> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Jeffrey Deaver > Sent: Thursday, January 18, 2007 6:44 PM > To: [email protected] > Subject: Re: Decoding the encryption puzzle > > >I wouldn't encrypt data within a datacenter. The only data that gets > >encrypted around here is data that goes out the door. Internal tapes are > >not encrypted. > > >If one level of backup are in your automated tape library, in a data > center > >with card-key access in a building with armed guards on all entrances who > >inspect packages coming in AND going out, then I don't think you need to > >encrypt that data. > > Its too easy for one of those 'secure' tapes to walk out the door with a > disgruntled employee. And when the audit turns up a tape missing - its > not > going to care how or where it went - only that its missing and not > encrypted. More than once I've read notices from companies announcing > breaches where they state that they are '99% sure its in a landfill, > but...'. And while that may be true and the data is more than likely > safe, > the damage to the reputation is already done, and the cost to notify is > real. > > For my money, if it >can< be carried out, its going to be encrypted. > > Jeffrey Deaver, Engineer
My favorite management quote, "We have never had an undetected security breach." There are US government publications describing so-called "best practices" for securing data and managing keys, which also describe themselves as "evolving documents". That is, they are still inventing the processes and updating the publications as new ideas are introduced. If your datacenter is highly secure, that means both physical security and data security (encrypted). Data is accessible only through a trusted server that authenticates the user's security permissions (e.g., RACF security label of the data and of the user). Permission to access clear data is distinct from permission to access encrypted data (usually for archival/restore purposes). Permission to read-only is distinct from permission to read-write. The front-end application never sees both encrypted and clear data at the same time; it's managed within a secure boundary of a trusted server. Jeffrey D. Smith Principal Product Architect Farsight Systems Corporation 700 KEN PRATT BLVD. #204-159 LONGMONT, CO 80501-6452 303-774-9381 direct 303-484-6170 FAX http://www.farsight-systems.com/ see my résumé at my website ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
