Cameron Conacher asked about the value of PE, and various folks provided good answers. (Note that Im using the Pervasive Encryption term in the sense that IBM did when it was first introduced: the whole-data set encryption on z/OS. More recently theyve expanded it to mean the entire IBM encryption strategy, which is still developing and not particularly integrated yet; Camerons question seemed to be entirely about the former, as were the replies.)
Id add to those replies that this kind of transparent encryption is obviously appealing because of its ease of implementation and low overhead, but that beyond the specific use cases cited, it provides very little protection. While the SAF-level control provides a semblance of role-based access, it doesnt really, because its not granular: theres no control within a data set. And that also means theres no real opportunity to alert on or throttle access based on usage patterns (UBA/UEBA <https://en.wikipedia.org/wiki/User_behavior_analytics/> ). Its also platform-specific, so when data has to be moved across platforms, it must be decrypted and (hopefully!) re-encrypted, which is both expensive and risky: those egress points provide huge attack surface. GDPR and friends are all nascent in their interpretation. I find it very difficult to believe that one/three/five/whatever years from now, any of them will accept transparent encryption as an acceptable means of data protection, for the reasons above. PCI DSS (which is far more mature) has made it clear that transparent encryption is not the answer, and the security community agrees. Note that Im not suggesting that PE is useless, just that its at best a partial solution. We encrypted something is not the same as Were securing stuff. The strongest encryption is field-level, application-level encryption. If its also format-preserving, then you can also have cross-platform protection without having to decrypt/re-encrypt at the boundary. Thats a pretty big win, for a number of reasons. Disclosure: Ive spent the last 11½ years on such a product, at Voltage and then HP/HPE/Micro Focus after acquisition. So Im not exactly un-biased. When considering encryption, the question Id ask myself is, Do I feel lucky? no, wait, thats wrong. I mean, What are the real threats Im concerned about? Is it someone stealing a backup? Stealing a disk from an array? Sniffing the data on the wire between the array and the CEC? A rogue storage admin? Yay, PE will solve those. An actual breach? A rogue employee besides a storage admin? Data that gets copied to the distributed world without proper protection? PE wont help with any of those, Im afraid. Cameron also noted: >I am just trying to find that corner case where someone you don't want to >have access, could possibly be able to gain access to the data when the >file is already protected with RACF? This is a trenchant observation. If you look at any attack scenarios besides the ones cited (backups [who doesnt have encrypting tape already??], physical media theft [again, who doesnt have encrypting arrays?], sniffing the data on the wire [the original goal of PE], or a rogue storage admin [another real benefit, albeit one I doubt many folks were losing sleep over]), the encryption really isnt adding anything beyond a second SAF resource protecting the data. In other words, in those scenarios, the encryption is basically irrelevant: either you can read the data set (in which case you get it unencrypted) or you cannot. Same as any other SAF use case. My biggest concern about PE is that folks hear encryption and go yay, we do this and were protected AND compliant. And the reality is that you mostly arent. -- ...phsiii Phil Smith III Senior Architect & Product Manager, Mainframe & Enterprise Distinguished Technologist Micro Focus (Voltage) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
