DFU
  • DB-Journal

Data encryption is an increasingly essential element of effective computer security systems. It is the final layer of protection for business-critical data from those who managed to pass through other protection techniques that may be in place. Even if the data is accessed, it is entirely meaningless.

In addition, PCI DSS, HIPAA, GDPR and other regulatory bodies require encrypting sensitive parts of the data.

iSecurity Field Encryption is the way to ensure that sensitive data is presented in the way that suits the user and the circumstances. Those who have access to the data will see it in clear text, masked, scrambled or not at all, depending on their access settings.

Data remains encrypted in all circumstances. iSecurity Encryption has been designed with a checks and balances system to prevent CHGPF with SRCFILE option from causing all field procedures to decrypt all the encrypted data in the file. Before being processed, the user or the QSYSOPR must confirm the action. Even when confirmed, an alert is sent as a further measure of security. If the user is not allowed to see the decrypted data, iSecurity Field Encryption stops the process of CHGPF. In addition, an independent "watch-dog" system ensures that encryption of fields is in place.

Finding sensitive data fields is easy. A fully comprehensive system is provided to help discover all sensitive fields. All database fields are considered and the product offers selection aids based on field size, name, text and column headings.

Key features include:
  • Files are never locked; they are available for application use even when encryption keys are refreshed.
  • Supports all types of data: Character, Zoned Decimal, Packed Decimal, Clob and Blob. Supports null-capable data as well as non-null-capable data.
  • Comprehensive Find Sensitive Fields system provides superior quality in finding based on iterations over partial estimation of size, type, name, text, etc.
  • Get trillions of encryption combinations that each can be decrypted to its original value.
  • Works on a wrapper program thus does not require the program source.
  • Optimized for data masking and consumes no CPU for decryption in such cases.
  • Key encrypting keys as well as data keys can be automatically changed, unattended.
  • In a multisite environment, a single key manager can be set to support all sites, centralizing all keys-related activity.
  • Key Manager, Data Manager and Token Manager can optionally be installed on different IBM i LPARs.
  • Supports both encryption and tokenization.
  • Maintains unencrypted sort settings that have been activated prior to encryption.
  • Policy driven security and limitation of capabilities ensures separation of duties.
  • Comprehensive logs for tracing of activities.
  • Full journaling system guarantees that any change in parameters is logged.
  • Uses NIST encryption standards.
  • Adheres to GDPR, PCI DSS and COBIT standards.
  • 128-bit, 192-bit and 256-bit AES encryption supported.
  • Based on IBM native APIs.

Learn More

iSecurity Field Encryption powered by Raz-Lee Security