Phil, One area where PE encryption, as implemented on z is where it is used together with compression.
The horse must go in front of the cart, meaning compression must happen before encryption, because it will be ineffective if you do it after. It is a simple but important part of the implementation of data at rest, but with PE extending to data in flight, I think it will have impacts on line compression effectiveness. While field-level encryption, given the small window, is less effective and perhaps more costly than PE, I see PE on z being a less disruptive technique where compression and encryption are sure to be performed in the right sequence. Ron RON HAWKINS Director, Ipsicsopt Pty Ltd (ACN: 627 705 971) m+61 400029610| t: +1 4085625415 | f: +1 4087912585 -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Phil Smith III Sent: Tuesday, 6 August 2019 04:06 To: [email protected] Subject: Re: [IBM-MAIN] Pervasive Encryption - why? ITschak Mugzach wrote: >PE is much cheaper, CPU wise, than a field level encryption as it use >bulk >encryption. encrypting field by field is much more expensive and affect >elapse as well. Of course. That's part of the attraction. Yes, field-level is more expensive. It's also more secure. And with format-preserving data protection, you often don't need to decrypt to do processing, so it can be essentially free for many use cases. >I believe that what IBM is doing is to make the mainframe a file server. >and this is the correct way to use the data. Don't move the entire >dataset/database outside the mainframe and the ESM domain, but ask for >the >data you need at the record and key levels. much like any other >file/database server is used. Also a fine idea. But that's not how IBM pushes the encryption, nor how people use it (yet?). >PE is not for those who have access to the data, from the local domain, >but >to protect the access to data by other terms (shared dasd, backup, etc.). Again, sure, but that isn't how IBM pushes it, nor how people think it will protect them. That's the real problem: people think it solves problems it doesn't. .phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
