To protect against unauthorized access to data on disk, InterSystems IRIS for Health™ provides managed key encryption, a suite of technologies that protect data at rest.
Managed Key Encryption: Protecting Data on Disk provides an overview of the major concepts and tasks for encrypting data.
First Look: Database Encryption offers a quick introduction to database encryption, as well as an exercise that shows it in use.
Learn about encryption
InterSystems IRIS supports a number of interrelated encryption features for data at rest:
Block-level database encryption, also known simply as database encryption — A set of tools to allow creation and management of databases in which all the data is encrypted.
InterSystems IRIS database encryption also includes support for encrypted journal files, encrypted audit logs, FIPS 140–2 compliant cryptography, and re-keying databases.
You can manage encrypted databases through the Management Portal and command-line utilities.
Data-element encryption for applications, also known simply as data-element encryption — A programmatic interface so that applications can include code to encrypt and decrypt individual data elements (such as particular class properties) as they are stored and retrieved.
Encryption key management — A set of tools in the Management Portal for creating and managing data-encryption keys, for managing keys stored in key files, and for managing keys stored on a key management interface protocol (KMIP) server. You can manage keys through the Management Portal and command-line utilities.