On Fri, 12 Apr 2024 at 12:22, Jousma, David < 000001a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote:
> [...] > I personally am still having a hard time wrapping my head around the “real > benefit” of dataset encryption. Everyone who has READ or more access to > the dataset, must also be permitted to the Key. Those same people are > still able to copy/print/steal that data. So who does that leave? > Those that are not permitted to the dataset, and those who administer the > storage. Those that don’t have access to the dataset aren’t going to get > the data, encrypted or not. Those who administer the storage usually have > access to move/manage the installations data. These are the people who > dataset encryption is protecting against. That is a very small population > to go to this effort on. > I think this is analogous to "Why do airline pilots have to go through security at the airport? After all, we trust them with our lives when they're flying the plane." And of course the answer is that the security check is applied to everyone because it catches people who *look* like airline pilots and are carrying a bomb. Or are real pilots under duress because someone's got their child, etc. etc. etc. Yes, storage administrators are a small population, but their credentials can be compromised as much as anyone else's, and then you're not dealing with rogue storage admins but with criminal (or goverment or whatever) actors. And storage admins (or their credentials) may well make a better target than those of application users because the admins have much broader access to data. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN