DB2 10 Security Encryption Improvements

DB2 10 Encryption and Masking

In addition to the introduction of ROLES with DB2 10 there are also a number of other security improvements that are also introduced with the new release. The first ones that are going to be a big hit with everyone are the encryption and masking of data. These two features within DB2 10 provide an easy efficient way to quickly guard information from view and provide an extra layer of security for any type of data.

Encryption is especially important for the many big systems that have medical, financial or PII type table column information. DB2 10 for z/OS handles the majority of the financial systems, credit card systems and other critical high security environments and encryption is a long overdue feature. The new DB2 10 encryption replaces the old method of using DB2 edit procedures or field procedures with the Integrated Cryptographic Service Facility (ICSF) and uses a triple DES encryption algorithm supported by full processing within the chips of the new z10 hardware.

DB2 10 Encryption Is Easy

The encryption process is easy and simple to implement. When the table and column(s) are defined for encryption, DB2 requires an encryption password and if desired, an associated hint for getting back the data. When the password is provided within the retrieval SQL through the DECRYPT_BIT, DECRYPT_CHAR, DECRYPT_DB functions, the data becomes available to the application.

Special attention needs to be taken for performance considerations with encryption since it transforms the data into encrypted binary data. This encrypted binary data can have an indexed defined on it but automatically becomes a Stage 2 predicate within SQL retrievals that require internal decryption. Some encryption situations can become a performance concern since DB2 may need to internally decrypt and evaluate the data before returning it to the application. This internal evaluation of the encrypted data column can cause Stage 2 application access or when there is data range checking it may cause a table space scan. Make sure to test your encryption practices before running into these types of application performance issues.

Over all DB2 10 encryption provides better performance than previous edit procedure practices, is a welcome extra layer of protection and it is built in for easy use within any application. When your security people are happy, the DB2 administrators, application developers and CEOs know they have an application system they can all trust.


Here’s a list with links to other posts that may help you improve your DB2 performance, security, and ease-of-use:

5 More DB2 SQL Performance Tips
Another 5 More DB2 SQL Performance Tips
5 Big Data SQL Performance Tips – Fixing Generated SQL
DB2 11 SQL Performance Improvements
5 More SQL Performance Tips for your Big Data
Hadoop SQL: 4 Reasons Why BigInsights Is the Best
Vital Java DB2 SQL Performance Considerations
More DB2 Family Security Best Practices Part 7: Preventing SQL Injection
DB2 SQL Security Audits


Dave Beulke is a system strategist, application architect, and performance expert specializing in Big Data, data warehouses, and high performance internet business solutions. He is an IBM Gold Consultant, Information Champion, President of DAMA-NCR, former President of International DB2 User Group, and frequent speaker at national and international conferences. His architectures, designs, and performance tuning techniques help organization better leverage their information assets, saving millions in processing costs. Follow him on Twitter here (@DBeulke) or connect through LinkedIn here (https://www.linkedin.com/in/davebeulke).

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>