Bruce Black wrote:
[...]
Encryption is most often used for data going offsite. But so many
installations are using remote mirroring (PPRC, SRDF, XRC, etc) that a
lot of "live" data is also going offsite. It would still require
someone to have access to the remote control unit (logical or physical
access) but there is a good chance that access is not controlled as
strictly as at your home data center. If it is at a commercial DR site,
with other clients coming in all the time to run tests, can the DR
vendor guarantee that no other customer can access your data? So
remote mirroring is a good argument for encrypting important data on disk.
One term I have heard lately: encrypting "data at rest", meaning that
data on disk or tape is encrpypted, and only decrypted when it is in use
by a program.
IMHO encrypting "data at rest" is
1. overkill
2. waste of resources - definitely not all of the data need to be encrypted
3. rarely used.
Instead of encryption, "traditional protection means are taken, like
physical security of devices and Resource Access Control (Facility).
Probably more popular approach is to encrypt *some* data, the most
sensitive, like PINs, passwords, etc. Probably some of them can be
encrypted using one-way methods. Data format (VSAM, DB2 table, PS file)
has very little to do with, since "encrypted" records do not differ from
"unencrypted" ones - in terms of access method, etc.
IMHO such encryption is quite common in banks, card systems, and others.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
