Jon Butler wrote: >Someone has to fix data problems! Well yes, and might that be the specific authorized end user within his/her data scope? "Radical notion," I know, but let's think this through at least a bit. What "data problems" are we talking about?
One classic approach is to enforce a "missile silo" regime where there are at least two separate entities involved in gaining access to sensitive data (on hopefully rare occasions), each holding half the key/password. A third entity (the launch commander?) typically watches/supervises to make sure the protocols are followed. Hashing is another useful tool provided it's used correctly and effectively. (Ashley Madison allegedly hashed some of their data, but allegedly they picked a weak hashing algorithm.) Does "everybody" on this list allow individual DBAs access to the organization's sensitive personal data? Do they even *want* to have such access (and awesome responsibility, and career ending risk)? Yes, I know, practically an hour doesn't pass without yet another horrific security breach -- or news that the previously announced breach is even worse than originally feared (e.g. OMB, fingerprints). But isn't that all the more reason why we ought to be raising the bar and questioning status quo practices? There are reasonable solutions, and many of them involve just using more and better what you've already got (mainframes). -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
