Data Governance, Mandates and More, Oh My! DB2 for i Data Security and Compliance Considerations

March 16, 2016
| |
3 min read

Data governance encompasses all the technologies and processes you need to secure business critical data. Customers, governments and industries are designating more and more data as critical. As the volume and variety of critical data increases, you may feel like Dorothy on her way to Oz: Skipping down the Yellow Brick Road, picking up companions that have complementary skills to help you manage (or govern) data.

I work on DB2 for i, which is the integrated database that is the heart and soul of the IBM i platform, formerly known as iSeries, System i, AS/400 and other names. My day begins and ends with all things database. That may strike you as a sad proposition, but in actuality, it’s a great life because I get to help clients achieve their goals and satisfy mandates.

What’s a Database Mandate?

More and more, IBM i clients are being told they have to comply with requirements to:

  • Limit, mask and/or encrypt access to data;
  • Track the actions of highly privileged users;
  • Track all changes to specific tables;
  • Detect attempts to circumvent authorization;
  • Recognize the proliferation of sensitive data; and
  • Demonstrate and measure the continual efforts to govern the data center.

IBM Security Guardium can be used to satisfy many of these important database mandates for IBM i clients.

My on-demand Guardium tech talk includes an explanation of how Guardium technologies such as Database Activity Monitor (DAM), Vulnerability Assessment and Classifier can help IBM i clients meet compliance and data governance requirements. They can also protect against insider threats, cybercriminals and other bad actors, all while integrating with the broader security infrastructure.

Using Technologies to Achieve Compliance

Database activity monitoring is a very strong solution for satisfying DB2 for i monitoring requirements. DAM is integrated with DB2 for i and can be used in production environments where client expectations are sky-high.

A simple example would be to show how DAM can be used to capture instances where entire tables are being copied. As shown below, we can see that DAM can capture both SQL and command line techniques for copying tables.

Another strength of DAM with DB2 for i is its comprehensive SQL capture, including host variables and parameter marker values, which are known as bind variable values in Guardium lingo.

Figure 2 below shows an example of the execution of an UPDATE statement. DAM serves up the essential forensic data, making it possible and easy to analyze the activity, determine when an incident has occurred and identify the scope of impact.

Learn More About Guardium Security Options

If you’ve read this far, you should consider watching the on-demand Guardium tech talk to hear more about your options for IBM i data governance using Guardium. There will also be more opportunities to learn more at security conferences slated for this year.

Scott Forstie
DB2 for i Business Architect, IBM

Scott Forstie is a Senior Technical Staff Member at IBM. He is the DB2 for i Business Architect, working on all things related to the database on IBM i. He i...
read more