Data Processing

Encryption of data in motion

In order to protect all personal data being exchanged to the Informix server, it is recommended that the customer encrypt the communication to and from Informix by implementing secure communications using Transport Layer Security (TLS). For more information, refer to Data Encryption. Similarly, secure communications should also be considered in an HADR environment where personal data may appear in the transaction logs flowing between the primary and standby databases.

Encryption of data at rest

In order to protect database files, transaction logs, and backups while they are at rest on external storage media, it is recommended that this data be encrypted. For more information, refer to ( Data Encryption).

Encryption key ownership

If Informix native encryption is chosen as the method to protect at rest data, encryption keys will be generated by Informix and used to encrypt the user data. The keys can be stored in a keystore external to Informix. The keystore is protected by a password which is stored in a stash file. The customer is responsible for the protection of the keystore and stash file.