And the major reason, it easy and allmost cost nothing. I have a client in the us that encrypted almost anything /(short block sizes are not supported). He claims that on z14 box cpu is almost the same.
ITschak בתאריך יום א׳, 4 באוג׳ 2019, 19:51, מאת Lennie Dymoke-Bradshaw < lenni...@rsmpartners.com>: > Cameron, > > I missed this post the other day and I see many others have replied. > > My first reason for PE for data sets is that encryption protects the data > when it is accessed outside of its normal environment (i.e. not via the > data's normal RACF environment). So this includes removable backups which > are accessed away from your normal system. It covers data extracted over > PPRC links while being transferred to another site. It also covers > situations where production volumes may be accessed from development LPARs > or sysprog LPARs. This last case is something I find at many sites. It is > frequently justified in the name of availability. I think if it was widely > understood by auditors, they would be raising a stink about it. > > My second reason is for compliance, whether that is to support GDPR, PCI > or whatever standard your installation is subject to. I have always hoped > that money spent on that compliance will actually improve security. > > You may be interested in my paper on the backup of encrypted data. > https://rsmpartners.com/News.Data-Backups-&-PE-Technical-Paper.html > > Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd > > Email: lenni...@rsmpartners.com > Web: www.rsmpartners.com > ‘Dance like no one is watching. Encrypt like everyone is.’ > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf > Of Cameron Conacher > Sent: 03 August 2019 17:49 > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: [IBM-MAIN] Pervasive Encryption - why? > > Hello everyone, > I have a curiousity question about Pervasive Encryption. > If we are already protecting resources with RACF, what additional benefit > do we get from Pervasive Encryption? I think it is a good idea, since > encrypted data lets me sleep better. Pervasive Encryption appears to be > very simple to implement. > My understanding (which may be incorrect) is that RACF will be used to > control encryption key access based on dataset profile rules and RACF rules. > If a RACF ID does not have access to the encryption keys then they cannot > access the dataset. > But at the same time, if a RACF ID does not have access to the dataset, > they cannot access it. > > So, if the underlying file is encrypted, what addition security is in > place? > Maybe if someone breaks into the data centre and steals the disk drives? > > If a hacker gets a RACF ID, and the RACF ID allows them to access the > dataset, then they can read the data. > But, isn't that where we are today? No RACF ID = no access. > > Obviously I am missing something here. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
