And I want to reiterate. For almost no cost, you can steer your company away from potentially disastrous litigation. Why would any management refuse that offer?
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of ITschak Mugzach Sent: Sunday, August 4, 2019 11:50 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Pervasive Encryption - why? And the major reason, it easy and allmost cost nothing. I have a client in the us that encrypted almost anything /(short block sizes are not supported). He claims that on z14 box cpu is almost the same. ITschak בתאריך יום א׳, 4 באוג׳ 2019, 19:51, מאת Lennie Dymoke-Bradshaw < lenni...@rsmpartners.com>: > Cameron, > > I missed this post the other day and I see many others have replied. > > My first reason for PE for data sets is that encryption protects the > data when it is accessed outside of its normal environment (i.e. not > via the data's normal RACF environment). So this includes removable > backups which are accessed away from your normal system. It covers > data extracted over PPRC links while being transferred to another > site. It also covers situations where production volumes may be > accessed from development LPARs or sysprog LPARs. This last case is > something I find at many sites. It is frequently justified in the name > of availability. I think if it was widely understood by auditors, they would > be raising a stink about it. > > My second reason is for compliance, whether that is to support GDPR, > PCI or whatever standard your installation is subject to. I have > always hoped that money spent on that compliance will actually improve > security. > > You may be interested in my paper on the backup of encrypted data. > https://rsmpartners.com/News.Data-Backups-&-PE-Technical-Paper.html > > Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd > > Email: lenni...@rsmpartners.com > Web: www.rsmpartners.com > ‘Dance like no one is watching. Encrypt like everyone is.’ > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On > Behalf Of Cameron Conacher > Sent: 03 August 2019 17:49 > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: [IBM-MAIN] Pervasive Encryption - why? > > Hello everyone, > I have a curiousity question about Pervasive Encryption. > If we are already protecting resources with RACF, what additional > benefit do we get from Pervasive Encryption? I think it is a good > idea, since encrypted data lets me sleep better. Pervasive Encryption > appears to be very simple to implement. > My understanding (which may be incorrect) is that RACF will be used to > control encryption key access based on dataset profile rules and RACF rules. > If a RACF ID does not have access to the encryption keys then they > cannot access the dataset. > But at the same time, if a RACF ID does not have access to the > dataset, they cannot access it. > > So, if the underlying file is encrypted, what addition security is in > place? > Maybe if someone breaks into the data centre and steals the disk drives? > > If a hacker gets a RACF ID, and the RACF ID allows them to access the > dataset, then they can read the data. > But, isn't that where we are today? No RACF ID = no access. > > Obviously I am missing something here. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
