Russell Witt wrote: >While I completely agree with Glenn that there are many ways to >move data to the cloud, the one that thing that keeps getting left >out is ENCRYPTION. To believe that "encryption at rest" or >"encryption in transit" is enough is completely wrong and >short-sighted. Look at what has happened to MicroSoft's own >SharePoint. While "encryption at rest" might be sufficient for >family photo albums, it should never be assumed to be sufficient >for Corporate Mainframe data.
With you so far! >IBM has been pushing Pervasive Encryption for years now, which >means encrypting the data at-home with an application specific >encryption key (so payroll and warehouse don't use the same >encryption key). That's z/OS Data Set Encryption, specifically. z/OS Data Set Encryption is a feature of the base z/OS operating system, included and supported at no additional charge. z/OS Data Set Encryption doesn't require application-specific encryption keys, although that's a great idea. >This needs to be done on all MF Data being stored in the cloud >as well. Currently, CA 1 Flexible Storage is the only way to encrypt >your tape date AS it is being created. So, you can move the data to >the cloud with the safety of knowing it was encrypted at home (with >the keys stored in your Mainframe CKDS database) before it leaves >home. I'm not sure what you mean here. Glenn specifically mentioned IBM Cloud Tape Connector for z/OS. Cloud Tape Connector for z/OS has supported server-side AES-256 encryption since November 11, 2018 (Version 2.1's general availability date). Cloud Tape Connector for z/OS is available separately as IBM Program Number 5698-ABM or as part of the IBM Z Advanced Storage Management Suite (IBM Program No. 5698-BT1). As another example, DFSMSdss DUMP has supported host-based encryption for a long time; I think it's been at least 20 years. ————— Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, Asia-Pacific [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
