Scott, Has your Storage Vendor ever replaced a failed or failing drive? Do you know where that drive is now?
I know of several customer that purchase and stored their failed drives because they cannot be erased using commercial software once they stop working. I also know of one customer that has an annual "bash and burn" session. A normal DASD init does not securely overwrite data on the disk drive. It is no longer easy to read, but neither is it completely masked. Writing over a track on disk is like driving over someone else's tire tracks - you never completely cover up the first set of tracks unless you drive over them a few times. Secure Erasure is built into the latest HDS controllers, or you can use software like the FDR/ERASE. However, that doesn’t protect data on replaced drives, hence the requests by customers for vendors to look at encryption of data at rest. Ron > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of > Eric Bielefeld > Sent: Tuesday, February 10, 2009 11:31 AM > To: [email protected] > Subject: Re: [IBM-MAIN] Crypto-DASD? > > Scott, > > I still can't see why if you have a box in your datacenter, that will never > leave your datacenter until after its useful life is over, should be > encrypted. How are you going to access that data accept by the z/OS operating > system? That's why we have security systems. When the box is done, and you > sell it or scrap it, you can always initialize all the disks. > > I asked my boss at P&H Mining if he wanted me to init all the disks, or if he > just wanted to let Hitachi do the initialize they do whenever a box is sold, > and he said just let Hitachi do it. There was sensitive data in many files, > but I highly doubt if anyone could have recovered any of it after it was > initialized by Hitachi. This was when P&H shut down z/OS for good. > > I can see the value of encrypting data on PC hard drives, after all of the > problems people have had with stolen PCs with sensitive data on them, but > mainframe dasd? I just can't see it, or any regulations requiring it. > > Eric > > -- > Eric Bielefeld > Systems Programmer > Washington University > St Louis, Missouri > 314-935-3418 > > ---- "Scott T. Harder" <[email protected]> wrote: ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
