Hi Raj, Thank you. I think we are not concerned about security during transmission as we are only using secure transport protocols SFTP or Connect:Direct. Only concern is data at rest issue.
So, if we encrypt as first step of receiving file, what does persistence override will do? Is there any article or examples?
1) Ask producer to send encrypted file - > Transfer through MFT as it is - > Ask consumer to decrypt ( In this case, data at rest is also secure) but we can't go in this option as it impact our customers to make changes - So not a good option
2) Per IBM article. encrypt data a rest --> Seems okay, but people having access to SFG UI, can see plain data - Semi Okay
3) ???
Thanks
------------------------------
Srini Parise
------------------------------
Original Message:
Sent: Tue September 22, 2020 11:52 AM
From: Rajasekhar Muthamsetty
Subject: Secure NACHA files at REST
If we just need to transfer files from one point to another, we can consider data encryption at processing/motion. But in other cases where we would like to read content, if we keep it encrypted it might not help.
You can try this - Encrypt the document on the first step, and override its persistence level might help.
------------------------------
Rajasekhar Muthamsetty
Original Message:
Sent: Fri September 18, 2020 09:29 AM
From: Matthew Hasselman
Subject: Secure NACHA files at REST
Hi Srini,
I have tested the document encryption using what you laid out in the IBM article on our development system https://www.ibm.com/support/knowledgecenter/en/SS3JSW_5.2.0/com.ibm.help.security.doc/SI_DocEncryptOverview.html.
What I found is you are still able to view documents through the UI, but if you attempted to see the documents through another method such as windows explorer or putty using sftp they would be encrypted and you would not be able to read them.
This also will put a significant load on your server hardware.
------------------------------
Matthew Hasselman
Original Message:
Sent: Fri September 18, 2020 08:58 AM
From: Srini Parise
Subject: Secure NACHA files at REST
Thank you . As you said, if producer sending files to encrypt and consumers to decrypt is option but it will be a big impact and time consuming process.
Does any one look at this article and tried?
https://www.ibm.com/support/knowledgecenter/en/SS3JSW_5.2.0/com.ibm.help.security.doc/SI_DocEncryptOverview.html
Thank you
------------------------------
Srini Parise
Original Message:
Sent: Thu September 17, 2020 10:33 PM
From: Rajasekhar Muthamsetty
Subject: Secure NACHA files at REST
Hi Srini,
I guess you are looking for encryption of data in motion/flow, I believe when data is written to a persistent disk i.e. filesystem or database is considered as data at rest. B2Bi/SI support securing documents at the File system and/or DB.
Based on my understanding, it can be achieved through exchanging encrypted documents with trading partners. Or having a solution built on top of SI with the help of a user exists, to encrypt documents before putting into Mailbox (receiving documents), in case of outbound documents we might need to do decryption per receivers requirement. But, again if the document is decrypted in SI it's visible in Process data.
------------------------------
Rajasekhar Muthamsetty
Original Message:
Sent: Thu September 17, 2020 10:42 AM
From: Srini Parise
Subject: Secure NACHA files at REST
Team,
We had a requirement to secure NACHA files containing bank information , at Rest. Currently any one having access to SFG can view process data and look into document and view plain contents. Does any one implemented any solution to secure those files at rest? One option is to PGP encrypt the producer file and consumer to decrypt. Are there any other solution, to secure with out asking the partners to make changes on their side? Thanks
------------------------------
Srini Parise
------------------------------
#SupplyChain
#B2BIntegration