Administration
Overview
The goal of deploying CDP is to retrofit existing databases so that security can be provided by encrypting and decrypting the data flowing into and out of databases. Deployment starts with encrypting existing databases - a process called data migration.
Data migration is the process of encrypting existing column(s). It also involves altering existing tables so that they can store the resulting ciphertext, and creating views and triggers so that existing applications can seamlessly and automatically encrypt new data and request decrypted data when needed.
CDP ensures various levels of security to protect your data from unauthorized users. Once the data is migrated, users and applications must have permission to send a request from the database to the Key Manager and they must have permission to access the encryption key. If either of these conditions is not met, then the sensitive data is not accessed.
How it Works
Consider an online retailer that stores sensitive customer data in plaintext in its database. The retailer’s applications write customer information, such as credit card numbers, directly to a database and read the plaintext values when needed. The data is stored in plaintext on the database for anyone to access.
To secure the data, the retailer installs CDP and migrates the data. Now, when an authorized application wants to write a credit card number to an encrypted column, CDP automatically sends the credit card number to the CipherTrust Manager for encryption. The CipherTrust Manager encrypts the value and returns the resulting ciphertext. The database writes the ciphertext to the column.
Supported Environments
CDP for DB2 is a Java based solution, which means it will work with most operating systems. It just requires the database Java package to be installed and be available to the database. However, not all operating system versions are explicitly validated and listed.
Windows 2003 32bit
Windows 2008, 2008 R2
RHEL6 32-bit
RHEL7 64-bit
SUSE 11 64-bit
AIX 6.1, 7.1 PowerPC64
Solaris 11 SPARC64
HPUX 11.31 IA 64-bit
Supported DB2 Versions
CDP for DB2 supports all versions of DB2 starting 9.7 to 11.5.
Supported JDKs
CDP for DB2 supports the IBM JDK 1.6 and above versions.