The protective side of data security is only half technical. The other half is GDPR (General Data Protection Regulation), a set of controls that spell out Draconian penalties for any entity that allows--or presides over--a data breach affecting EU citizens. The hair-raising penalties are more or less forgiven if the stolen data is encrypted. There is no consideration in the regulations for software or hardware security mechanisms such as SAF (RACF, ACF2, TSS) . That makes pervasive encryption hugely valuable. If data is breached, it will be presumably useless to the perpetrator. You can't hire enough lawyers to equal that advantage.
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Matt Hogstrom Sent: Saturday, August 3, 2019 10:25 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Pervasive Encryption - why? One use case is backups. If someone can access a backup outside of the controls the system it resides on employs they could not compromise the data. Consider potential data services that host backups offsite for instance. Your protecting your data while entrusting someone with ensuring its available That’s a strong use case I think Matt Hogstrom +1 (919) 656-0564 > On Aug 3, 2019, at 12:48, Cameron Conacher <conac...@gmail.com> wrote: > > Hello everyone, > I have a curiousity question about Pervasive Encryption. > If we are already protecting resources with RACF, what additional > benefit do we get from Pervasive Encryption? I think it is a good > idea, since encrypted data lets me sleep better. Pervasive Encryption > appears to be very simple to implement. > My understanding (which may be incorrect) is that RACF will be used to > control encryption key access based on dataset profile rules and RACF rules. > If a RACF ID does not have access to the encryption keys then they > cannot access the dataset. > But at the same time, if a RACF ID does not have access to the > dataset, they cannot access it. > > So, if the underlying file is encrypted, what addition security is in place? > Maybe if someone breaks into the data centre and steals the disk drives? > > If a hacker gets a RACF ID, and the RACF ID allows them to access the > dataset, then they can read the data. > But, isn't that where we are today? No RACF ID = no access. > > Obviously I am missing something here. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN