Yeah for as funny as that sounds about taking off of an entire unit I seem to remember a post some years ago with somebody rolling off a disc and mainframe out of an Australian data center maybe?
Rob On Tue, May 10, 2022, 01:58 Timothy Sipples <[email protected]> wrote: > Echoing some other comments, there’s security merit in having redundant > external key managers with your IBM DS8000 systems (external to the storage > device). As IBM explains, the Local Key Manager won’t protect the drives if > someone manages to grab the whole IBM DS8000 unit — a law enforcement > agency, co-location data center owner, invading army, etc. — regardless of > whether your servers are up or down. Anything on the storage device that > can be read will be readable in that event. And “grab” doesn’t really mean > “cart away.” > > An external key manager allows for some separation of duties. For example, > storage administrators can be responsible for the IBM DS8000 systems while > your security organization is responsible for the EKMs. If the security > team shuts down the EKMs then the DS8000 systems cannot (re)start up and > come online. In other words, at least two people in this equation have to > be involved in providing (or at least maintaining) access to storage. > > EKMs can also provide services to other devices and environments. For > example, IBM Security Guardium Key Lifecycle Manager not only provides key > management services for IBM DS8000 and other IBM/non-IBM storage devices, > it also provides KMS to VMware environments (as a notable example). > > I’m not arguing the LKM is “bad.” It’s convenient, and that counts. It > provides some security, really for addressing the risks of individual drive > thefts and storage retirement. (Remove the keys and the encrypted drives > are safe to transfer/repurpose/sell.) But having EKMs is more secure by > design because they address those risks and a few more. However, if you’ve > implemented comprehensive z/OS Data Set Encryption (and Linux > dm-crypt/LUKS2 and/or Spectrum Scale encryption) then I think the LKM could > be reasonable even with demanding security requirements. > > Yes, IBM recommends having a redundant pair of EKMs. But they don’t > necessarily have to be your “on premises” EKMs. In fact, one fairly popular > pattern now is to have one “primary” EKM on your premises and an alternate > running in IBM Cloud Hyper Protect. > > — — — — — > Timothy Sipples > Senior Architect > Digital Assets, Industry Solutions, and Cyber Security > IBM zSystems and LinuxONE > [email protected] > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
