Clark Morris writes: >A couple of years ago, disk drives were stolen from an IBM outsourcing >centre here in Canada. I believe they were from a box attached to a >mainframe. With the advent of the actual disk drives for a mainframe >being the same size as those for a PC, it becomes a lot easier. There >was speculation that the drive(s?) was/were taken for use in a PC.
Spindle theft is a possibility, yes. Good point. Nowadays, theft of a spindle that might contain any unencrypted personally identifiable information would trigger a number of involuntary actions. Just as one tiny example, if the company has any business in California there's a legal obligation to report the theft and to notify consumers who might be affected, along with taking certain other steps. Which consumers? Well, usually all of them, because you probably cannot figure out which records were ever on that spindle dating back to its first write. And if you notify consumers (and the government) in California, the newspapers also get the news, and now it's a national and possibly international story. Which means you get to call in your PR crisis management team, hire a bunch of outside security experts to help you "encrypt everything," pay at least for credit protection services for all the consumers.... Let's just say it's not a happy time. And, just to top it off, your company is immortalized here: http://www.privacyrights.org/ar/ChronDataBreaches.htm I can't find it now, but I seem to remember reading in some reasonably authoritative place that the average security breach costs about US $4.5M to remediate. (There's a long upward tail in the distribution of those costs. It's not a Bell curve.) The money numbers are very big (and growing) on that side of the ledger. I do think one of the big answers to this problem, as an architectural pattern, is information re-centralization. That is, if you scatter PII all over the planet, it is inherently much more difficult to control access and prevent improper disclosures. You learned this lesson in elementary school, no doubt. Is it easier for one school child or 20 to keep a secret? Gartner, for example, suggests that's exactly what many IT organizations are doing: shutting down the dozens or hundreds of little data stores that got out of control (literally) and merging them back onto large, well managed, better secured information systems. - - - - - Timothy Sipples IBM Consulting Enterprise Software Architect Specializing in Software Architectures Related to System z Based in Tokyo, Serving IBM Japan and IBM Asia-Pacific E-Mail: [EMAIL PROTECTED] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
