Would it be practical to implement encryption at the Media Manager layer, key label and access rule definitions maintained in the SMS dataclass, similar to the way it's done in the distributed environment by the IBM Encryption Expert product. Basically, that product installs a shim in the kernel just above the I/O driver level and transparent to the application does the encrypt/decrypt operations. An appliance serves the keys and access rules to the affected servers, and from the sounds of things the product supports common OS and file systems in the distributed world.
Storage based encryption is regarded as a secondary control, locally, which is a whole different conversation. The attraction to a MM level encryption scheme is that however we built our indices we can encrypt anything we need to without app changes. Layered on top of hardware encryption and with rules around what is encrypted or decrypted and whether utilities can perform it (think IDCAMS can't decrypt a cluster if some programmer repros it...) we have a solid case to convince just about any regulator we're secure. Enlighten me as to my naivete on the technical aspects of such a scheme. Operating Systems and Connectivity Engineering 518-436-6433 Email Classification: KeyCorp Public </pre> This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for which you are receiving the information. 127 Public Square, Cleveland, OH 44114 <pre> If you prefer not to receive future e-mail offers for products or services from Key send an e-mail to mailto:dnereque...@key.com with 'No Promotional E-mails' in the SUBJECT line. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html