There are some good presentations on SHARE about this. The point about backups is that the backups are made of the encrypted file, by personnel and software that do *not* have the access to the decryption key. That allows admins & sysprogs to manage storage & such without having the ability to actually read the data. And any copies or backups are secure.
Users & systems that do have the authorization to decrypt and access the data are responsible for not compromising that access. That's no different with pervasive encryption. Making unencrypted copies would pretty much destroy the usefulness of pervasive encryption. So presumably (hopefully) you have other controls to stop users from doing that. Anyway, it's a piece of the puzzle. sas ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN