Phil, I don't know anybody arguing against application-based encryption and
hashing. Certainly IBM is all in favor of that (also). Encryption
facilities have been available since the early 1970s, arguably -- certainly
for a long time. Application programmers have been able to code to
encryption APIs for many, many years. Some have, sometimes.
The problem is they haven't done it enough nor done it flawlessly, on any
platform. And I suppose we could all wait another couple decades for that
fact to change.
We -- the whole IT industry -- desperately need better defense in depth.
That's what IBM is doing here, with deep *application transparent*
encryption at scale, with high performance. It's another potent weapon in
the fight to protect businesses and governments. It's not the only weapon,
but it's a very important and unique one. (Or set of weapons, to be more
accurate.)
Yes, please keep pushing developers to add encryption and/or hashing to
their programs. That's well worth doing, and to keep doing. (Encryption
algorithms evolve and improve, so "once and done" probably won't work.) But
these approaches are complementary, not in opposition. And we're living in
a world with tremendous data privacy problems that are getting worse, much
worse. These new defensive weapons are really, really helpful, and they're
easy to implement. The weapons we've had for many years are also helpful,
although we have a great deal of evidence now that they aren't being
implemented as rapidly and comprehensively as necessary.
We really need to make sure that as few people as possible still think that
single "perimeter" defense ("us versus them") works in the real world, or
that "double encryption" (or triple encryption, or...) is "bad" and
unnecessary. Nothing could be further from the truth! Effective data
defenses must be multilayered. Yes, that means "double" (or more!)
encrypting data, but each time with a different purpose (and key). Field,
row, index, dataset, paging, coupling, volume, network (incl. SAN), storage
devices, etc., etc. -- they all have a role. If an infiltrator can somehow
penetrate one layer of defense in this hierarchy, it's not nearly enough
for a successful attack.
--------------------------------------------------------------------------------------------------------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: [email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
