Data Breach Prevention: Protecting the data at rest using Document Encryption.
ManishaKhond 270004GBQ2 Visits (6909)
Author: Manisha Khond, IBM Cognitive Engagement, Watson Supply Chain.
The business process in Sterling B2B Integrator can store the document or payload in Database, File System or both. In order to safeguard the payload or document itself, you can use the Document Encryption.
Document encryption is a feature provided with IBM Sterling B2B Integrator that allows for the configuration of an additional layer of security beyond the traditional file and database permissions. The feature is to protect the data at rest. If you have integrated wi
What are the security features of document encryption?
The document encryption feature is intended to protect data at rest from snooping. The feature allows you to encrypt the payload data stored in the database and/or the file system. It is also designed to prevent someone outside the system from viewing the payload data by directly accessing the database or file system.
Important aspects of document encryption:
How to implement document encryption?
Q 1> The document encryption certificate has expired. How do I replace with new certificate?
Ans 1> Create a new document encryption certificate. Example: NewDocEncCert
Reference the certificate in cust
Note that the changes will be effective only after restart of IBM Sterling B2B Integrator.
Q 2> If I replace the document encryption certificate with new certificate, can the documents that are encrypted by the old certificate be still retrieved?
Ans 2> As long as you do not delete old document encryption certificate, the documents can still be retrieved.
Q 3> I did not have document encryption on. I want to turn on document encryption now. Does this encrypt the documents that were created before document encryption was on?
The document encr
Q 4> Why does IBM sterling B2B Integrator provide the feature of encrypting the all the documents or only the documents stored on File System or the documents stored on database?
Ans 4> IBM Sterling B2B Integrator can let you store the payload or document on File System or database or both (depends on the global setting and you can overwrite the global setting in individual processing).
If you decide to turn on the document encryption, it is recommended to turn on for all documents (ENC_ALL) that way all the documents are protected. But you have the choice to turn in document encryption for documents stored on File System only or the documents stored on Database only.
Q 5> I want to turn off the document encryption. What is the security risk?
Ans 5> The purpose of turning document encryption is to safeguard the document/payload at rest. If you turn off the document encryption, the document/payload will not be stored in encrypted format and there is a risk of tampering the data at rest.
Q 6> Is there a performance impact with document encryption enabled?