Wednesday, July 28, 2021

Password expiration and vacation planning

Ready for vacation: Passwords
The months of July and August are typical vacation times. Many people work with (at least mental) packing list to prepare for some time off. On my list are passwords. I can relax knowing that no password will expire when I am away. The reason is that for some systems it is a big hassle to reset expired password or accounts. Thus, I prepare accounts for vacation.

Monday, July 26, 2021

How to connect from Python to Db2


One of the recurring questions I have seen is "how to connect from Python to Db2". I have blogged about Python and Db2 a couple times before. Recently, the question has been popping up again more frequently. From my view, the increased security with mandatory SSL/TLS encryption and the use of Python-based Jupyter notebooks for data science and AI / ML projects are the drivers behind that increase. Moreover, there is Db2 on-premises and the Db2 on Cloud / Db2 Warehouse on Cloud plus container-based offerings. Today, I am trying to sort this out and answer that question. Again.... :)

Tuesday, July 20, 2021

Cloud Security: BYOK vs. KYOK explained

Keep and bring your own key
When talking about cloud security and key management systems (KMS) for data encryption, we often hear the terms BYOK and KYOK. But what do they mean and what is the difference? Let me try to explain in this quick write-up. BYOK stands for "bring your own key" and refers to the ability to import an existing - your own - encryption root key into a (cloud-based) key management system.

Monday, July 12, 2021

Cloud-based HSM with PKCS #11 for Db2 Native Encryption

Manage your encryption keys
When using Db2 databases, there are a different ways to encrypt the stored data (data at rest). One of them is to use the built-in feature, Db2 native encryption. It supports three kinds of keystores, a local keystore file or centralized key management systems (KMS) based on KMIP or PKCS #11 protocols.

Today, I want to point you to a tutorial in the IBM Cloud documentation. It discusses using Hyper Protect Crypto Services PKCS #11 for Db2 native encryption.