Townsend Security Data Privacy Blog

FIELDPROC Encryption Performance Impacts on the IBM i

Posted by Luke Probasco on Dec 6, 2011 11:09:00 AM

FIELDPROC encryptionNow that IBM i 7.1 has been available for over a year, more and more companies are finally adopting the latest OS.  It is a great release and we encourage your organization to upgrade.  As a data privacy company, the main reason we are excited about this release is because it finally allowed us to bring you automatic encryption – encryption with no application changesThe days of modifying your applications to meet compliance regulations (PCI DSS, HIPAA/HITECH, GLBA/FFIEC, etc.) are over.  If this sounds to good to be true, read on.

With the introduction of the FIELDPROC exit point, IBM i administrators now have something similar to what Microsoft SQL and Oracle users have had for some time.  FIELDPROC allows you to implement encryption without changing your applications.  As we attend industry events, one of the top questions we get asked is “Great!  What are the performance impacts?”  This is where the answer is “Depends.”

Any time you are doing encryption in a database environment, there are considerations about performance.  With FIELDPROC, you really have to pay attention to this question because it is an automatic facility and every time a row or record in the database is accessed, the FIELDPROC program is going to get called to do encryption or decryption.  For example, if you have 10 million records in a table and you read that entire table, you are going to make 10 million calls to a FIELDPROC program to do decryption – even if you aren’t using that particular field.  We have heard horror stories from people who have implemented poor FIELDPROC solutions and were not aware about how important investing in a proven encryption solution is.  We are very happy with the performance of our FIELDPROC solution. 

Our FIELDPROC solution uses our own NIST-certified AES encryption libraries (which is very important in many compliance requirements).  They are very highly-optimized, very fast, and have clocked in at under one second for 1 million encryptions (for more details on these tests, listen to our podcast on the topic). And as you know, the encryption library is only half of the encryption process.  The other part is encryption key management.  We have an encryption key management appliance that is FIPS 140-2 certified (again, important for meeting compliance regulations) and implements best practices for encryption key management.  Aside from your server, these components are the two things that effect encryption performance of FIELDPROC the most.

Listen to our podcast “IBM i FIELDPROC Performance: Speed Matters” for more information on encryption performance with FIELDPROC on IBM i 7.1

FIELDPROC Performance Podcast

Topics: Encryption, Performance, FIELDPROC