iCan Blog Archive

Asset protection is not the most exciting topic for technologists. Modern data processing falls into two basic camps:

  1. Transaction processing – the heartbeat of the business
  2. Analytics – gaining insights to guide and transform the business 

Both endeavors are challenging and require a skilled, dedicated IT staff to guarantee sustained success. Most of the people working in these fields are wired to be curious and creative. They need to explore, discern, study and conquer oceans of data. They can observe cryptic details and conclude cause-and-effect outcomes that would impress Sherlock Holmes Dr. Watson.

A third camp has entrenched itself in IT shops – Data security, governance and compliance.

By its definition, data security provides no tangible benefit to a company. Whether mandated by a government, industry or by corporate executives, data security will consume IT resources (both human and computing). What does this investment yield?


While it is certainly true that database security has existed as long as anyone cares to remember, the business requirements have changed dramatically.  

Here’s my start list of what those requirements might include: 

a)    Sensitive data can be seen only by those who have a legitimate business need. Defining “sensitive data” is becoming more complex every day. While everyone likes to talk about credit card numbers, the topic of sensitive data classification is not simple.

b)    The business has the means to monitor database activity.

c)     The business has roles and duties defined, making it possible to demonstrate compliance for any given set of monitored actions.

d)    All of the above will occur without disrupting normal business activity.

If you are tasked with making these conflicting requirements a reality for your business, you need to have a data security strategy.  

Don’t have a strategy? It’s time to invest in one and IBM can help.

If you have a strategy, are you meeting the requirements or falling short? It’s time to review it and IBM can help.

How Can IBM Help You?

  1. Technology. IBM i 7.2 includes new capabilities for securing business-critical data with something called Row and Column Access Control (RCAC). RCAC is powerful, but just one of several data-centric technologies to consider using.
  2. Consulting. IBM i customers are fortunate to have the Db2 for i Center of Excellency (CoE) at their disposal.

Where Should I Start?

The CoE team has produced an RCAC Redpaper that should be considered required reading. My advice is to read the Redpaper and give Mike a call.

Row and Column Access Control support in Db2 for i

This blog is written by Scott Forste. Scott is the Db2 for i Business Architect, SQL Development team leader and IBM i developerWorks content manager. In addition to his development roles, he is a frequently published author on SQL and database topics. He has worked for IBM for more than 25 years, working primarily on IBM i. Scott can be reached by email at forstie@us.ibm.com or followed on Twitter at @Forstie_IBMi, where he is trying to mix Db2 for i, business and social.

This blog post was originally published on IBMSystemsMag.com and is reproduced here by permission of IBM Systems Media.