Thank you all for the suggestions and comments. First I 'll try to explain the reasoning behind my request.
1. Encryption of 'Data In Rest' is a requirement by local PCI regulation 2. Encryption of 'Data In Rest' is just one step (in probably of many) of data protection required by this regulation 3. Field encryption by DB2 is good solution but it does not covers files or reports (sysouts) which require another solution 4. Disk encryption is probaly the best and simple solution for encryption of 'Data In Rest' , but (there always are some buts) If you do not have disks which are encryption enable you have to buy them, it might be expensive So we thought that in order to comply with the regulation requirements we'll use (if exist) some device which encrypt/decrypt the data going/coming from the disks. Anyway, thanks again, Arye Shemer. On 20 July 2013 13:46, R.S. <r.skoru...@bremultibank.com.pl> wrote: > W dniu 2013-07-20 09:12, Ron Hawkins pisze: > > Radoslaw, >> >> I agree with your question up to a point. Encryption of data at rest >> covers >> most of the disk related scenarios to do with data protection. It >> especially >> makes my favorite soapbox of erasing disks with multiple overwrites a >> redundant task. >> >> But it is not encryption of data in flight. Data on the channel, in cache, >> and transmitted from cache to cache by remote copy products is not >> encrypted >> by controllers that support encryption of data at rest. >> > Well, I haven't considered encryption of the (FICON) network, simply > assumed the server room is safe enough. For remote copy see below > > I don't have any problem with field, record or file level encryption, but >> there is a downside if you are doing remote copy over a network, as it >> encrypted data usually compresses very poorly. It's not a problem for >> everyone. >> > 100% agreed. > > Arye, Decru used to provide encryption devices for SCSI on Fibre Channel, >> but I don't know if they ever extended that support to FICON. >> > DWDM solutions provide encryption, despite of the protocol used (FICON, > SCSI-FC, Eth). Of course at the second end of DWDM it is again decrypted. > > > > -- > Radoslaw Skorupka > Lodz, Poland > > > > > > > -- > Tre tej wiadomo ci mo e zawiera informacje prawnie chronione Banku > przeznaczone wy cznie do u ytku s u bowego adresata. Odbiorc mo e by > jedynie jej adresat z wy czeniem dost pu osób trzecich. Je eli nie jeste > adresatem niniejszej wiadomo ci lub pracownikiem upowa nionym do jej > przekazania adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, > rozprowadzanie lub inne dzia anie o podobnym charakterze jest prawnie > zabronione i mo e by karalne. Je eli otrzyma e t wiadomo omy kowo, > prosimy niezw ocznie zawiadomi nadawc wysy aj c odpowied oraz trwale > usun t wiadomo w czaj c w to wszelkie jej kopie wydrukowane lub > zapisane na dysku. > > This e-mail may contain legally privileged information of the Bank and is > intended solely for business use of the addressee. This e-mail may only be > received by the addressee and may not be disclosed to any third parties. If > you are not the intended addressee of this e-mail or the employee > authorised to forward it to the addressee, be advised that any > dissemination, copying, distribution or any other similar activity is > legally prohibited and may be punishable. If you received this e-mail by > mistake please advise the sender immediately by using the reply facility in > your e-mail software and delete permanently this e-mail including any > copies of it either printed or saved to hard drive. > BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, > fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl > S d Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego > Rejestru S dowego, nr rejestru przedsi biorców KRS 0000025237, NIP: > 526-021-50-88. Wed ug stanu na dzie 01.01.2013 r. kapita zak adowy BRE > Banku SA (w ca o ci wp acony) wynosi 168.555.904 z otych. > > > > ------------------------------**------------------------------**---------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN