Certainly you can encrypt VSAM data. What you'd be doing is protecting against the possibility that someone forklifts your IBM, EMC, and/or Hitachi DASD out of your data center. Make sure your security guards serve coffee and donuts to make the thieves more comfortable while they're doing that, OK? :-)
Are those data copied anywhere? Like somebody's notebook computer (which will be stolen) or a distributed server (which will be infected by a worm that'll broadcast the info somewhere else, a la CardSystems)? Those are more urgent "worry points." Quite honestly a lot of businesses are going to have to consider their entire data handling strategies (or lack thereof) to solve this problem. And a gigantic part of the answer will be data recentralization. I would point you to two IBM statements of direction, by the way, from July 27th. IBM said two things publicly: (1) IBM will ship a new z/OS product in 2005 for encryption, and it will use ICSF (and thus hardware crypto assist); (2) IBM plans to incorporate encryption capabilities directly into its TotalStorage products. (Insert standard disclaimers here.) I can think of another possibility. If you were to move the data into DB2 you've got two options: DB2's own encryption (which is excellent for field-level) and the DB2/IMS Encryption Tool (which is excellent for row-level and table-level). There's a great article in the August z/OS "Hot Topics" newsletter, published online by IBM, which discusses DB2 encryption. To get VSAM into DB2 without changing your application code you can use something called VSAM Transparency. That recipe is another way to do this, and it will be of primary interest to those shops with a direction to move data into DB2 (to better support continuous online operations, for example, or to provide improved access via things like JDBC). Sometimes you can do very well from a workload point of view if you're able to take advantage of things like DB2 V8's materialized query tables. I posted a pretty complete list of encryption products to IBM-MAIN a few weeks ago, so be sure to look at that in the archives. Hope that helps. - - - - - Timothy F. Sipples Consulting Enterprise Software Architect IBM Americas zSeries/z9 Software NEW Phone: +1 312 529 1612 E-Mail: [EMAIL PROTECTED] (PGP key available.) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
