Scott, I still can't see why if you have a box in your datacenter, that will never leave your datacenter until after its useful life is over, should be encrypted. How are you going to access that data accept by the z/OS operating system? That's why we have security systems. When the box is done, and you sell it or scrap it, you can always initialize all the disks.
I asked my boss at P&H Mining if he wanted me to init all the disks, or if he just wanted to let Hitachi do the initialize they do whenever a box is sold, and he said just let Hitachi do it. There was sensitive data in many files, but I highly doubt if anyone could have recovered any of it after it was initialized by Hitachi. This was when P&H shut down z/OS for good. I can see the value of encrypting data on PC hard drives, after all of the problems people have had with stolen PCs with sensitive data on them, but mainframe dasd? I just can't see it, or any regulations requiring it. Eric -- Eric Bielefeld Systems Programmer Washington University St Louis, Missouri 314-935-3418 ---- "Scott T. Harder" <[email protected]> wrote: > Hi Eric, > > I think the main reason would be to comply with govt. regulations that > say "thow must encrypteth data at rest that contains personal/private > information". Credit card numbers, medical records... the usual stuff. > > > Now it won't help B2B exchange; only situations where a company is > required to encrypt data where it lives. It will automatically be > encrypted and decrypted; I imagine via a symmetric key stored in the > hardware. It could be good, also, for DR situations where data is > mirrored to DASD at the DR site. Not sure why there, because nobody > seems worried about data mirrored to offsite disk, where they are very > worried about tape during transport. But, again, if the requirement is > that the data at rest be encrypted, then that requirement - I would > think - would extend to DR sites, as well. > > I asked the original question only because I had heard that crypto-DASD > was coming next (after the tape hardware encryption, which is obviously > already in the field). I haven't been able to find any information on > the crypto-DASD topic, so I just thought I'd see what the list had > heard. Just fishing. > > Thanks! > Scott > > Scott T. Harder > Tech Support & Product Development > ASPG, Inc. > Ph: 239-649-1548 / Ext. 203 > Fax: 239-649-6391 > General Support Email: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
