Encryption that is Optimized for Performance
Alliance AES/400 encryption APIs are capable of encrypting 1 million credit card numbers in less than one CPU second. They are highly optimized for performance, and perform up to 100X faster than equivalent IBM APIs on the IBM i platform.
Automated Encryption and Decryption on the IBM i
Alliance AES/400 supports the FIELDPROC exit point in the latest release of OS/400, v7r1. Encrypt and decrypt fields that store data such as credit card numbers, SSN, birth dates, address, account numbers and other PII instantly without impacting applications. Alliance AES/400 FIELDPROC support will protect access to the data without changing your database or your applications. There is no need to reformat your database, or expand field sizes.
Easily Control Access to Sensitive Data with Data Masking
Automatically mask all but Last 4 or First 6 characters of credit card and social security numbers on decryption. Replace sensitive names, addresses, phone numbers, and other information with non-sensitive information. For organizations that automatically encrypt data on IBM V7R1, automatic encryption and decryption on the IBM i works for all users and applications. Administrators cannot rely on native IBM i object, or user authorities to control access to encrypted data. AES/400 helps enforce user access control with a built in data masking capability. Security administrators can easily define the users who should have access to all of the data, and then define a default policy that masks critical data for other users.
Meet compliance requirements with NIST compliant AES encryption
Alliance AES/400 is the only NIST compliant AES database encryption solution for IBM i V7R1 & V7R2 (and all supported IBM i releases). AES/400 uses compliant 256-bit AES encryption for FIELDPROC data protection.
Externally Manage Encryption Keys for Regulatory Compliance
Meet PCI and HIPAA/HITECH compliance requirements using Townsend’s FIPS 140-2 compliant encryption key manager. Administrators can enforce separation of duties and maintain dual control over encryption keys and the encrypted data. Key Manager automates all encryption key management processes including key rotation, retrieval and change to save time and money.
Spooled File Report Encryption
Capture and encrypt spooled file reports automatically in real time or on a daily schedule. Encrypted reports are maintained on-line with view and reprint capability. User controls and automation are fully supported.
IFS File Encryption
Encrypt and decrypt files in any IFS directory. Files can be encrypted on the IBM i platform and decrypted on Windows and Linux.
Save File Encryption
Encrypt and decrypt any save file to an on-line archive. Encrypted save files can be moved to off-line storage or transferred to another IBM i platform for decryption.
Encrypt IBM i files to a Windows self-decrypting archive executable program. Self-decrypting archives can be transferred to a Windows user and decrypted without the requirement for additional software. This facility is ideal for the secure distribution of small files.
Compliance logging is integrated into all configuration and key management activities. Encryption and decryption logging can be implemented by policy or at the API level. Full support for IBM Security Audit journal QAUDJRN. Optional Alliance LogAgent product collects all security events for transfer to log collection server or SIEM solution.
Supports Two Factor Authentication
Paired with Alliance Two Factor Authentication, organizations can reduce the security weakness of relying on passwords as their only authentication mechanism. By requiring an additional piece of information delivered to authorized users via SMS text or voice message, organizations can improve security of their sensitive data.
Flexible Licensing Options
With flexible licensing options, including perpetual and subscription licensing, protecting sensitive data on the IBM i has never been easier or more affordable.