Phil Smith III wrote: >I think you're missing one of my main points: "Substantial, >real progress" isn't what data set encryption provides. It >provides a LITTLE BIT of protection for a FEW minor attack >vectors.
I disagree. >Read about data-centric protection, note the analysts and >standards bodies saying that container-level protection is >just not very useful. Let's suppose that's what they say. Who among them considers z/OS data sets to be "containers"? Do they know what z/OS data sets are? Data sets are files that contain one or more records. z/OS Data Set Encryption is thus file-level encryption. (File system-level encryption is different.) Which analysts and standards bodies characterize file-level encryption as "just not very useful"? By the way, applications don't generate, process, and control all data. Middleware and systems generate, process, and control a great deal of data too, including sensitive data. Moreover, data importance and sensitivity are often unrelated or only loosely related to application context. Applications (and their owners and users) don't necessarily understand the sensitivity of the data they process any better than, say, storage administrators and DBAs. For an interesting, recent, real world example, see here: https://theintercept.com/2018/01/29/strava-heat-map-fitness-tracker-us-military-base/ Application developers aren't perfect, and some of them are malicious. It wouldn't be wise to rely solely on them to enforce a particular data security posture. All that said, I certainly wouldn't argue that application-level encryption is "just not very useful." ALL levels of the "pyramid" are important. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE -------------------------------------------------------------------------------------------------------- E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN