Well the process was in place well before I ever joined. I am not aware of the history of the strategy except to protect disks in the SAN. I had never considered somebody actually walking in and taking both the SAN disks and the SKLM servers also! That would be a breach. That being said, should we ever think about encryption of data in motion, our new box is a Z14 ZR1 so we could take advantage of the hardware encryption support.
On Mon, Apr 1, 2019 at 3:04 PM Tom Brennan <t...@tombrennansoftware.com> wrote: > On 3/31/2019 6:44 PM, Phil Smith III wrote: > > > > Correct. You're also not really providing any protection beyond the case > of someone walking into the data center and pulling a > > drive. Any compromise of any kind on the system is going to get > cleartext, so the encryption won't help at all. > > If someone walked in they could probably also steal the SKLM server > (with the keys), assuming it's running at the same location. From what > I've seen, the benefit of such encryption is the elimination of having > to zero out the data when shipping or replacing the box, and like you > say, does nothing to protect host access to the data. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
