> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of SUBSCRIBE IBM-MAIN Niall > Sent: Friday, 1 February 2008 10:16 AM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Re: Data Erasure Products > < SNIP > > But none of these anecdotes answer my question: would you > feel happy after, for instance, a DR test, to know that the > DASD you used contained only encrypted data and that the > VTOC's had been overwritten? More importantly, would this > ensure compliance with the standards required? > > I ask because ther seems to be a couple of contradictory > issues involved: in some jurisdictions a standard of > encryption is considered to be a requirement when sending > data offsite, be it over the wires or in some other portable > format. In other words, the authorities accept that once it > has been encrypted and adeqaute care is taken over key > exchange, then you have fulfilled the requiremnts to protect > your data. Yet deleted data seems to require another standard > - or does it? > > In the same vein, if you are decommisioning DASD, or removing > yourself from a hot-site, would encrypting your data be > adequate both to satisy compliancy requirements and to make > you feel comfortable yourelves? I assume the re-init at the > least of the volumes afterwards, of course. Even the entries > of a VTOC could be valuable. > < SNIP >
Your idea would appear to have some merit but I am not aware of any facility to be able to encrypt data in-place (I may be wrong) and from my knowledge, it's usually the case that the data is to be read through an encryption facility, apply an encryption key and then write out the encrypted data. Therefore, I can't see how you could conceivably encrypt existing data in-place. If using a software encryption tool, there is usually a high price to pay in terms of CPU cycles to undertake the encryption process and to try and encrypt an entire volume could prove fairly costly, time-wise at the completion of a DR exercise. Compare the time to encrypt in the manner you are suggesting to a software product that is quoted as being able to erase 3 Terrabytes of data in less than 2 hours. By the way, the folks on this list would probably appreciate it if you could sign your posts. Stephen Mednick Marketing & Support Manager Computer Supervisory Services Tel: +61 (2) 9665 1104 Fax: +61 (2) 9665 7382 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html