Radoslaw Skorupka wrote: >Data can be both encrypted and deduplicated. >How? >Use FICON encryption.
Yes, that’s called IBM Fibre Channel Endpoint Security. >The channel is encrypted, but the data is decrypted at the CU adapter and then >can be deduplicated and/or compressed. Encrypting the links between the server and the storage system is an improvement. IBM Fibre Channel Endpoint Security prevents interception and exfiltration of data via tapping the SAN — for example, by inserting some nefarious code in a SAN switch that then intercepts data. But anyone/everyone who manages to dump a copy of your data from your storage system (purloin a Point in Time Copy, for example) still gets your data. Actors who are, or who functionally resemble, storage administrators can probably do this. Moreover, it may or may not be sufficient to comply with applicable regulations or standards. Usually it’s not sufficient on its own. >Last, but not least: many installation do not use DSE, encrypted channels, etc. >They simply write data on DASD in unencrypted form. In that case they may want >deduplication/compression. I clearly didn’t rule out that possibility in my answer. I simply highlighted the mounting perils. In some contexts you’re simply not allowed to do what you describe. A regulation or compliance standard doesn’t permit it. With more to come, surely. >Q: does DS8A00 support any of the features? As I mentioned, if you’re storing unencrypted data — you really shouldn’t, but if — you can use the IBM DS8000 series’ Transparent Cloud Tiering functions in conjunction with cloud object storage systems that support deduplication and compression. The IBM TS7700 is a notable example. ————— Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, Asia-Pacific [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
