Tom, One consideration would be the bandwidth cost if you are doing remote copy over long distances. Most network based channel extension uses compression, and the compression rate of encrypted data is usually close to zero.
Ron > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of > Tom Ambros > Sent: Monday, April 25, 2011 6:25 AM > To: [email protected] > Subject: [IBM-MAIN] zOS Media Manager and encryption - practical? > > Would it be practical to implement encryption at the Media Manager layer, > key label and access rule definitions maintained in the SMS dataclass, > similar to the way it's done in the distributed environment by the IBM > Encryption Expert product. Basically, that product installs a shim in the > kernel just above the I/O driver level and transparent to the application > does the encrypt/decrypt operations. An appliance serves the keys and > access rules to the affected servers, and from the sounds of things the > product supports common OS and file systems in the distributed world. > > Storage based encryption is regarded as a secondary control, locally, > which is a whole different conversation. > > The attraction to a MM level encryption scheme is that however we built > our indices we can encrypt anything we need to without app changes. > Layered on top of hardware encryption and with rules around what is > encrypted or decrypted and whether utilities can perform it (think IDCAMS > can't decrypt a cluster if some programmer repros it...) we have a solid > case to convince just about any regulator we're secure. > > Enlighten me as to my naivete on the technical aspects of such a scheme. > > Operating Systems and Connectivity Engineering > 518-436-6433 > > > > Email Classification: KeyCorp Public > </pre> > > This communication may contain privileged and/or confidential information. It > is intended solely for the use of the addressee. If you are not the intended > recipient, you are strictly prohibited from disclosing, copying, distributing > or using any of this information. If you received this communication in error, > please contact the sender immediately and destroy the material in its > entirety, > whether electronic or hard copy. This communication may contain nonpublic > personal > information about consumers subject to the restrictions of the > Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose > such information for any purpose other than to provide the services for which > you are receiving the information. > > 127 Public Square, Cleveland, OH 44114 > > <pre> > > > If you prefer not to receive future e-mail offers for products or services > from Key > send an e-mail to mailto:[email protected] with 'No Promotional E-mails' in > the > SUBJECT line. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
