60 The Business Value of DB2 UDB for z/OS
The next statement produces the correct results with a large impact on
performance.
SELECT COUNT(*) WHERE DECRYPT_CHAR(COL) <:HV;
3.5.2 IBM Data Encryption for IMS and DB2 Databases
Are you the person responsible for protecting your company’s sensitive IMS and
DB2 data? Are you investigating how to comply with security legislation in such
industries as health care and finance?
If so, IBM Data Encryption for IMS and DB2 Databases is the tool you need. It
provides you with a data encryption tool for both IMS and DB2 for z/OS
databases in a single product. It enables you to protect your sensitive and private
data for IMS at the segment level and for DB2 at the table level
This tool performs row level encryption using EDITPROCs. Unlike the DB2
encryption functions shipped with DB2, the Data Encryption Tool uses different
keys to encrypt different tables. The encryption keys can be either
clear, such as
the DB2 encryption functions, or
secure. Plus they are managed through ICSF.
Clear keys generally perform better. The tool also supports single, double, or
triple DES. Again, refer to IBM Eserver zSeries 990 (z990) Cryptography
Implementation, SG24-7070, to learn more about the clear and secure keys.
You can find more information about the IBM Data Encryption for IMS and DB2
Databases by visiting the Web at:
http://www.ibm.com/software/data/db2imstools/db2tools/ibmencrypt.html
The IBM Data Encryption for IMS and DB2 Databases tool supports all versions
of DB2, and it encrypts only the whole row. No application changes are required.
However you must modify the DDL to include the EDITPROC. The applications
need not be aware of encryption keys.
3.5.3 Summary
Encryption enables you to leverage the power of SANs safely while complying
with privacy and security regulations. The IBM Data Encryption for IMS and DB2
Databases tool is implemented via standard IMS and DB2 exits. The exit code
invokes the zSeries crypto hardware to encrypt data for storage and decrypt data
for application use. The tool can help you save the time and effort required to
write and maintain your own encryption software for use with such exits or within
your applications.
With the increased demand for data privacy and security, the need for data
encryption has moved to the forefront of technology concerns. In todays on

Get The Business Value of DB2 UDB for z/OS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.