Thursday, November 7, 2019

Control your database encryption keys for Db2 on Cloud

Db2 master key managed by IBM Cloud Key Protect
Since Db2 10.5 I have blogged a couple of times about the native database encryption built into Db2. Today, I want to show you how easy it is to take control of the database encryption keys for Db2 on Cloud. All Db2 database on IBM Cloud are encrypted by default, but with a system encryption key. You can increase data security even further by using your own encryption key (BYOK - bring your own key). Want to know how? Read on...

Friday, October 18, 2019

My passwordless app on IBM Cloud thanks to FIDO2

Passwordless login for cloud app
In my recent post I discussed how I could use a FIDO2 dongle as second factor for an app on IBM Cloud. Today, I want to give you an update because I managed to go passwordless. With the latest October update Cloud Identity started to offer passwordless login with either FIDO2 or QR code (using the IBM Verify app). I put that to a quick test for my secure file storage app. Here is what I did to go passwordless.

Monday, October 7, 2019

Quick notes on using FIDO2 security keys on Linux

Using FIDO2 keys for 2FA
Most of you know that I am using a Linux laptop. Thus, experimenting with FIDO2 hardware security keys as discussed in the earlier blog post requires some extra setup. But fortunately, most steps are documented somewhere and can be easily found. Here is my writeup for my own benefit...

Using your FIDO2 key for 2FA on IBM Cloud apps

Architecture: End-to-end security
Last week I read the blog on how to protect cloud apps with App ID by using the IBM Cloud Identity user directory. That blog discusses how to configure IBM Cloud Identity as SAML-based identity source for IBM Cloud App ID. Because Cloud Identity supports FIDO2 devices for second factor authentication (2FA) as beta feature, I wanted to test how easy it is to use my USB FIDO2 devices for securing my web apps. For that purpose I picked the app from the solution tutorial discussing end-to-end security for an application on IBM Cloud. App ID is part of the solution architecture (see the diagram).