Cameron, I missed this post the other day and I see many others have replied.
My first reason for PE for data sets is that encryption protects the data when it is accessed outside of its normal environment (i.e. not via the data's normal RACF environment). So this includes removable backups which are accessed away from your normal system. It covers data extracted over PPRC links while being transferred to another site. It also covers situations where production volumes may be accessed from development LPARs or sysprog LPARs. This last case is something I find at many sites. It is frequently justified in the name of availability. I think if it was widely understood by auditors, they would be raising a stink about it. My second reason is for compliance, whether that is to support GDPR, PCI or whatever standard your installation is subject to. I have always hoped that money spent on that compliance will actually improve security. You may be interested in my paper on the backup of encrypted data. https://rsmpartners.com/News.Data-Backups-&-PE-Technical-Paper.html Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd Email: lenni...@rsmpartners.com Web: www.rsmpartners.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Cameron Conacher Sent: 03 August 2019 17:49 To: IBM-MAIN@LISTSERV.UA.EDU Subject: [IBM-MAIN] Pervasive Encryption - why? Hello everyone, I have a curiousity question about Pervasive Encryption. If we are already protecting resources with RACF, what additional benefit do we get from Pervasive Encryption? I think it is a good idea, since encrypted data lets me sleep better. Pervasive Encryption appears to be very simple to implement. My understanding (which may be incorrect) is that RACF will be used to control encryption key access based on dataset profile rules and RACF rules. If a RACF ID does not have access to the encryption keys then they cannot access the dataset. But at the same time, if a RACF ID does not have access to the dataset, they cannot access it. So, if the underlying file is encrypted, what addition security is in place? Maybe if someone breaks into the data centre and steals the disk drives? If a hacker gets a RACF ID, and the RACF ID allows them to access the dataset, then they can read the data. But, isn't that where we are today? No RACF ID = no access. Obviously I am missing something here. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN