Thank you Tim, would you be able to share any info about #2 here.. ? - KB
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, September 8, 2020 10:27 AM, Timothy Sipples <[email protected]> wrote: > Kekronbekron wrote: > > > Thinking about it ... it would be far simpler (than anti-ransomware > > capability in storage, or lock-all behaviour) if there were a RACF > > HealthChecker that looks for abnormal enc/dec activity. What 'normal' > > is can be learnt from a year's worth of actual enc/dec-related SMF > > data. > > There are tools with capabilities like the ones you're describing. > > I have a couple comments: > > 1. There are some excellent ransomware (and similar non-ransomware > disaster scenario) defenses available based on "out of band" controls and > lockouts. IBM DS8000 SafeGuarded Copy is one such example, a really > important one that's the foundation for some other valuable resiliency > capabilities. However, I have worked with some organizations that still > (also) want to maintain total physical and electronic (wired, wireless) > separation for certain data. You can achieve total separation in a few > ways, such as physical tape cartridges (usually WORM, preferably > encrypted) ejected from tape libraries and vaulted "afar." Of course the > costs include elongated Recovery Point Objectives (RPOs) and Recovery Time > Objectives (RTOs), but in some cases the costs are tolerable or at least > tolerated. > > You cannot really keep data completely, absolutely separate if you care > about retrieving it. You can only maintain separation with at least one > adjective added, such as "physically and electronically separate storage > media," which is not the same as "storage media separated from all > possible human contact." The Voyager space probes, I think it's fair to > say, will "never" be vulnerable to human contact. They contain tape drives > and tape media, and they are currently electronically connected via NASA's > Deep Space Network. > > Anyway, it depends on what you're trying to accomplish, but lots of > options are available, not necessarily mutually exclusive. > > 2. If you need secure software build and deployment processes (yes, you > do), I suggest contacting my employer. IBM has some super exciting new > capabilities in this area, very cutting edge. They're grounded in > mainframe technologies, whether in your data center, in the public cloud, > or both. Mainframes often pioneer new capabilities that didn't exist in > the entire industry. Here, too, that's what's happening. > > Ransomware is one clearcut demonstration that it doesn't particularly > matter how terrific your data-focused defenses are if you have compromised > applications, for it's applications -- program code -- that process(es) > data. So you've got to approach security challenges holistically. > > > Timothy Sipples > I.T. Architect Executive > Digital Asset & Other Industry Solutions > IBM Z & LinuxONE > > E-Mail: [email protected] > > --------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
